Risk Analysis

One of the foundational areas of The Open Group Security Forum is risk analysis—specifically, quantitative risk analysis and the Open FAIR™ Body of Knowledge. Over the years, the Security Forum has updated The Open Group Risk Analysis (O-RA) Standard and The Open Group Risk Taxonomy (O-RT) Standard and published numerous supporting documents to aid both new and experienced risk analysts. Among these publications are the Open FAIR™ Risk Analysis Process Guide, the Open FAIR™ Risk Analysis Tool, and “cookbooks” demonstrating how Open FAIR fits within other risk assessment frameworks.

 

Standard

• The Open Group Risk Analysis (O-RA) Standard, Version 1.0
• The Open Group Risk Taxonomy (O-RT) Standard, Version 2.0

Note: Until all Open FAIR™ Certification Program materials have been updated, the Open FAIR Certification Exam will remain based on this previous version of the Open FAIR Body of Knowledge.

 

• The Open Group Risk Analysis (O-RA) Standard, Version 2.0.1
• The Open Group Risk Taxonomy (O-RT) Standard, Version 3.0.1

Guides

• Open FAIR – ISO/IEC 27005 Cookbook
• The Open FAIR™ - NIST Cybersecurity Framework Cookbook
• Requirements for Risk Assessment Methodologies
• Open FAIR™ Risk Analysis Process Guide, Version 1.1
• Open FAIR™ Risk Analysis Example Guide
• Open FAIR™ Tool with SIPmath™ Distributions: Guide to the Theory of Operation
• An Approach to Assessing Vendors to Lower Potential Risk of Outsourced Network Services
• A Pocket Guide to the Open FAIR Body of Knowledge
• Mathematics of the Open FAIR™ Methodology

White Papers

• An Introduction to the Open FAIR Body of Knowledge, Version 1.1
• How to Put Open FAIR™ Risk Analysis into Action
• IT Risk Management Survey Summary
• Open FAIR™ - STIX™ Integration
• Calculating Reserves for Cyber Risk: Integrating Cyber Risk with Financial Risk
• Calculating Reserves for Cyber Risk: Vetting Cyber Risk Models

Tool

• The Open FAIR™ Risk Analysis Tool Beta
• Open FAIR™ Risk Analysis Tool

Webinars

• Applying Open FAIR to Analyze Risk in a Retail Environment
• Open FAIR Certification for Risk Analysts
• The Value of Certification for Risk Analysts
• Risk and IT Security: Developing and Communicating the Infosec Value Proposition to Senior Management
• Communicating Cybersecurity Risk to Business Leaders
• Quantifying Cybersecurity Risk in $$$
• IT Risk Management: Overview of The Open Group Risk Taxonomy Standard with Jack Jones
• Overview of the Information Risk Management Process
• Using Open FAIR™ with the TOGAF® Standard for Risk Analysis in EA