« Return to Blog Listing

What Is FAIR Training?

by Tim Wynkoop on May 3, 2017 10:26:27 AM

FAIR training is a unique opportunity to obtain an in-depth look at how Factor Analysis of Information Risk (FAIR) really works. FAIR is the model that powers the RiskLens platform. It’s a beautifully logical way to understand risk by breaking it down into component parts. This enables organizations to quantify risk, that is, communicate risk in financial terms. We really enjoy spreading the word on the power of FAIR - you might even say we’re on a mission.

FAIR training goes in-depth on how to define what a risk really is. That’s not as easy as it sounds. My colleague Chad Weinman has seen a lot of Top 10 Risks Lists created by companies over the years, lists pulled together by surveying IT staff or other methods. As he wrote in a recent blog post:


“None of those methods I believe could be considered systematic. They lend themselves to subjectivity and ‘perceived’ risk. It is my belief that many items aren't even identified from a true perspective on risk.”

from Perception vs Reality in Identifying Risks


FAIR, on the other hand, is highly systematic, and based on a set of core concepts set out by Jack Jones in the book Measuring and Managing Information Risk: A FAIR Approach. The concepts are shown in this schematic of the FAIR model.

Basic_FAIR_ontology.jpg

FAIR training leads you through the model, teaching each concept in turn, and preparing you to focus your efforts when conducting a risk assessment. You’ll learn mental disciplines such as how to get better risk analysis results by balancing probability vs. possibility. As my colleague Cody Whelan wrote in a blog post:


“It’s an all too common phenomenon to expand the scope of an analysis, to go beyond what is probable, and include everything possible, because more is often associated with better. I hate to break it to you, but this is very often a false equivalency.”

from How to Get Better Risk Analysis Results by Focusing on Probability vs Possibility


We’ve heard skeptics about FAIR say, “You can’t measure that”, or “There is not enough data”.  In fact, FAIR training shows you how to measure pretty much anything, even using the information you probably didn’t realize you already had. 

What does the FAIR training course from RiskLens cover?

The image below outlines what a typical RiskLens Training course includes. 

FAIR Training Course Map.png

To highlight a few of the course subjects:

Introduction

  • The Bald Tire is an exercise to help you critically think about what is and what isn’t a risk.

Core Measurement Concepts

  • Precision vs. Accuracy explains the key difference in these concepts: You can have a high degree of precision yet not be accurate—and vice versa.

Analysis

  • Troubleshooting Analysis: An up close and personal look at the RiskLens platform from how to scope an analysis to how to interpret the results.

Framework

  • Risk Modifiers: Gives the analyst the opportunity to clarify the difference between unstable and fragile risk conditions, which is important if you are planning on taking the Open FAIR Certification exam.   
How to get FAIR training and certification

FAIR is a standard established by The Open Group, a global, not-for-profit consortium that enables the achievement of business objectives through IT standards. RiskLens is officially accredited by The Open Group for providing FAIR training courses.

RiskLens offers FAIR training:
  • Onsite in a live facilitator-led course, typically for corporate groups, covering 20 hours over 2.5 days. Participants are involved in completing 4-8 analyses that apply the concepts learned.
  • Online via self-paced course with self-study material, videos, and exercises, estimated to take 8 hours of participant’s time. A single monthly discussion session with certified FAIR training is facilitated via webinar. Participants complete 1 to 2 analyses.

Risk analysts who complete the training can take a test administered by Pearson VUE in one of their testing centers and achieve Open FAIR Certification.

Additionally, RiskLens offers an onsite pilot engagement, with certified RiskLens consultants leading the organization through an entire real-world analysis over the course of the 4 days engagement. This opportunity demonstrates the RiskLens platform and provides a concrete example of the risk intelligence an organization can gain through FAIR.

Finally, the non-profit FAIR Institute offers ongoing educational programs including:

  • Monthly webinars (workgroups) for FAIR practitioners to sharpen their skills in working groups led by Jack Jones and other risk experts.
  • Local chapters in 8 cities (and growing).
  • The annual FAIR Conference, with a full agenda of speakers, multiple networking opportunities and group training courses.

Related:

How to Get the Most Out of FAIR Training

SIGN-UP FOR FAIR TRAINING TODAY
This post was written by Tim Wynkoop

Tim Wynkoop is a Risk Consultant at RiskLens.

Connect with Tim