FAIR Instructor Training Program

Training Overview Prerequisites: Attendees must have completed Basic FAIR Analyst training. Duration: The training course spans approximately twenty hours.

Course Description This course is designed to provide individuals with the skills necessary to teach the basic and advanced FAIR classes.  It includes a review of concepts and practical experience necessary to competently perform complex and difficult risk analyses, analyze the effect of controls within a risk scenario, as well as evaluating and gaining risk landscape visibility.

Course Curriculum

• Review & How to Teach the FAIR Basic Analyst Class
• Risk concepts and terminology
• The FAIR taxonomy
• How to evaluate risk scenarios using FAIR
• Which data are required to perform risk analyses
• Where to find the data you never knew you had
• How to generate defensible quantitative estimates
• The principles of calibration
• Review & How to Teach Advanced FAIR Analysis
• Review of the basics
• Object modeling
• Object modeling terms and concepts
• Multi-layered analyses using object modeling
• Practical application
• Controls analysis
• Controls overview
• Object-level controls taxonomy
• Control relationships
• Determining the role and estimated effectiveness of object-level controls
• Practical application
• Defense-in-depth
• Variance management controls
• Estimating the effectiveness of variance management controls
• Practical application
• Cost/benefit analysis
• Difficult scenarios
• What to do when the asset isn’t obvious
• Deeper analysis of the threat community
• Non-infosec scenarios
• Visibility analysis
• Overview
• Scoping the landscape
• Establishing initial visibility
• Identifying visibility improvement opportunities

Training Deliverables Documentation: We will provide instructors with documentation for teaching the Basic & Advanced training courses. Included in the documentation will be copies of the presentations and references.

Customer On-Site Training Environment Requirements Customer will want to ensure that it has identified the proper participants who have completed basic FAIR training and with (at least):

• Responsibilities for, or a background in, the technical, process, audit, or management role(s) for Information Security or other relevant risk disciplines.
• If training is to be provided at customer facilities, that it has provided classroom space (preferably with a whiteboard) and projectors for training presentations.

Instructor Certification Process

There are cour conditions required in order to train:

1) Hold a Basic FAIR Instructor Certification

2) Hold a current Advanced FAIR Analyst Certification

3) Complete FAIRiq Application Training

4) Maintain a license to train

Requirements for New Instructor Certification:

• Minimum of 6-months of experience applying FAIR to risk issues in the work environment
• Analysis documentation is subject to review
• Thorough understanding of basic FAIR concepts and application as determined through oral interviews with instructor and trainer

Requirements for Continued Instructor Certification:

• Teach a minimum of 1 course per year (minimum of 6 students)
• Average student feedback rating of at least 3 on a scale of 1 to 4
• Minimum 90% pass rate on students taking the certification exam. Note that at least half of the personnel being trained will have to take the certification exam.
• Instructor Refresher Course completion every two years
• Note that the license to train does not include a license to certify. CXOWARE has exclusive rights to certify FAIR-trained analysts
• Advanced FAIR Instructor Licensing is renewed on a yearly basis

Student Fees for training provided by FAIR Advanced Certified Instructors:

• Registration fee per student covers administration, certification exam, certificate, etc.). Note that all students must be registered regardless of whether they take the exam or not.
• Class sizes must not exceed 12 students
• Up-to-date training materials (slides, etc.) will be provided by certified instructor

FAIRiq Application Training <<