FAIR Fundamentals (commercial and Gov): FAIR (Factor Analysis of Information Risk) training by RiskLens provides instruction on leveraging the only internationally recognized (The OpenGroup) and non-proprietary risk quantification standard. Join the FAIR community comprised of 40%+ of Fortune 1000 and 25% of Global 2000 companies today!
Public sector information security and risk management professionals make mission-critical tactical and strategic decisions every day. FISMA, EO 13800, NIST CSF, NIST 800-37, 800-39, and many other standards and frameworks direct agencies to make those decisions in a cost-effective way based on an understanding of the probability/likelihood and impact/magnitude of harm.
So, how are agencies to do that? Does it look like 1-5 rating scales or red/yellow/green heat maps? Is that the best way to cost-effectively manage our limited resources in light of the risks we face? And just what is “risk” anyway? Different standards provide different definitions, models, calculations, and frameworks — there has to be a better way. Exactly how to meet these requirements is largely left up to the various agencies and auditing authorities are mainly concerned that the work gets done, not how it gets done.
The Factor Analysis of Information Risk (FAIR) model and methods are recognized as an Informative Reference to the NIST CSF, aligned to ISO 31000 and other standards, and backed by a worldwide network of risk researchers, managers, and analysts in the FAIR Institute. FAIR helps provide clarity on the risks you face so you can most cost-effectively manage them.
Risk analysts and managers in government and some of the world’s most successful companies are applying FAIR to:
- Assess cyber and operational risk in financial and probabilistic terms;
- Prioritize remediation efforts based on business impact;
- Justify security investments and demonstrate ROI;
- Communicate with their peers and leaders about loss scenarios and their associated risk directly and effectively.
In this course you’ll learn the basics of quantitative risk analysis with FAIR. You’ll see what’s possible when you’re equipped with a logical, repeatable, defensible model for analyzing risk in financial and probabilistic terms. High/medium/low or 1-5 ratings and subjective heat maps aren’t sufficient to inform the “efficient and cost-effective risk management decisions” required by the NIST 800 series of documents.
FAIR offers “a more scientific approach to estimating likelihood and impact of consequences (…) to better prioritize risks and to prepare more accurate risk exposure forecasts.” (NISTIR 8286)
The course features over 2 hours of video content, 20+ content and additional resource documents, a 181-page workbook to accompany the entire course, 18 activities, 4 example analyses, 2 case studies to further your learning, and a Discussion Board where you can interact with other learners and expert facilitators from the RiskLens Academy.