View on GitHub


Repository for the Open Information Security Risk Universe

Open Information Security Risk Universe

The Open Information Security Risk Universe (oisru) is a framework and taxonomy for describing information security risks independently of models or methods of analysing risks.

Information Security Risks are decomposed into Sources, Events and Consequences. Risk Factors for frequency and severity are included.

How to get the OISRU

A PDF of the current version of the oisru is available in the repository here.

Individual Sections of the OISRU


We are very happy to see OISRU in use and where we can we will link to or upload examples we are made aware of.


We have presented on the OISRU and it’s uses and will link to these here, as well as other sessions we are made aware of.

Contributing to the OISRU

The OISRU is an open source effort and we welcome contributions and feedback. To report an error or suggest an improvement, please create an issue or create a Pull Request.

Contributors will be added to an acknowledgements table based on their contributions logged by GitHub. The list of names is sorted by the number of lines added.