The Open Information Security Risk Universe (oisru) is a framework and taxonomy for describing information security risks independently of models or methods of analysing risks.
Information Security Risks are decomposed into Sources, Events and Consequences. Risk Factors for frequency and severity are included.
A PDF of the current version of the oisru is available in the repository here.
- Introduction
- How to use
- Sources of Risk
- Frequency Risk Factors
- Risk Events
- Severity Risk Factors
- Risk Consequences
We are very happy to see OISRU in use and where we can we will link to or upload examples we are made aware of.
We have presented on the OISRU and it's uses and will link to these here, as well as other sessions we are made aware of.
- Open Security Summit 2020 - OISRU by Robin Oldham, Phil Huggins & Petra Vukmirovic
- Open Security Summit 2020 - Break Out Sessions by Robin Oldham, Phil Huggins & Petra Vukmirovic
The OISRU is an open source effort and we welcome contributions and feedback. To report an error or suggest an improvement, please create an issue or create a Pull Request.
Contributors will be added to an acknowledgements table based on their contributions logged by GitHub. The list of names is sorted by the number of lines added.