Practical Applications of FAIR™ for Cyber Risk Management

Practical Applications of FAIR™ for Cyber Risk Management

This course is part of Cyber Risk Management for Executives Specialization

Instructors: FAIR Institute

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

27 assignments

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

Build your subject-matter expertise

This course is part of the Cyber Risk Management for Executives Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV

Share it on social media and in your performance review

There are 3 modules in this course

This course provides a practical, hands-on approach to applying the Factor Analysis of Information Risk (FAIR) methodology in cyber risk management. Students will learn how to leverage industry research, use FAIR for decision-making, and report on the materiality of cyber incidents using FAIR-MAM (Materiality Assessment Methodology). Through real-world CISO lectures and exercises, participants will gain the skills to quantify and communicate cyber risk effectively in financial terms.

This course is tailored for senior executives and decision-makers overseeing or guiding cyber risk management within their organizations. Ideal participants will have: Leadership and Strategic Oversight: Participants should hold or aspire to hold leadership roles such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Risk Officer (CRO), or senior management positions where they are responsible for setting and implementing risk management strategies. Experience with Financial or Business Risk: Executives with experience managing financial risk or business continuity planning will find the course particularly valuable, as it covers the intersection of cyber risk and financial decision-making. Commitment to Continuous Improvement: A mindset geared toward continuous improvement in risk management practices, with a willingness to explore and adopt new methodologies, such as the FAIR model, to enhance their organization's cyber resilience. This course is designed to equip senior leaders with the practical skills and insights necessary to integrate the FAIR model into their organization’s broader risk management strategy, ensuring a more quantitative and business-aligned approach to managing cyber risks.

This module focuses on enhancing cyber risk management practices through industry research, risk quantification using FAIR, and evolving approaches to cyber risk. It covers recent trends, empirical studies, and the application of FAIR to mature security programs. The module explores how quantitative risk analysis can improve decision-making and discusses the evolution of cyber risk management, including the integration of FAIR with frameworks like NIST CSF.

What's included

10 videos11 readings10 assignments8 discussion prompts

10 videosTotal 45 minutes

Introduction to Practical Applications of FAIR™ for CRM1 minutePreview module
CRM Research at MIT Sloan6 minutes
Forrester’s Cyber Risk Management Research4 minutes
Data Integrity 4 minutes
Missing GAAP for CRM5 minutes
FAIR Enables Business Decisions3 minutes
Effective Operational Risk Management: Quantifying Risk Reduction and Setting Risk Appetite7 minutes
FAIR Enables Security Programs to Mature4 minutes
FAIR Enables a Proactive Approach to CRM3 minutes
Adopting the FAIR Model3 minutes

11 readingsTotal 320 minutes

Syllabus: Practical Applications of FAIR for Cyber Risk Management10 minutes
4 Areas of Cyber Risk That Boards Need to Address30 minutes
(Optional) Announcing the Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024 10 minutes
Navigating the Challenges of CRM with Automation10 minutes
Cyentia IRIS (Information Risk Insights Study) 60 minutes
(Optional) Cyentia IRIS Xtreme (Information Risk Insights Study Xtreme)60 minutes
Quantitative Decision Analysis10 minutes
FAIR Risk Analysis Example30 minutes
FAIR-U Tool - Risk Analysis Training Application60 minutes
NIST-CSF 2.0 Takes a Major Step to Acknowledge Cyber Risk as a Business Risk30 minutes
FAIR Risk Management10 minutes

10 assignmentsTotal 27 minutes

Graded Assessment -19 minutes
Assessment for CRM Research at MIT Sloan2 minutes
Assessment of Forrester’s Cyber Risk Management Research2 minutes
Assessment for Data Integrity2 minutes
Assessment of Missing GAAP for CRM2 minutes
Assessment for FAIR Enables Business Decisions2 minutes
Assessment of Effective Operational Risk Management: Quantifying Risk Reduction and Setting Risk Appetite2 minutes
Assessment for FAIR Enables Security Programs to Mature2 minutes
Assessment of FAIR Enables a Proactive Approach to CRM2 minutes
Assessment of Adopting the FAIR Model2 minutes

8 discussion promptsTotal 50 minutes

Introduce Yourself5 minutes
4 Critical Areas Boards Need to Address10 minutes
Automating FAIR5 minutes
Multi-party Incidents5 minutes
Quantitative Decision Analysis10 minutes
Data Gathering5 minutes
NIST-CSF 2.0 + FAIR5 minutes
FAIR Enables Accuracy5 minutes

This module explores how the Factor Analysis of Information Risk (FAIR) framework enhances decision-making processes in cyber risk management. Participants will delve into the complexities of trade-off decisions, learn effective cyber risk quantification techniques, and discover how to optimize decision-making using FAIR. Through a combination of videos, readings, and real-world use cases from various industries, learners will gain practical insights into applying FAIR to improve business objectives and communicate more effectively with executive stakeholders.

What's included

11 videos6 readings12 assignments1 peer review6 discussion prompts

11 videosTotal 56 minutes

FAIR’s Primary Purpose6 minutesPreview module
Financial Services CRM Trade-offs 4 minutes
Healthcare Use Case Example4 minutes
FAIR Helps CISOs Manage Budget 4 minutes
Risk Buy-Down with FAIR5 minutes
Cyber Insurance Use Case with FAIR6 minutes
Optimizing Decision-Making with FAIR5 minutes
Mastering FAIR for Global Technology Risk4 minutes
Credit Monitoring Use Case4 minutes
Health Insurance Business Use Case5 minutes
NASA (Mission-focused) FAIR Use Case6 minutes

6 readingsTotal 87 minutes

Managing Cybersecurity Surprises: The Executive’s Perspective10 minutes
Understanding Cyber Risk Quantification: A Buyer’s Guide15 minutes
Putting a Price on Risk | How to Prioritize Your Cybersecurity Budget in 202412 minutes
Quantifying Risk to Reduce Premiums30 minutes
4 Steps to a Smarter Risk Heat Map10 minutes
Three Types of Risk Skeptics10 minutes

12 assignmentsTotal 33 minutes

Graded Assessment 211 minutes
Assessment of FAIR'S Primary Purpose2 minutes
Assessment of Financial Service Trade-offs2 minutes
Assessment for Healthcare Use Case Example2 minutes
Assessment of FAIR Helps CISOs Manage Budget2 minutes
Assessment of Risk Buy-Down with FAIR2 minutes
Assessment for Cyber Insurance Use Case with FAIR2 minutes
Assessment for Optimizing Decision Making with FAIR2 minutes
Assessment of Mastering FAIR for Global Technology Risk2 minutes
Assessment of Credit Monitoring Use Case2 minutes
Assessment of Health Insurance Business Use Case2 minutes
Assessment of NASA (Mission-focused) FAIR Use Case2 minutes

1 peer reviewTotal 30 minutes

Peer Review30 minutes

6 discussion promptsTotal 35 minutes

Managing Cybersecurity Surprises5 minutes
Cybersecurity Budgets5 minutes
Cyber Insurance Terms5 minutes
Risk Quantification Improves Debates5 minutes
Risk Skeptic10 minutes
Business Value Use Cases5 minutes

This module explores the critical concept of materiality in the context of cyber incidents and its implications for reporting to the Securities and Exchange Commission (SEC). Participants will gain a comprehensive understanding of how to define, assess, and communicate the materiality of cyber events. The module covers the SEC's guidelines, the FAIR-MAM (Factor Analysis of Information Risk - Materiality Assessment Methodology) framework, and practical use cases. Through expert insights, case studies, and interactive discussions, learners will develop the skills necessary to accurately determine the financial impact of cyber incidents and ensure compliance with SEC regulations.

What's included

10 videos7 readings5 assignments1 peer review2 discussion prompts

10 videosTotal 40 minutes

SEC Materiality Reporting2 minutesPreview module
What is Materiality?3 minutes
HowMaterialIsThatHack.org Overview2 minutes
Cyber-Hack Disclosure1 minute
Introduction to FAIR-MAM6 minutes
Forrester’s Analysis of FAIR-MAM4 minutes
Safe Security Automates FAIR-MAM5 minutes
The Uber Cyber Breach: CISO’s Personal Liability Story6 minutes
FAIR-MAM Use Case Examples4 minutes
FAIR-MAM Built for SEC Rulings4 minutes

7 readingsTotal 200 minutes

U.S. SEC’s Statement for Reporting Materiality of a Cyber Incident30 minutes
How Material is that Hack10 minutes
Cyber-Hack Disclosure Reference Doc10 minutes
FAIR-MAM Whitepaper30 minutes
Are You Ready to Comply with the SEC “Material’ Cyber Risk Rules30 minutes
CISOs and Personal Liability | How to Not Be Singled Out by the SEC (Optional)30 minutes
(Optional) How to Achieve SEC Compliance with Real-time and Automated FAIR™ Solution60 minutes

5 assignmentsTotal 12 minutes

Graded Assessment - 34 minutes
Assessment of What is Materility2 minutes
Assessment of Cyber-Hack Disclosure2 minutes
Assessment of Forrester's Analysis of FAIR-MAM2 minutes
Assessment of The Uber Cyber Breach: CISO’s Personal Liability StoryUntitled2 minutes