There’s quite a bit of good information available on risk, risk management, and Information Risk Management. Some of it right here. Here are a number of resources we hope you find helpful.
Brief literature formatted for printing and viewing outside of a web browser:
- FAIR summary A quick three page summary on FAIR.
- FAIR on a page Learn about FAIR and the products we offer on one page
Sometimes we present, and it gets recorded for posterity’s sake. Here are some of the presentations we’ve given:
Risk Analysis Resources
Want to try out our FAIR framework? We make a simplified version of our Factor Analysis of Information Risk (FAIR) framework and a Basic Risk Assessment Guide available under a Creative Commons license:
- FAIR_Introduction (.pdf) A more detailed definition document on FAIR.
- The FAIR Basic Risk Assessment Guide (.pdf)
Our whitepapers on risk and the management of risk are topics we want to share and discuss, but tend to be a little too long for a weblog post:
- Improving Risk Decisions White Paper (.pdf)
- The Case for Risk-based Security(.pdf)
- Bald Tire.pdf
- To Be FAIR About It
We make new and topical content available on our weblog. Here, RMI talks about current events in Risk Management and posts snippets of our research and experiences in risk management.
These documents provide examples of the kind of reports that are possible using the FAIRLite tool and basic analyses.
The Open Group Security Forum
The Open Group forum on Security is a great place to go to meet others interested in the use of risk and the idea of Risk Management. The Open Group also has adopted FAIR as the basis for it risk management framework.
- The Open Group Security Forum
- FAIR – ISO/IEC 27005 Cookbook – This Technical Guide describes in detail how to apply the FAIR (Factor Analysis for Information Risk) methodology to any selected risk management framework. It uses ISO/IEC 27005 as the example risk assessment framework.
- Risk Taxonomy - This Risk Taxonomy Technical Standard provides a taxonomy describing the factors that drive risk – their definitions and relationships. It also provides an overview on how to use the taxonomy.