Upcoming webinars: Join Us June 4th and June 13th to learn more about CRQ and the C-Risk training offer! Register now

About Open FAIR Certification

The Open FAIR™ Certification for People Program is aimed at meeting the needs of risk analysts and organizations employing risk analysts.

Melissa Parsons

An article from

Melissa Parsons
Technical Writer
Published
August 22, 2022
Updated
October 17, 2023
Reading time
minutes
Fair standard cyber security

Description

The Open FAIR™ Certification for People program is based upon Factor Analysis of Information Risk (FAIR), an open and independent information risk analysis methodology. FAIR provides a model for understanding, analyzing, and measuring information risk. The Open Group has published two standards based upon FAIR, which together constitute the Open FAIR Body of Knowledge:

  • Risk Taxonomy Technical Standard (O-RT). This standard defines a standard taxonomy of terms, definitions, and relationships used in risk analysis.
  • Risk Analysis Technical Standard (O-RA). This standard describes process aspects associated with performing effective risk analysis.

Transform how you model, measure, and manage cyber risk.

Our FAIR-certified experts will help you prioritize your IT security investments, improve governance and increase your organization's cyber resilience with our risk-based CRQ Solutions.

The Open FAIR Certification Program provides certification for people and accreditation of training courses:

  • Open FAIR Certification for People is a market-driven education and certification program that ensures individuals have knowledge and understanding of the Open FAIR Body of Knowledge.
  • Open FAIR Training Course Accreditation provides an assurance mark for training courses and requires an assessment of the course as well as the personnel and organization. In addition, all accredited training courses include the examination in their course fee.

FAQ : Cartographie des risques

Qu’est-ce qu’une cartographie des risques ?

La cartographie des risques, ou risk mapping, est un outil de gestion des risques qui se présente sous la forme d’un tableau. Les risques y sont classés selon leur probabilité et leur impact, du plus faible au plus grave.

Comment réaliser une cartographie des risques ?

Le risk mapping suit généralement une méthode en 4 étapes : identification des activités phares de la structure, recensement des risques qui la menacent, évaluation de leur probabilité et de leur impact, élaboration des mesures de détection et de protection. Cette démarche varie cependant selon différentes écoles théoriques.

Pourquoi faire une cartographie des risques ?

Le risk mapping permet d’identifier les situations problématiques pour l’activité, voire pour la survie de l'entreprise. C’est un graphique lisible simplement, qui aide à prendre des décisions pertinentes en termes de gestion du risque.

In this article
Cyber Risk Quantification for better decision-making

We build scalable solutions to quantify cyber risk in financial terms so organizations can make informed decisions to improve governance and resilience.

Related articles

Read more on cyber risk, ransomware attacks, regulatory compliance and cybersecurity.