hero 12


The Risk Analysis Training Application
based on FAIR

The FAIR Institute is proud to offer FAIR-U, our officially sanctioned training web application for running FAIR analyses, guaranteed to correctly leverage the FAIR™ quantitative risk analysis model.If you’ve been looking for an easy way to put into practice the concepts you learned in a University course, in the FAIR Book, in FAIR Training, or to test risk quantification before considering a commercial enterprise-level solution, FAIR-U is for you.

The tool is offered free of charge by Safe Security, Technical Advisor to the FAIR Institute.

Create your own FAIR-U account
Frame 535

Test Your FAIR Knowledge and Conduct Your First FAIR Risk Analysis


FAIR-U allows you to:

  • Perform single FAIR-based risk analyses
  • Learn about the FAIR™ quantitative risk analysis model and the different data inputs
  • Take advantage of embedded Monte Carlo simulations for your quantitative risk analysis
  • Communicate about risk in financial terms
  • Apply the knowledge acquired with the a FAIR Training Course and prepare for FAIR Certification
  • Integrate with the FAIR University Curriculum, to get students hands-on experience in risk analysis

Create Your Own FAIR-U Account

Single risk analysis - Native FAIR yes yes yes
Single risk analysis - Guided no no yes
Aggregated (multi-scenario) risk analyses no no yes
Continuous, real-time risk analysis no no yes
Trending over time no no yes
Embedded reporting no no yes
Guaranteed conformity to FAIR no yes yes
Risk scenario scoping via programming yes yes
Guided scoping no no yes
Automated scoping no no yes
Automated controls analytics no no yes
Mapping of controls findings to threats with MITRE ATT&CK no no yes
Supports Calibrated Estimations via programming yes yes
Embedded Monte Carlo simulations via programming yes yes
Data rationale collection via programming yes yes
Guided data collection workflow no no yes
APIs to 3rd party security products no no yes
Data Management no no yes
Loss Model according to FAIR-MAM no no yes
Industry Benchmark Data no no yes
What-If Risk Treatment Analysis no no yes
Return on Security Investment no no yes
Asset Integration no no yes
Controls Library no no yes
Data import & export APIs no no yes
GRC Integration no no yes
SaaS no yes yes
Enterprise-ready Security * no no yes

* FIPS 140-2 Certified Encryption; Single Sign-On (SSO); Detailed Logging and Reporting; Role Based Access Controls; Secure Hosting Environment; SOC 2 Type 2, SOC 3, Regular Penetration Testing, Availability SLA