Risk Analysis

One of the foundational areas of The Open Group Security Forum is risk analysis—specifically, quantitative risk analysis and the Open FAIR™ Body of Knowledge. Over the years, the Security Forum has updated The Open Group Risk Analysis (O-RA) Standard and The Open Group Risk Taxonomy (O-RT) Standard and published numerous supporting documents to aid both new and experienced risk analysts. Among these publications are the Open FAIR™ Risk Analysis Process Guide, the Open FAIR™ Risk Analysis Tool, and “cookbooks” demonstrating how Open FAIR fits within other risk assessment frameworks.

Standard

• Open FAIR Body of Knowledge Version 1.0

• The Open Group Risk Analysis (O-RA) Standard, Version 1.0
• The Open Group Risk Taxonomy (O-RT) Standard, Version 2.0

• Open FAIR Body of Knowledge Version 2.0

• The Open Group Risk Analysis (O-RA) Standard, Version 2.0.1
• The Open Group Risk Taxonomy (O-RT) Standard, Version 3.0.1

Guides

• Open FAIR – ISO/IEC 27005 Cookbook
• The Open FAIR™ - NIST Cybersecurity Framework Cookbook
• Requirements for Risk Assessment Methodologies
• Open FAIR™ Risk Analysis Process Guide, Version 1.1
• Open FAIR™ Risk Analysis Example Guide
• Open FAIR™ Tool with SIPmath™ Distributions: Guide to the Theory of Operation
• An Approach to Assessing Vendors to Lower Potential Risk of Outsourced Network Services
• A Pocket Guide to the Open FAIR Body of Knowledge, Version 2.0

White Papers

• An Introduction to the Open FAIR Body of Knowledge, Version 1.1
• How to Put Open FAIR™ Risk Analysis into Action
• IT Risk Management Survey Summary †
• Open FAIR™ - STIX™ Integration
• Calculating Reserves for Cyber Risk: Integrating Cyber Risk with Financial Risk
• Calculating Reserves for Cyber Risk: Vetting Cyber Risk Models
• Calculating Reserves for Cyber Risk: Using Calibrated Estimates for VaR and CVaR Calculations with Open FAIR™ Risk Analysis
• Using Quantitative Analysis with System Threat Modeling: Adopting Open FAIR™ Analysis with Threat Modeling to Maximize Return on Security Investment

Tool

• The Open FAIR™ Risk Analysis Tool Beta
• Open FAIR™ Risk Analysis Tool

Webinars

• Applying Open FAIR to Analyze Risk in a Retail Environment
• Open FAIR Certification for Risk Analysts
• The Value of Certification for Risk Analysts
• Risk and IT Security: Developing and Communicating the Infosec Value Proposition to Senior Management
• Communicating Cybersecurity Risk to Business Leaders
• Quantifying Cybersecurity Risk in $$$
• IT Risk Management: Overview of The Open Group Risk Taxonomy Standard with Jack Jones
• Overview of the Information Risk Management Process
• Using Open FAIR™ with the TOGAF® Standard for Risk Analysis in EA

† denotes a document that has been retired, meaning that the contents are historical and are unlikely to inform future work.

Return to Security Forum