FAIR practice makes perfect?
cybersecurity FAIREarly in my FAIR1 journey, i’ve completed the 3 case studies that are part of the FAIR fundamentals course. These were fun and engaging exercises to test the methodology. While understanding theory is important, which the course provides thorough explanations, hitting the case studies really helped ensure proper understanding and applicability of the methodology.
After completing them, i immediatly went on the search for more to which there doesn’t seem to be any. As CRQ2 is gathering some momentum these past few years, i can’t help to wonder why isn’t anyone building some cases to practice on. FairU is a great basic free tool to practice estimates, all is missing really is some practice scenarios for practiioners to use and learn from. If anyone knows of any test cases please share.
Also, suprising to me me the “Measuring and Managing Information Risk: A FAIR Approach” book is completly free to download. The authors are also working at a 2025 revision.