Open Group OGOF-101 Certification Exam Syllabus

OGOF-101 dumps PDF, Open Group OGOF-101 Braindumps, free Open FAIR 2 Foundation dumps, Open FAIR 2 Foundation dumps free downloadTo achieve the professional designation of The Open Group Open FAIR 2 Foundation from the Open Group, candidates must clear the OGOF-101 Exam with the minimum cut-off score. For those who wish to pass the Open Group Open FAIR 2 Foundation certification exam with good percentage, please take a look at the following reference document detailing what should be included in Open Group Open FAIR 2 Foundation Exam preparation.

The Open Group OGOF-101 Exam Summary, TOGAF Body of Knowledge (BOK), Sample Question Bank and Practice Exam provide the basis for the real The Open Group Certified Open FAIR 2 Foundation exam. We have designed these resources to help you get ready to take The Open Group Open FAIR 2 Foundation (OGOF-101) exam. If you have made the decision to become a certified professional, we suggest you take authorized training and prepare with our online premium Open Group Open FAIR 2 Foundation Practice Exam to achieve the best result.

Open Group OGOF-101 Exam Summary:

Exam Name The Open Group Open FAIR 2 Foundation
Exam Code OGOF-101
Exam Fee USD $395
Exam Duration 60 Minutes
Number of Questions 40
Passing Score 60%
Format Multiple Choice Questions
Schedule Exam Pearson VUE
Sample Questions Open Group Open FAIR 2 Foundation Exam Sample Questions and Answers
Practice Exam The Open Group Certified Open FAIR 2 Foundation Practice Test

Open Group Open FAIR 2 Foundation Syllabus Topics:

Topic Details
Open FAIR Body of Knowledge Overview The Candidate is able to …
- Describe the purpose of the Risk Analysis (O-RA) Standard.
- Describe the purpose of the Risk Taxonomy (O-RT) Standard.
Terminology The Candidate is able to …
- Define Open FAIR terms:
  • Action
  • Asset
  • Contact Event
  • Contact Frequency (CF)
  • Control
  • FAIR
  • Loss Event
  • Loss Event Frequency (LEF)
  • Loss Flow
  • Loss Magnitude (LM)
  • Loss Scenario
  • Primary Stakeholder
  • Probability of Action (PoA)
  • Resistance Strength (RS)
  • Risk
  • Risk Analysis
  • Risk Assessment
  • Risk Factors
  • Risk Management
  • Secondary Stakeholder
  • Threat
  • Threat Agent
  • Threat Capability (TCap)
  • Threat Community
  • Threat Event
  • Threat Event Frequency (TEF)
  • Vulnerability (Vuln)
Basic Risk Concepts The Candidate is able to …
- Briefly explain each of the five (5) components of risk assessment approaches:
  • Identify and characterize assets, threats, controls, etc.
  • Understand organizational context for analysis
  • Measurement and/or estimation of risk factors
  • Calculation of risk
  • Communication of results
- Describe “scoping” an analysis. 
- Explain the limitations of risk-related data.
- Differentiate between risk management and risk assessment.
- Differentiate between risk assessment and risk analysis.
- Explain the importance of a tightly defined taxonomy.
- Identify and order the components of the “risk management stack”.
Risk Taxonomy The Candidate is able to …
- Explain risk, how it is measured, and from which perspective.
- Identify the elements of the Open FAIR risk taxonomy.
- Describe the distribution of Open FAIR risk factors.
- Explain estimating risk:
  • Risk as resulting in loss
  • Estimation versus prediction
  • Accuracy of risk measurements
  • Probability versus possibility
  • Risk analyses as estimates based on available information
- Explain Loss Event Frequency (LEF):
  • Driving factors
  • Unit of measure
  • LEF for an event occurring once
  • Examples
- Explain Threat Event Frequency (TEF):
  • Difference between LEF and TEF
  • Driving factors
  • Types of Threat Events
  • Malicious versus non-malicious
  • Examples
  • Unit of measure
- Explain Contact Frequency (CF):
  • Difference between TEF and CF
  • Unit of measure
  • Examples
  • Types of contact:
    - Random contact
    - Regular contact
    - Intentional contact
  • Examples of types of contact
- Explain Probability of Action (PoA):
  • Three (3) factors that affect PoA:
    - Perceived value to Threat Agent
    - Perceived level of effort to Threat Agent
    - Perceived risk of detection/capture to Threat Agent
  • Unit of measure
- Explain Vulnerability (Vuln):
  • Driving factors
  • Estimating Vuln using TEF and LEF
  • Estimating Vuln using TCap and RS
  • Relative to type of force and threat vector used
- Explain Threat Capability (TCap):
  • Factors that embody TCap:
    - Time
    - Resources
    - Technological capability
  • Unit of measure
- Explain Resistance Strength (RS):
  • RS as relative to probable level of force
  • Unit of measure
- Explain Loss Magnitude (LM):
  • Unit of measure
  • LM as distribution of losses
  • Perspective from which LM is evaluated

- Explain the six (6) forms of loss and give an example of each:

  • Productivity loss:
    - Types of productivity loss
    - Lost revenue versus delayed revenue
  • Response loss
  • Replacement cost
  • Fines and judgments loss
  • Competitive advantage loss
  • Reputation loss

- Explain Primary Loss:

  • Owner
  • Forms of loss

- Explain Secondary Loss:

  • Secondary Loss as predicated upon a Primary Loss
  • Secondary stakeholders as “Secondary Threat Agents”
  • Forms of loss
  • Unit of measure used for Secondary Loss Event Frequency (SLEF)
  • Unit of measure used for Secondary Loss Magnitude (SLM)

- Explain Loss Factors:

  • Impact of Loss Factors on LM
  • Two (2) categories of Loss Factor:
    - Primary Loss Factors
    - Secondary Loss Factors
  • Four (4) Loss Factors:
    - Asset Loss Factors
    - Threat Loss Factors
    - Organizational Loss Factors
    - External Loss Factors

- Explain the two (2) Asset Loss Factors and their subcomponents:

  • Value/liability:
    - Criticality
    - Cost
    - Sensitivity
    Embarrassment/ reputation
    Competitive advantage
    Legal/regulatory
    - General
  • Volume

- Explain the three (3) Threat Loss Factors and their subcomponents.

  • Action:
    - Types of Action:
    1. Access:
    Example
    Correlation to
    Confidentiality breach
    2. Misuse:
    Example
    Correlation to
    Confidentiality breach
    3. Disclose:
    Example
    Correlation to
    Confidentiality breach
    4. Modify:
    Example
    Correlation to Integrity breach
    5. Deny access:
    Example
    Correlation to Availability breach
    - Action and relation to assigned mission of Threat Agent
  • Competence
  • Internal/external Threat Agent
  • Difference between TCap and Threat Competence

- Explain the four (4) Organizational Loss Factors and their subcomponents:

  • Timing
  • Reasonable care
  • Response:
    - Containment
    - Remediation
    - Recovery
  • Detection:
    - “Undetected Loss Events” as Threat Events until detected

- Explain the five (5) External Loss Factors:

  • External party detection
  • Legal and regulatory
  • Competitors
  • Media
  • Secondary stakeholders
Risk Measurement
The Candidate is able to …
- Explain that risk models are estimates based on available information and inaccurate models.
- Explain Accuracy, Precision, Subjectivity, and Objectivity and the differences between:
  • Accuracy and Precision
  • Subjectivity and Objectivity

- Explain Estimating:

  • Three (3) estimate elements
  • Three (3) estimate parameters
  • Accuracy and precision
  • Most likely value in a distribution
  • Specifying a distribution

- Explain Calibration:

  • Using absurd estimates
  • Decomposing the problem
  • Testing confidence using “the wheel”
  • Challenging assumptions
  • Removing personal biases and improving confidence in range accuracy

- Explain the Monte Carlo Simulation

Risk Analysis Methodology and Process The Candidate is able to …
- Explain the risk analysis methodology and process:
  • The five (5) risk analysis stages
  • Documenting assumptions
  • Documenting rationale
- Identify the components of the Loss Scenario:
  • Primary Stakeholder
  • Asset
  • Threat Agent/Community
  • Threat Event
  • Loss Event
- Explain the components of a Loss Scenario:
  • Primary Stakeholder
  • Asset
  • Threat Agent/Community:
    - Threat profiling
  • Threat Event:
    - Four (4) types of Threat Events
    - Probable versus possible Threat
    - Events
    - Threat vector
  • Loss Event:
    - Primary Loss
    - Secondary Loss
    - Unobserved “Loss Events”
- Explain limiting the scope of the Loss Scenario:
  • Multiple Threat Agents/Communities
  • Multiple observable losses
  • Multiple Asset types
- Explain Evaluating the Loss Event Frequency:
  • Choosing abstraction level:
    - Data quality and accuracy versus precision
    - Top-down approach
  • Estimating LEF:
    - Estimating LEF directly
    - Estimating LEF using TEF and Vuln
- Explain Estimating Threat Event Frequency:
  • Estimating Contact Frequency
  • Estimating Probability of Action
- Explain Estimating Vulnerability:
  • Using LEF and TEF
  • Using TCap and RS
  • TCap continuum
  • TCap for a Threat Community
  • Maximum, minimum, and most likely points on a TCap distribution
- Explain Evaluating the Loss Magnitude:
  • Estimating Primary Loss Magnitude
  • Estimate Secondary Loss:
    - Secondary Loss Event Frequency
    - Secondary Loss Magnitude
- Explain Deriving and Articulating Risk:
  • Selecting results to present
  • Presenting single number summary result
  • Characterizing and presenting distribution results
- Explain Modeling the Effect of Controls:
  • Four (4) categories of Controls
  • Effect of Loss Prevention Controls
  • Effect of Loss Mitigation Controls
  • Lack of “detective control” category
- Explain Avoidance Controls:
  • Risk factor affected
  • Example of Avoidance Control
- Explain Deterrent Controls:
  • Risk factor affected
  • Example of Deterrent Control
- Explain Vulnerability Controls:
  • Risk factor(s) affected
  • Example of Vulnerability Control
- Explain Responsive Controls:
  • Risk factor(s) affected
  • Example of Vulnerability Control
- Explain mapping Open FAIR Controls to other Security Assessment Frameworks:
  • Open FAIR and the NIST Cybersecurity Framework (NIST CSF)
- Explain putting it all together.
Risk Analysis Quality Considerations The Candidate is able to …
- Explain documenting assumptions and rationale:
  • Reasoning for documenting
  • Well-document assumptions
  • Well-documented rationale
  • Good sources of data versus poor sources of data
  • Good sources of data as being more objective
- Explain diminishing returns:
  • Diminishing returns to gathering more data
  • Diminishing returns to deeper investigation
  • Diminishing returns to estimating lower levels of the Open FAIR taxonomy
- Explain capacity for loss and tolerance for loss:
  • Difference between capacity for loss and tolerance for loss
  • Determining how an organization perceives and responds to risk
- Explain risk qualifiers:
  • Fragile qualifier
  • Unstable qualifier
  • Difference between a fragile qualifier and an unstable qualifier
  • Conveying subtle considerations using risk qualifiers
- Explain using ordinal scales for analysis:
  • Lack of tangible, economic meaning
  • Ranges spanning multiple ordinal values
  • Inability to be used in mathematical formulas
- Explain translating quantitative results into qualitative statements:
  • Communicating with decision-makers
  • Defining and using qualitative scales as approved by management
  • Challenges with qualitative scales
- Explain troubleshooting an analysis:
  • Three (3) techniques to troubleshoot an analysis or resolve disagreements:
    - Revisiting scoping to adjust assumptions
    - Leveraging Open FAIR taxonomy to adjust abstraction level
    - Performing additional analyses to compare results
Open FAIR Certification Program The Candidate is able to …
- Explain the Open FAIR Certification Program.
- Differentiate between the levels of certification.

Both Open Group and veterans who’ve earned multiple certifications maintain that the best preparation for a Open Group OGOF-101 professional certification exam is practical experience, hands-on training and practice exam. This is the most effective way to gain in-depth understanding of Open Group Open FAIR 2 Foundation concepts. When you understand techniques, it helps you retain Open Group Open FAIR 2 Foundation knowledge and recall that when needed.

No votes yet