FAIR Certification UPDATED Actual Exam Questions and CORRECT Answers
0 view 0 purchase
Course
FAIR Certification
Institution
FAIR Certification
FAIR Certification UPDATED Actual
Exam Questions and CORRECT Answers
FAIR - CORRECT ANSWER- Factor Analysis of Information Risk
Open FAIR Program Principles - CORRECT ANSWER- Openness - Program is open to
applicants from all countries.
Fairness - Certification is achieved only by passing an ...
FAIR Certification UPDATED Actual
Exam Questions and CORRECT Answers
FAIR - CORRECT ANSWER- ✔✔Factor Analysis of Information Risk
Open FAIR Program Principles - CORRECT ANSWER- ✔✔Openness - Program is open to
applicants from all countries.
Fairness - Certification is achieved only by passing an examination, like all other students.
Market Relevance - Program is structured to meet the perceived needs of the market
Learning support - Courses are provided by third parties
Quality - Training course providers may choose to seek Open Group accreditation for their
courses.
Best Practice - Program is designed to follow industry best practice for equivalent
certification programs.
Certification Syllabus Overview - CORRECT ANSWER- ✔✔- Basic concepts of risk
analysis
- Risk terminology, including both taxonomy and terms
- Developing and interpreting FAIR risk analysis results
- The process of risk analysis
- The Open Group FAIR Certification Program
FAIR provides a method for understanding, analyzing, and measuring information risk. It
allows organizations to: - CORRECT ANSWER- ✔✔- Speak in one language concerning
their risk
- Consistently study and apply risk analysis principles to any object or asset
- View organizational risk in total
- Challenge and defend risk decisions
Why Open FAIR - CORRECT ANSWER- ✔✔- Emphasis on risk
- Logical and rational framework, provides how and why of risk analysis
- Quantitative, provides a basis for meaningful metrics
,- Flexible
- Rigorous, It improves the ability to defend conclusions and recommendations.
Risk - CORRECT ANSWER- ✔✔A derived value. Risk is defined as the probable frequency
and magnitude of future loss (also known as "loss exposure").
Open FAIR focuses solely on pure risk (only resulting in loss) as opposed to speculative risk
(which might generate either a loss or a profit).
Loss Event Frequency (LEF) - CORRECT ANSWER- ✔✔Is the probable frequency, within a
given time frame, that a threat
agent will inflict harm upon an asset.
In order for a loss event to occur, a threat agent has to act upon an asset, and that asset must
be
vulnerable, such that loss results.
LEF can be expressed as a probability (event X is 10% likely to occur over the next Y) rather
than a distribution/frequency in scenarios where the loss event could only occur once in the
time-frame of interest
Threat Event Frequency (TEF) - CORRECT ANSWER- ✔✔Is the probable frequency, within
a given time frame, that a threat agent will act in a manner that could result in a loss.
TEF can be expressed as a probability rather than distribution/frequency in scenarios where
the treat event could only occur once in the time-frame of interest.
TEF is expressed as a percentile
TEF does not include whether threat agent actions are successful.
Contact Frequency (CF) - CORRECT ANSWER- ✔✔Is the probable frequency, within a
given timeframe, that a threat agent
, will come into contact with an asset.
The data type is an integer.
Types of contact:
Random Contact - the threat agent "stumbles upon" the asset during the course of
unfocused or undirected activity. There is no pattern or consistency
Regular Contact - contact occurs because of the regular actions of the threat agent. Contact
happens on a frequent or often basis
Intentional Contact - the threat agent seeks out specific targets. Contact is based on
intentional actions by the threat.
CF can be expressed as a probability rather than distribution /frequency in scenarios where
the contact could only occur once in the time-frame of interest.
Probability of Action (PoA) - CORRECT ANSWER- ✔✔Is the probability that a threat agent
will act against an asset once contact occurs.
The PoA is expressed as a percentage.
"only applies to threat agents that can think, reason, or otherwise make a decision like
humans or other animals"
Choice of whether to act is driven by three factors:
- The perceived value of the act from the threat agent's perspective
- The perceived level of effort (LoE) and/or cost from the threat agent's perspective
- Risk of detection/consequences. The perceived level of risk to the threat agent
Note: its uncommon to perform an analysis where you have to derive TEF from estimates of
CF and PoA
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller MGRADES. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.49. You're not tied to anything after your purchase.
