Information security and risk management professionals make business-critical tactical and strategic decisions every day. Those decisions should in a cost-effective way based on an understanding of the probability/likelihood and impact/magnitude of harm. So, how are we to do that? Does it look like 1-5 rating scales or red/yellow/green heat maps? Is that the best way to cost-effectively manage our limited resources in light of the risks we face? And just what is “risk,” anyway? Different standards provide different definitions, models, calculations, and frameworks — there has to be a better way.
The Factor Analysis of Information Risk (FAIR) model and methods are recognized as an Informative Reference to the NIST CSF, adopted as an international standard for risk analysis by The Open Group, aligned to ISO 31000 and other standards, and backed by a worldwide network of risk researchers, managers, and analysts in the FAIR Institute. FAIR helps provide clarity on the risks you face so you can most cost-effectively manage them.
Risk analysts and managers in government and some of the world’s most successful companies are applying FAIR to: Assess cyber and operational risk in financial and probabilistic terms; Prioritize remediation efforts based on business impact; Justify security investments and demonstrate ROI; Communicate with their peers and leaders about loss scenarios and their associated risk directly and effectively.
In this course you’ll learn the basics of quantitative risk analysis with FAIR. You’ll see what’s possible when you’re equipped with a logical, repeatable, defensible model for analyzing risk in financial and probabilistic terms. High/medium/low or 1-5 ratings and subjective heat maps aren’t sufficient to inform efficient and cost-effective risk management decisions. FAIR offers “a more scientific approach to estimating likelihood and impact of consequences (…) to better prioritize risks and to prepare more accurate risk exposure forecasts.” (NISTIR 8286)
By the end of the course all participants will apply their knowledge by performing actual risk analysis using the non-commercial educational FAIR-U application. Upon the completion of the course, participants will receive a Certificate of Completion from RiskLens with 16 CPEs as well as a voucher that covers the cost of the OpenFAIR Level 1 Certification Exam. (Vouchers are sent on Tuesdays and Fridays, or the next business day in case of holiday, etc.) Please note that online course access is valid for 1 year after purchase.
After you complete your purchase login information will automatically be sent to the email address you use at checkout.
The course features over 2 hours of video content, 20+ content and additional resource documents, a 181-page workbook to accompany the entire course, 18 activities, 4 example analyses, 2 case studies to further your learning, and a Discussion Board where you can interact with other learners and expert facilitators from the RiskLens Academy.