Virtual Live and Online Courses Before FAIRCON2020

Interested in getting FAIR-certified or expanding your knowledge of FAIR principles? Join us for optional conference add-on courses before FAIRCON2020. This year, we are offering multiple FAIR Training courses in partnership with our Technical Advisor, RiskLens.

We are offering three training courses in multiple ways:

  • Hybrid Courses - online, video course with live office hours by trainers
  • Online Video Based Courses

Both existing FAIR Institute members and non-members who attend FAIRCON2020 are welcome to partake in these optional add-on training courses.

RiskLens® has been delivering risk-focused training for over ten years and our facilitators are among the foremost experts in FAIR and technology risk. We not only cover all relevant and important concepts around risk quantification and the FAIR framework, but also apply that knowledge in classroom-led case study analyses to ensure each participant has practical application experience. Risk analysts who complete the training program will gain a set of analytical skills as well as an improved ability to identify, measure, and communicate risk.

Register for FAIRCON2020 and Training


FAIR Analysis Fundamentals, offered live (virtually) and online, introduces learners to the FAIR quantitative risk analysis model and the foundational concepts involved in FAIR analysis. By the end of this course, learners will be able to apply the FAIR quantitative risk analysis model to accurately model and quantify risk and will be prepared for the OpenFAIR Certification exam. The course includes 16 CPE credits, a voucher covering the cost of the exam, and a study guide that prepares you for the exam. Please note that online course access is valid for 90 days after purchase, with some reasonable extensions happily granted. 
  • Accredited OpenFAIR Level 1 preparation
  • 1,500.00 USD
  • Online course + Office Hours w/ discussion and activities via Zoom. Accredited OpenFAIR Level 1 preparation
  • 1,649.00 USD
  •  1,500.00 USD


Without a properly-scoped risk scenario, FAIR analysis is impossible. In this course, we'll introduce the risk analysis sub-process (a part of the larger Risk Management Process) and thoroughly discuss the first task in that sub-process, properly scoping an analysis. Learners will be able to clearly define the asset, threat, and effect involved in a given scenario and use those elements to craft a clear and succinct scenario statement.

Collecting data and working with subject-matter experts to gather calibrated estimates can be the most difficult part of a FAIR analyst's job. How do you clearly communicate the scenario to your SMEs? How do you get time on their calendars and make sure you're asking them the right questions? In this course, we'll take the analysis from being properly scoped to being ready to calculate. Learners will be able to choose the appropriate FAIR variables to include in their model of the scenario, will understand the importance of writing context-specific questions for each FAIR variable in their model, will be able to explain their analysis and what they need to the SME, and will be able to properly structure and conduct calibrated estimation sessions.

It's essential to perform quality assurance on analysis results, and not to just blindly trust the numbers that come out of the Monte Carlo analysis engine. Executing on a quality assurance checklist will ensure that the results align with the provided estimates and haven't been marred by typos or placement of estimates into the wrong variable in the model. Learners will be able to perform this quality assurance on analysis results as well as on their documented rationale before they proceed to preparing a results presentation.

An analysis isn't very valuable if you can't clearly communicate the results to inform decision-makers. In this course, participants will learn how to interpret and explain Annualized Loss Exposure, how to view breakdowns of forecasted losses by asset, threat, and loss type using the RiskLens software, and how to combine all of the relevant information about the analysis into a brief but effective results presentation. 


The FAIR Analyst Learning Path assumes foundational knowledge of the FAIR model, calibrated estimation, measurement concepts, and other topics from the FAIR Analysis Fundamentals course. It is only recommended for participants who have already completed that course, either online or in-person, or who have extensively studied FAIR via other means.


Deep Dives into:

  • Scoping
  • Collecting Data and Estimates
  • Running Analysis and Validating Results
  • Presenting Results
  • Online course + Office Hours w/ discussion and activities via Zoom
  • 1,649.00 USD
Public sector information security and risk management professionals make mission-critical tactical and strategic decisions every day. FISMA, EO 13800, NIST CSF, NIST 800-37, 800-39, and many other standards and frameworks direct agencies to make those decisions in a cost-effective way based on an understanding of the probability/likelihood and impact/magnitude of harm.
So, how are agencies to do that? Does it look like 1-5 rating scales or red/yellow/green heat maps? Is that the best way to cost-effectively manage our limited resources in light of the risks we face? And just what is “risk,” anyway? Different standards provide different definitions, models, calculations, and frameworks — there has to be a better way. Exactly how to meet these requirements is largely left up to the various agencies and auditing authorities are mainly concerned that the work gets done, not how it gets done.
 The Factor Analysis of Information Risk (FAIR) model and methods are recognized as an Informative Reference to the NIST CSF, aligned to ISO 31000 and other standards, and backed by a worldwide network of risk researchers, managers, and analysts in the FAIR Institute. FAIR helps provide clarity on the risks you face so you can most cost-effectively manage them. Risk analysts and managers in government and some of the world’s most successful companies are applying FAIR to:
  • Assess cyber and operational risk in financial and probabilistic terms
  • Prioritize remediation efforts based on business impact
  • Justify security investments and demonstrate ROI 
  • Communicate with their peers and leaders about loss scenarios and their associated risk directly and effectively 
In this course you’ll learn the basics of quantitative risk analysis with FAIR. You’ll see what’s possible when you’re equipped with a logical, repeatable, defensible model for analyzing risk in financial and probabilistic terms. High/medium/low or 1-5 ratings and subjective heat maps aren’t sufficient to inform the “efficient and cost-effective risk management decisions” required by the NIST 800 series of documents. FAIR offers “a more scientific approach to estimating likelihood and impact of consequences (…) to better prioritize risks and to prepare more accurate risk exposure forecasts.” (NISTIR 8286) Join us for a comprehensive course led by experienced risk professionals featuring case studies and example analyses directly relevant to the public sector.



Training Courses range in price based on delivery method and ranging between $1,500 and $1,950.


This optional course will appear as an additional ticket option. If you wish to purchase a seat in the training course, please select the quantity (1) in addition to your required conference registration.


Register for FAIRCON2020 and Training



RiskLens® is the premier provider of cyber risk management software and empowers large enterprises and government organizations to manage cyber risk from the business perspective by quantifying it in dollars and cents. RiskLens serves as FAIR Institute’s sponsor and technical advisor where it is led by FAIR-certified experts.

Our customers leverage RiskLens to understand their cyber risk exposure in financial terms, prioritize their risk mitigations, measure the ROI of their security investments, and optimize their cyber insurance coverage. RiskLens is the only cyber risk management software purpose-built on FAIR, the only international standard Value at Risk (VaR) model for cyber security and operational risk.

For more information visit the RiskLens® website at