Training launch

C-Risk has developed a series of training courses on financial quantification of IT risks. The curriculum covers the OpenGroup FAIR™ standard (Factor Analysis of Information Risk), and the tools used to quantify probabilities of outcomes.

Christophe Forêt

An article from

Christophe Forêt
President and co-founder of C-Risk
October 22, 2020
October 26, 2020
Reading time
CRQ training

Our training courses:

The training program is comprised of two levels, both available in English and French:

CRQ-01 : Introduction to Cyber Risk Financial Quantification (CRQ) using the FAIR™ standard.

This 4-hour training course includes FAIR concepts, taxonomy and the associated model (ontology). It also covers the FAIR quantification methodology through the demonstration of a use-case.

CRQ-02 : Performing Cyber Risk Financial Quantification and preparing for FAIR™ Certification.

This 2-day training course covers in details:

  • The FAIR taxonomy and the associated model (ontology) including the estimation, statistical and probabilistic techniques that underpin it.
  • The FAIR quantification methodology using a hands-on approach and a number of examples.
  • Students are prepared for the optional OpenFair certification exam.

Schedule a call with a C-Risk training expert

CRQ training will provide you with the tools and processes to analyze cyber risk differently. Learn how quantification can improve your infosec budget decisions and communication with critical stakeholders.

About C-Risk

C-Risk is the European leader of cyber risk quantification services using the FAIR™ standard. Headquartered in Paris, C-Risk provides training, consulting services and software tools. Our teams help large and mid-sized organisations to quantify their cyber risk in financial terms. We enable better decisions in security investments, cyber insurance coverage and improved regulatory compliance.

Find out more at

About the FAIR™ standard

The Factor Analysis of Information Risk Standard (FAIR™ ) is the only international standard for the quantification of cyber and operational risk in financial terms. The Paris chapter of the FAIR Institute is sponsored and managed by C-Risk.

Find out more at


What does HAZOP mean?

HAZOP stands for HAZard and OPerability study, it is a technique for risk management and system examination.

How to carry out a HAZOP study?

HAZOP is a succession of precise steps based on the identification of systems and subsystems (“nodes”, “lines”). It consists in varying certain keywords related to the functioning of the systems to observe their impact on the actual operating processes. These variations of keywords cause “drifts'' and therefore risks, the likelihood of which must be examined. ons de mots clés provoquent des “dérives” et donc des risques, dont il faut examiner la crédibilité.

Where does HAZOP come from?

HAZOP is an invention of Imperial Chemical Industries, one of the world's largest chemical industries. Its creation dates back to 1965, when the method was created to help optimise the safety of the company’s facilities.

In this article
Cyber Risk Quantification for better decision-making

We build scalable solutions to quantify cyber risk in financial terms so organizations can make informed decisions to improve governance and resilience.

Related articles

Read more on cyber risk, ransomware attacks, regulatory compliance and cybersecurity.