Course Agenda

Agenda

 

Day 1 - Wednesday 23rd October

We begin Day 1 with a discussion of what risk management should enable an organization to do. What are the goals of risk management? How does the risk management process work? After this, we'll explore traditional/qualitative risk management methods and identify why they are sub-optimal. From there, we will begin our exploration of FAIR by aligning on a common lexicon of risk, discussing foundational concepts of quantitative analysis, and learning about calibrated estimation. We will conclude the day by learning the components of the FAIR model itself.

09:00

Registration and refreshments

09:30

Introduction

  • Goals of risk management
  • How qualitative analysis fails
  • What is FAIR?
  • How is FAIR different from qualitative methods?
  • What additional value does it bring?
  • The Risk Management Stack
  • Example analyses

11:00

Morning break

11:30

Flaws of Qualitative Analysis

  • Subjectivity/Differing interpretations
  • Theory of Levels of Measurement
  • Illogical conclusions drawn from heat maps
  • False precision/undeclared uncertainty
  • Defining the requirements for risk analysis methods

13:00

Lunch

14:00

Fundamental Concepts of Quantitative Risk Analysis

  • Accuracy vs. precision
  • Prediction vs. possibility vs. probability
  • Objectivity vs. subjectivity
  • Making estimates for the FAIR Model
  • Calibrated Estimation instruction and activities
  • Variable decomposition
  • Monte Carlo Simulation

15:30

Afternoon break

16:00

Example Analysis: Ransomware

  • Six forms of loss
  • Interpreting the results of FAIR analysis
  • Categorizing controls according to the OpenFAIR Standard
  • Accounting for controls in FAIR analysis
  • Building a business case for control investment

17:30

End of day one

 

Day 2 - Thursday 24th October

Day 2 extends your knowledge of the FAIR model and how to use it to conduct quantitative risk analyses. We will discuss Monte Carlo simulation, a high-level overview of the risk analysis sub-process, and the role controls play in a FAIR-based analysis. We'll conclude the day with three case studies that will allow you to practice applying FAIR to real-life situations using the RiskLens software platform.

09:00

Refreshments

09:30

The Risk Analysis Process

  • Scoping scenarios for analysis
  • Collecting data and estimates
  • Conducting quality assurance
  • Presenting results, including histograms and loss exceedance curves

11:00

Morning break

11:30

Class Case Study Activity

13:00

Lunch

14:00

Small Group/Individual Case Study Activity

15:30

Afternoon break

16:00

Information on OpenFAIR Certification Exam

17:30

End of course