One of the main goals of the Security Officers Management and Analysis Project (SOMAP.org) is to develop and maintain Open Source Information Security Risk Management documents, tools and utilities.
It is our strong belief that risk management processes and best practices need to be developed and published in an open and free kind of way. Information Security is not a competitive issue and only freely available and cooperatively developed risk management utilities and tools can potentially lead to a better security management and to further development of the whole IT risk management field.
Our activities are concentrating on four sub-projects:
The OGRCM3 project develops and documents a methodology on how to measure and manage risk.
The ORIMOR contains a database model which is used as the basis for our own risk management framework and tool.
The ORICO Framework and Tool are the (reference) implementation of our own maturity management methodology.
The The Open Governance, Risk and Compliance Maturity Management Methodology contains an overview of the risk and compliance management process and an description on why and how to manage risk.
The Open Risk Model Repository are actually three things in one:
The The Open Risk & Compliance Framework and Tool are two projects in one.