RISK MANAGEMENT

This book brings together The Open Group's set of publications addressing risk management, which have been developed and approved by The Open Group. It is presented in three parts: The Technical Standard for Risk Taxonomy Technical Guide to the Requirements for Risk Assessment Methodologies Technical Guide: FAIR - ISO/IEC 27005 Cookbook Part 1: Technical Standard for Risk Taxonomy This Part provides a standard definition and taxonomy for information security risk, as well as information regarding how to use the taxonomy. The intended audience for this Part includes anyone who needs to understand and/or analyze a risk condition. This includes, but is not limited to: Information security and risk management professionals Auditors and regulators Technology professionals Management This taxonomy is not limited to application in the information security space. It can, in fact, be applied to any risk scenario. This means the taxonomy to be used as a foundation for normalizing the results of risk analyses across varied risk domains. Part 2: Technical Guide: Requirements for Risk Assessment Methodologies This Part identifies and describes the key characteristics that make up any effective risk assessment methodology, thus providing a common set of criteria for evaluating any given risk assessment methodology against a clearly defined common set of essential requirements. In this way, it explains what features to look for when evaluating the capabilities of any given methodology, and the value those features represent. Part 3: Technical Guide: FAIR - ISO/IEC 27005 Cookbook This Part describes in detail how to apply the FAIR (Factor Analysis for Information Risk) methodology to any selected risk management framework. It uses ISO/IEC 27005 as the example risk assessment framework.