<Li> only EBIOS has an open source tool to support it . </Li> <P> The Factor Analysis of Information Risk (FAIR) main document, "An Introduction to Factor Analysis of Information Risk (FAIR)", Risk Management Insight LLC, November 2006; outline that most of the methods above lack of rigorous definition of risk and its factors . FAIR is not another methodology to deal with risk management, but it complements existing methodologies . </P> <P> FAIR has had a good acceptance, mainly by The Open Group and ISACA . </P> <P> ISACA developed a methodology, called Risk IT, to address various kind of IT related risks, chiefly security related risks . It is integrated with COBIT, a general framework to manage IT . Risk IT has a broader concept of IT risk than other methodologies, it encompasses not just only the negative impact of operations and service delivery which can bring destruction or reduction of the value of the organization, but also the benefit \ value enabling risk associated to missing opportunities to use technology to enable or enhance business or the IT project management for aspects like overspending or late delivery with adverse business impact . </P>

Which of the following sources for software best applies to information systems