Since late in 2016, The Open Group Security Forum has been collaborating with San Jose State University and Probability Management to develop a Risk Analysis tool that adheres to The Open Group Open FAIRTM Standard.
With a view to creating a tool that helps accelerate the adoption of the Open FAIR standard, the tool provides both experienced and novice risk practitioners with a practical and pragmatic tool to help analyze perceived risk in a consistent and simple to use way, whatever industry they work in. It is now available for our members and others to download and evaluate.
Using both Open FAIR Risk Taxonomy (O-RT) and Risk Analysis (O-RA) standards to guide critical thinking and decomposition of risk questions, it has been designed to allow its user to compare “before and after risk states” of a proposed risk mitigation project, and its outputs can easily be exported to other formats such as Microsoft Word® or PowerPoint® for reporting.
The Open FAIR Risk Analysis tool estimates and compares the risk associated with two scenarios in a simple to use, intuitive, and visual way, using Microsoft Excel®. This has a number of practical benefits to a user:
The tool is designed for international use, with the user able to select local currency units and the order of magnitude (thousands, millions, billions, etc.) relevant to the analysis. Embedded graphs are controlled through intuitive settings, letting analysts and management inspect the relevant results to a lesser or greater level of granularity as required. The tool further informs management by comparing and presenting statistical results such as the average annual loss exposure and user-defined percentile thresholds of loss and chance of exceedance of annual loss.
The tool is genuinely versatile, making it equally suitable for the university professor or corporate trainer teaching quantitative risk analysis, as well as experienced corporate risk analysts who need an easy-to-use yet accurate risk evaluator for individual risk questions.
In addition, to further support both the tool and the Open FAIR standards, The Open Group has also recently published a Risk Analysis Process Guide which offers some best practices for performing Open FAIR risk analysis, aiming to help risk analysts understand how to apply the Open FAIR risk analysis methodology. It was written for analysts who may be already familiar with the Open FAIR Body of Knowledge. But have not yet completed an analysis using it, which means the analyst would probably be familiar with both the Risk Analysis (O-RA) and Risk Taxonomy (O-RT) standards.
The Open FAIR Risk Analysis tool can be downloaded for free from here.
The Risk Analysis Process Guide, can be found here.
More information regarding The Open FAIR Standard and The Open Group work on Security and Risk can be found here.
If you are interested in Open FAIR certification, then please click here.
Additionally, if you are interested in participating in the development of the The Open Group Open FAIR standard, you can find information about joining The Open Group here.