FAIR Institute Blog

Tips to Prepare for the Open FAIR™ Certification Exam

[fa icon="calendar"] Jan 29, 2020 5:03:53 PM / by Adham Etoom

FAIR Model Drop ShadowIn March, 2019, I passed the ISACA CRISC exam and got certified in the next month. The CRISC is a great certificate because it shifts your mindset and helps you to establish standardized information risk management practices. 

However, I decided not to stop there, but to further search for holistic and effective standards for cyber risk quantification and through that, I came across Factor Analysis for Information Risk (FAIR™), which I believe it is complementary to CRISC. 


Adham EtoomAdham Etoom is a FAIR Institute member and project manager based in Jordan with expertise in information security program management, IT risk and incident management, satellite systems management and security, holding global certifications in project management, incident handling, and risk management, (PMP, GCIH, CRISC, FAIR).


FAIR is the only international standard Value at Risk model for cybersecurity and operational risk. It provides a model for understanding, analyzing and quantifying information risk in financial terms. I started to get obsessed with FAIR after I realized its beauty and importance in risk quantification – it indeed makes sense to me scientifically and practically. So I decided to get certified with such a solid standard and to expand my knowledge into this interesting domain for further opportunities internationally.

Socrates said almost 2,500 years ago, “The beginning of wisdom is the definition of terms.”  This quote has stuck in my mind for long time and I can relate it here to risk taxonomy.

How I Prepared for the Open FAIR Exam

To gain a general understanding, I started by reading the following:

For direct exam preparation, I strongly advise you to go to the Open Group official website and start reading about Open FAIR™ Certification.

I managed my preparation as self-study in the following order:

Free Resources:

Developed my study plan using an Excel sheet to go through all the available resources with reference notes for later review and to track my progress. 

Open FAIR Certification Program Summary
Certification Policy for Examination-Based Programs
FAIR Conformance Requirements 
c13g Risk Analysis O-RA - The Risk Analysis Standard
c13k Risk Taxonomy O-RT - The Risk Taxonomy Standard
c103 FAIR - ISO 27K Cookbook
The Open FAIR Risk Analysis Tool Beta 90 days (Excel sheet) 

Premium Resources:


Editor’s Note:

For a guided learning experience led by instructors and including realistic analysis practice, many organizations choose to educate their teams on FAIR with the RiskLens Academy’s FAIR Analysis Fundamentals course, available online or in classroom settings at the annual FAIR Conference, through the SANS Institute and other venues. Students who complete the course receive a voucher to take the FAIR certification exam for free from the Open Group. Learn more about FAIR Analysis Fundamentals training.


Study Tips for the Open FAIR Exam

Study these very well and focus on understanding and comprehension rather than memorizing everything: 

  • c13g Risk Analysis O-RA
  • c13k Risk Taxonomy O-RT
  • FAIR Model on a Page Infographic ( Must be memorized and practiced daily) 

I went through the official Open FAIR Study Guide and practiced the sample questions at the end of each chapter, and then took the Official Exam Paper – the results were reasonable with medium confidence and I did knowledge gap analysis. I decided to book the Open FAIR exam then make the final review and to fill the gaps that I had. 

NOTE: For me, one of the difficult aspects of FAIR methodology was terms normalization for all the risk factors, I overcame this by reading each and every definition daily and related each factor to a practical example in my daily life. 

The Exam Experience

The exam itself was like any other exam: If you are well prepared, you are going to clear it by practice and self-confidence. And the journey should not stop here. 

I personally was satisfied with this major milestone in my professional life and that I passed it by self-study. I learned a lot of things that transformed my ability to apply critical thinking to risk, to understand the complex nature of risk and to optimize risk decision making – and most importantly not to be deceived by the subjective nature of any qualitative assessment.

I strongly recommend that you go for Open FAIR certification program, whether you have little or extensive experience.  


Topics: FAIR, Risk Management

Adham Etoom

Written by Adham Etoom

Join the FAIR Community