Practical Applications of FAIR™ for Cyber Risk Management

Practical Applications of FAIR™ for Cyber Risk Management

本课程是 Cyber Risk Management for Executives 专项课程的一部分

位教师：FAIR Institute

访问权限由 Coursera Learning Team 提供

3个模块

深入了解一个主题并学习基础知识。

中级等级

需要一些相关经验

2 周完成

在 10 小时一周

灵活的计划

自行安排学习进度

3个模块

深入了解一个主题并学习基础知识。

中级等级

需要一些相关经验

2 周完成

在 10 小时一周

灵活的计划

自行安排学习进度

您将获得的技能

要了解的详细信息

可分享的证书

添加到您的领英档案

作业

27 任务¹

AI 评分请参见免责声明

授课语言：英语（English）

了解顶级公司的员工如何掌握热门技能

了解关于 Coursera for Business 的更多信息

Petrobras, TATA, Danone, Capgemini, P&G 和 L'Oreal 的徽标

积累特定领域的专业知识

本课程是 Cyber Risk Management for Executives 专项课程专项课程的一部分

在注册此课程时，您还会同时注册此专项课程。

向行业专家学习新概念
获得对主题或工具的基础理解
通过实践项目培养工作相关技能
获得可共享的职业证书

该课程共有3个模块

This course provides a practical, hands-on approach to applying the Factor Analysis of Information Risk (FAIR) methodology in cyber risk management. Students will learn how to leverage industry research, use FAIR for decision-making, and report on the materiality of cyber incidents using FAIR-MAM (Materiality Assessment Methodology). Through real-world CISO lectures and exercises, participants will gain the skills to quantify and communicate cyber risk effectively in financial terms.

This course is tailored for senior executives and decision-makers overseeing or guiding cyber risk management within their organizations. Ideal participants will have: Leadership and Strategic Oversight: Participants should hold or aspire to hold leadership roles such as Chief Executive Officer (CEO), Chief Information Security Officer (CISO), Chief Risk Officer (CRO), or senior management positions where they are responsible for setting and implementing risk management strategies. Experience with Financial or Business Risk: Executives with experience managing financial risk or business continuity planning will find the course particularly valuable, as it covers the intersection of cyber risk and financial decision-making. Commitment to Continuous Improvement: A mindset geared toward continuous improvement in risk management practices, with a willingness to explore and adopt new methodologies, such as the FAIR model, to enhance their organization's cyber resilience. This course is designed to equip senior leaders with the practical skills and insights necessary to integrate the FAIR model into their organization’s broader risk management strategy, ensuring a more quantitative and business-aligned approach to managing cyber risks.

This module focuses on enhancing cyber risk management practices through industry research, risk quantification using FAIR, and evolving approaches to cyber risk. It covers recent trends, empirical studies, and the application of FAIR to mature security programs. The module explores how quantitative risk analysis can improve decision-making and discusses the evolution of cyber risk management, including the integration of FAIR with frameworks like NIST CSF.

涵盖的内容

10个视频11篇阅读材料10个作业8个讨论话题

10个视频总计45分钟

Introduction to Practical Applications of FAIR™ for CRM 2分钟
CRM Research at MIT Sloan 7分钟
Forrester’s Cyber Risk Management Research 4分钟
Data Integrity 4分钟
Missing GAAP for CRM 6分钟
FAIR Enables Business Decisions 3分钟
Effective Operational Risk Management: Quantifying Risk Reduction and Setting Risk Appetite 8分钟
FAIR Enables Security Programs to Mature 5分钟
FAIR Enables a Proactive Approach to CRM 3分钟
Adopting the FAIR Model 4分钟

11篇阅读材料总计320分钟

Syllabus: Practical Applications of FAIR for Cyber Risk Management 10分钟
4 Areas of Cyber Risk That Boards Need to Address 30分钟
(Optional) Announcing the Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024 10分钟
Navigating the Challenges of CRM with Automation 10分钟
Cyentia IRIS (Information Risk Insights Study) 60分钟
(Optional) Cyentia IRIS Xtreme (Information Risk Insights Study Xtreme) 60分钟
Quantitative Decision Analysis 10分钟
FAIR Risk Analysis Example 30分钟
FAIR-U Tool - Risk Analysis Training Application 60分钟
NIST-CSF 2.0 Takes a Major Step to Acknowledge Cyber Risk as a Business Risk 30分钟
FAIR Risk Management 10分钟

10个作业总计27分钟

Assessment for CRM Research at MIT Sloan 2分钟
Assessment of Forrester’s Cyber Risk Management Research 2分钟
Assessment for Data Integrity 2分钟
Assessment of Missing GAAP for CRM 2分钟
Assessment for FAIR Enables Business Decisions 2分钟
Assessment of Effective Operational Risk Management: Quantifying Risk Reduction and Setting Risk Appetite 2分钟
Assessment for FAIR Enables Security Programs to Mature 2分钟
Assessment of FAIR Enables a Proactive Approach to CRM 2分钟
Assessment of Adopting the FAIR Model 2分钟
Graded Assessment -1 9分钟

8个讨论话题总计50分钟

Introduce Yourself 5分钟
4 Critical Areas Boards Need to Address 10分钟
Automating FAIR 5分钟
Multi-party Incidents 5分钟
Quantitative Decision Analysis 10分钟
Data Gathering 5分钟
NIST-CSF 2.0 + FAIR 5分钟
FAIR Enables Accuracy 5分钟

This module explores how the Factor Analysis of Information Risk (FAIR) framework enhances decision-making processes in cyber risk management. Participants will delve into the complexities of trade-off decisions, learn effective cyber risk quantification techniques, and discover how to optimize decision-making using FAIR. Through a combination of videos, readings, and real-world use cases from various industries, learners will gain practical insights into applying FAIR to improve business objectives and communicate more effectively with executive stakeholders.

涵盖的内容

11个视频6篇阅读材料12个作业1次同伴评审6个讨论话题

11个视频总计57分钟

FAIR’s Primary Purpose 6分钟
Financial Services CRM Trade-offs 4分钟
Healthcare Use Case Example 4分钟
FAIR Helps CISOs Manage Budget 5分钟
Risk Buy-Down with FAIR 5分钟
Cyber Insurance Use Case with FAIR 6分钟
Optimizing Decision-Making with FAIR 5分钟
Mastering FAIR for Global Technology Risk 4分钟
Credit Monitoring Use Case 5分钟
Health Insurance Business Use Case 5分钟
NASA (Mission-focused) FAIR Use Case 6分钟

6篇阅读材料总计87分钟

Managing Cybersecurity Surprises: The Executive’s Perspective 10分钟
Understanding Cyber Risk Quantification: A Buyer’s Guide 15分钟
Putting a Price on Risk | How to Prioritize Your Cybersecurity Budget in 2024 12分钟
Quantifying Risk to Reduce Premiums 30分钟
4 Steps to a Smarter Risk Heat Map 10分钟
Three Types of Risk Skeptics 10分钟

12个作业总计33分钟

Assessment of FAIR'S Primary Purpose 2分钟
Assessment of Financial Service Trade-offs 2分钟
Assessment for Healthcare Use Case Example 2分钟
Assessment of FAIR Helps CISOs Manage Budget 2分钟
Assessment of Risk Buy-Down with FAIR 2分钟
Assessment for Cyber Insurance Use Case with FAIR 2分钟
Assessment for Optimizing Decision Making with FAIR 2分钟
Assessment of Mastering FAIR for Global Technology Risk 2分钟
Assessment of Credit Monitoring Use Case 2分钟
Assessment of Health Insurance Business Use Case 2分钟
Assessment of NASA (Mission-focused) FAIR Use Case 2分钟
Graded Assessment 2 11分钟

1次同伴评审总计30分钟

Peer Review 30分钟

6个讨论话题总计35分钟

Managing Cybersecurity Surprises 5分钟
Cybersecurity Budgets 5分钟
Cyber Insurance Terms 5分钟
Risk Quantification Improves Debates 5分钟
Risk Skeptic 10分钟
Business Value Use Cases 5分钟

This module explores the critical concept of materiality in the context of cyber incidents and its implications for reporting to the Securities and Exchange Commission (SEC). Participants will gain a comprehensive understanding of how to define, assess, and communicate the materiality of cyber events. The module covers the SEC's guidelines, the FAIR-MAM (Factor Analysis of Information Risk - Materiality Assessment Methodology) framework, and practical use cases. Through expert insights, case studies, and interactive discussions, learners will develop the skills necessary to accurately determine the financial impact of cyber incidents and ensure compliance with SEC regulations.

涵盖的内容

10个视频7篇阅读材料5个作业1次同伴评审2个讨论话题

10个视频总计41分钟

SEC Materiality Reporting 3分钟
What is Materiality? 3分钟
HowMaterialIsThatHack.org Overview 3分钟
Cyber-Hack Disclosure 2分钟
Introduction to FAIR-MAM 7分钟
Forrester’s Analysis of FAIR-MAM 5分钟
Safe Security Automates FAIR-MAM 5分钟
The Uber Cyber Breach: CISO’s Personal Liability Story 6分钟
FAIR-MAM Use Case Examples 4分钟
FAIR-MAM Built for SEC Rulings 4分钟

7篇阅读材料总计200分钟

U.S. SEC’s Statement for Reporting Materiality of a Cyber Incident 30分钟
How Material is that Hack 10分钟
Cyber-Hack Disclosure Reference Doc 10分钟
FAIR-MAM Whitepaper 30分钟
Are You Ready to Comply with the SEC “Material’ Cyber Risk Rules 30分钟
CISOs and Personal Liability | How to Not Be Singled Out by the SEC (Optional) 30分钟
(Optional) How to Achieve SEC Compliance with Real-time and Automated FAIR™ Solution 60分钟

5个作业总计12分钟

Assessment of What is Materility 2分钟
Assessment of Cyber-Hack Disclosure 2分钟
Assessment of Forrester's Analysis of FAIR-MAM 2分钟
Assessment of The Uber Cyber Breach: CISO’s Personal Liability StoryUntitled 2分钟
Graded Assessment - 3 4分钟