Security Officers Management & Analysis Project

The Open Information Security Risk Assessment Guide

The Open Information Security Risk Assessment Guide (Guide) contains detailed information about security risk management. It discusses the management processes and explains formulas and how to use them. This Guide is an extension to the Open Information Security Risk Management Handbook (Handbook) and describes the details of the Risk Assessment Workflow as introduced in the Handbook.

The Security Officers Best Friend (SOBF) tool is the reference implementation of this Guide. The SOBF tool is written in Java and should run on most platforms.

In the current version, the Guide describes two risk analysis methodologies. These are the qualitative and the quantitative methods. There are other methods and this Guide and the SOBF tool are both not restricted to only the current two methodologies. The project is interested to learn more about other methodologies which could be explained in a later version of the Guide and implemented with the SOBF tool.

The Guide, the Handbook and the SOBF tool are projects developed by the Security Officers Management and Analysis Project ( is a swiss non-profit organisation with the main goal to run an open information security risk management project and to maintain free and open tools and documentations for security officers and other interested parties.

Feedback is work in progress and any contribution is welcome. If you are interested in helping out, then please contact the project via email at

A note about the HTML version

The HTML version is automatically transformed from the last version of the document authored in the OpenDocument Format and therefor may contain weird formatting.