One of the main goals of the Security Officers Management and Analysis Project (SOMAP.org) is to develop and maintain Open Source Information Security Risk Management tools and utilities. It is our strong belief that risk management processes and best practices need to be offered in an open kind of way.

Information Security is not a competitive issue and only freely available and cooperatively developed risk management utilities and tools can potentially lead to a better security management and to further development of the whole risk management field.

The Handbook contains an overview of the risk management process and an introduction on how to manage risk. It discusses the topic on a high level and the handbook is meant as the basis of the SOMAP.org's projects.

The Guide has all the informations needed to do a risk assessment. It explains the different steps of a risk assessment workflow and describes the documents and reports which are created from each step.

The Open Risk Model Repository is a central database. It contains best practices data and information concerning the handling and management of Assets, Threats, Vulnerabilities and Countermeasures. Together with the Guide, the ORIMOR builds the basis for our Risk Management (Security Officers Best Friend) Tool.

The Reporting sub-project describes the different reports from the Guide in detail and creates templates to be used from within the SOBF Tool.

The SOBF Tool is a Risk Management Tool. It is the reference implementation of the Guide and follows the Risk Assessment Workflow as described in the Guide.

The data of the Open Risk Model Repository is used as template information for the assessment. The SOBF Tool can therefore be used to manage the security risks of an environment, to maintain assets and to control countermeasures with checklists.

It is possible to export graphical reports from the SOBF tool to be used in presentations and regularly compiled statements.