One of the foundational areas of The Open Group Security Forum is risk analysis—specifically, quantitative risk analysis and the Open FAIR™ Body of Knowledge. Over the years, the Security Forum has updated The Open Group Risk Analysis (O-RA) Standard and The Open Group Risk Taxonomy (O-RT) Standard and published numerous supporting documents to aid both new and experienced risk analysts. Among these publications are the Open FAIR™ Risk Analysis Process Guide, the Open FAIR™ Risk Analysis Tool, and “cookbooks” demonstrating how Open FAIR fits within other risk assessment frameworks.
Standard
-
Open FAIR Body of Knowledge Version 1.0
- The Open Group Risk Analysis (O-RA) Standard, Version 1.0
- The Open Group Risk Taxonomy (O-RT) Standard, Version 2.0
-
Open FAIR Body of Knowledge Version 2.0
- The Open Group Risk Analysis (O-RA) Standard, Version 2.0.1
- The Open Group Risk Taxonomy (O-RT) Standard, Version 3.0.1
Guides
- Open FAIR – ISO/IEC 27005 Cookbook
- The Open FAIR™ - NIST Cybersecurity Framework Cookbook
- Requirements for Risk Assessment Methodologies
- Open FAIR™ Risk Analysis Process Guide, Version 1.1
- Open FAIR™ Risk Analysis Example Guide
- Open FAIR™ Tool with SIPmath™ Distributions: Guide to the Theory of Operation
- An Approach to Assessing Vendors to Lower Potential Risk of Outsourced Network Services
- A Pocket Guide to the Open FAIR Body of Knowledge
White Papers
- An Introduction to the Open FAIR Body of Knowledge, Version 1.1
- How to Put Open FAIR™ Risk Analysis into Action
- IT Risk Management Survey Summary †
- Open FAIR™ - STIX™ Integration
- Calculating Reserves for Cyber Risk: Integrating Cyber Risk with Financial Risk
- Calculating Reserves for Cyber Risk: Vetting Cyber Risk Models
- Calculating Reserves for Cyber Risk: Using Calibrated Estimates for VaR and CVaR Calculations with Open FAIR™ Risk Analysis
- Using Quantitative Analysis with System Threat Modeling: Adopting Open FAIR™ Analysis with Threat Modeling to Maximize Return on Security Investment
Tool
Webinars
- Applying Open FAIR to Analyze Risk in a Retail Environment
- Open FAIR Certification for Risk Analysts
- The Value of Certification for Risk Analysts
- Risk and IT Security: Developing and Communicating the Infosec Value Proposition to Senior Management
- Communicating Cybersecurity Risk to Business Leaders
- Quantifying Cybersecurity Risk in $$$
- IT Risk Management: Overview of The Open Group Risk Taxonomy Standard with Jack Jones
- Overview of the Information Risk Management Process
- Using Open FAIR™ with the TOGAF® Standard for Risk Analysis in EA
† denotes a document that has been retired, meaning that the contents are historical and are unlikely to inform future work.