Security Officers Management & Analysis Project

The Open Information Security Risk Management Handbook

The Open Information Security Risk Management Handbook (Handbook) is a handbook which contains descriptions and explanations on how to plan, implement and manage an information security risk strategy and ISMS (Information Security Management System) activities.

The Open Information Security Risk Analysis Guide (Guide) is an integral part of this Handbook. The Guide describes the risk assessment and management process in detail. It discusses the different steps of the risk analysis process and contains the formulas to calculate risk and how to use them.

The Guide and the Handbook are both projects developed by the Security Officers Management and Analysis Project ( is a swiss non-profit organisation with the main goal to run an open information security risk management project and to maintain free and open tools and documentations for security officers and other interested parties.

This Handbook contains an introduction to risk management. You can learn about what risk is and what risk management is, why the management of risk is important and what can be done to have a risk management system in place. The Handbook discusses why to follow standards is important and how this document can help in doing so.

The Handbook contains high level informations and is intended for the upper management as for the security officer to get an overview of the topic.

If you are interested to make your hands dirty or if you want to introduce (or maintain) a risk management process in a company or an organisation, then the Open Information Security Risk Assessment Guide can help you to get all the informations needed for that.


If you are having comments or suggestions in how to make this Handbook better or what should be added or changed, then please drop us a note and tell us about your ideas. You can reach the project via email at

A note about the HTML version

The HTML version is automatically transformed from the last version of the document authored in the OpenDocument Format and therefor may contain weird formatting.