Resources

There’s quite a bit of good information available on risk, risk management, and Information Risk Management. Some of it right here. Here are a number of resources we hope you find helpful.

General Information

Brief literature formatted for printing and viewing outside of a web browser:

Presentations

Sometimes we present, and it gets recorded for posterity’s sake. Here are some of the presentations we’ve given:

Risk Evolution (Slides) (with/Audio – webex.com)
Visibility Analysis (with/Audio – webex)

Risk Analysis Resources

Want to try out our FAIR framework? We make a simplified version of our Factor Analysis of Information Risk (FAIR) framework and a Basic Risk Assessment Guide available under a Creative Commons license:

White Papers

Our whitepapers on risk and the management of risk are topics we want to share and discuss, but tend to be a little too long for a weblog post:

RiskAnalys.is Weblog

We make new and topical content available on our weblog. Here, RMI talks about current events in Risk Management and posts snippets of our research and experiences in risk management.

http://www.riskanalys.is

Example Reports

These documents provide examples of the kind of reports that are possible using the FAIRLite tool and basic analyses.

The Open Group Security Forum

The Open Group forum on Security is a great place to go to meet others interested in the use of risk and the idea of Risk Management. The Open Group also has adopted FAIR as the basis for it risk management framework.

The Open Group Security Forum
FAIR – ISO/IEC 27005 Cookbook - This Technical Guide describes in detail how to apply the FAIR (Factor Analysis for Information Risk) methodology to any selected risk management framework. It uses ISO/IEC 27005 as the example risk assessment framework.
Risk Taxonomy - This Risk Taxonomy Technical Standard provides a taxonomy describing the factors that drive risk – their definitions and relationships. It also provides an overview on how to use the taxonomy.