FAIR Training

What is the FAIR model?

The FAIR model introduces a unique method of risk management. Training in the FAIR Institute can transform the vague, obscure world of traditional risk management into a business-aligned, well-governed risk strategy that is completely based on quantitative analysis. 

To accurately measure business risks, a standard low-medium-high score does not cut to the bone of a complex risk management strategy. A quantitative measure of risk that puts dollar signs into the equation of risk and mitigation strategies is quickly emerging as a promising concept in risk management. The FAIR methodology was developed to reform traditional risk measurements. It considers risk components, assesses how each factor interacts and impacts the other, and assigns a monetary value to measure each segment in financial terms. Indeed, FAIR is the only global international standard Value at Risk (VaR) model for business risk.

FAIR Training

FAIR Institute Training

In the courses offered by the FAIR Institute, attention is focused on the risk analysis sub-process, providing learners with the concrete skills needed to complete a quantitative analysis, including properly scoping the scenario, collecting data, estimating monetary values of the relevant factors, conducting quality assurance on the results, and presenting the results to decision-makers.

Upon completion, graduates will have developed the skills and resources necessary to measure the risk associated with scenarios of all types. This empowers them to fundamentally change the way risk management is conducted in their respective organizations and make a considerable contribution to the protection of their company’s value.

In the course, the drawbacks of conventional, qualitative risk management techniques are presented. Key quantifying measurement concepts and calibrated estimation methods necessary to conduct quantitative risk analysis are taught and practiced. The course curriculum is further expanded by hands-on practice on real-life use cases.

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days

Learn more about FAIR Training

3 FAIR Training Tracks

FAIR Institute offers 3 courses that offer an in-depth understanding of how Factor Analysis of Information Risk (FAIR) works. Based on the FAIR system model, the risk training course delves into the true meaning of enterprise risks on 3 levels:

FAIR Analysis Fundamentals

This tier introduces learners to the basic FAIR quantitative risk analysis model and the foundational concepts involved in the FAIR analysis. Upon completion, graduates will be able to apply the FAIR  quantitative risk analysis model to accurately model and quantify risk and will be well-equipped for the Open FAIR Certification exam. 

The FAIR Analyst Learning Path

The second tier is more advanced and is intended for participants who already have had experience with the FAIR quantitative risk analysis model. This series of courses goes in-depth on how to scope analyses, collect data and estimates, run analyses, perform quality assurance, and present results. 

FAIR Analysis Fundamentals for US Government

The course is fully customized for government institutions with special attention to compliance with NIST standards and other regulatory requirements and use cases. 

FAIR Certification

FAIR certification is available to individuals who demonstrate their knowledge and understanding of the body of knowledge for The Open Group FAIR Certification Program.

Questions Answered with FAIR Training:

Risk assessment has been long assumed to be an obscure, non substantial assessment. With FAIR training, however, the following questions have factual, data-driven answers:

  • Is reducing a high risk to a medium risk worth the cost of the mitigation strategy? 
  • Which risk scenario should we seek to mitigate?
  • Which remediation plan will reduce risk most cost-effectively?

Additional Training Opportunities

In addition to the certified courses, the FAIR Institute offers ongoing educational training programs, including:

  • Monthly webinars for FAIR users to enrich their skillsets led by Jack Jones and other risk experts
  • Local chapters in locations spread throughout the US and a few international cities
  • The FairCon Conference brings together leaders in information security and operational and cyber risk management for excellent networking opportunities. With a full agenda of world-class expert speakers, the conference is a great way to explore best FAIR practices that produce greater value and alignment with business goals.
  • Annual conferences such as the RSA conference and ISACA’s Virtual Summit feature keynote speakers from the FAIR Institute.

Continuous education is very important. After the course is completed, participants should really “dive in” and solidify their improved risk analysis skills and capabilities. Otherwise, knowledge can slowly “evaporate” over time.

Centraleyes Risk Quantification

The FAIR Institute created a breakthrough concept in the management of information security and operational risk. 

Question: How do you leverage this great model to manage risk quantitatively?

Answer: Centraleyes’ risk management platform enables risk-based business strategy using the FAIR model to quantify risk.

Schedule a Demo to see how our risk quantification calculator works.

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days

Want to talk to Centraleyes about FAIR Training?

Related Content

Authorization to Operate (ATO)

Authorization to Operate (ATO)

What is an ATO? An ATO is a hallmark of approval that endorses an information system…


What is StateRAMP? In 2011, the Federal Risk and Authorization Management Program (FedRAMP) laid the groundwork…
Segregation of Duties

Segregation of Duties

What is the Segregation of Duties? Segregation of duties (SoD) is like a game of checks…
Skip to content