Welcome to Meharipedia.org. This site is focused on the risk management methods based on the Mehari risk model.
The objectives of Meharipedia are:
- To facilitate the exchange of experiences and ideas in the domain of information security and risk management;
- To share knowledge between the practitioners of the method;
- To provide synthetic views on the state of the art and related techniques;
- To contribute to the creation and diffusion of the Mehari tools.
MEHARI is an integrated and achieved methodology for the assessment and management of risks associated to information and its treatment.
MEHARI is developed and updated since 1996 by CLUSIF and CLUSIQ.
MEHARI is compliant to the guidelines set by ISO 27005:2011 standard, itself aligned on ISO 31000, and allows the seamless integration of risk into an ISO 27001:2013 ISMS process, thanks to management involvement and awareness of the users, actors and operation managers.
Following the risk assessment, MEHARI proposes additional management directions and security measures and plans, thus creating the basis for coherent information security policies
MEHARI est une marque déposée du CLUSIF