OpenDEEM - Open Dynamic Efficiency Evaluation Methodology

  • Status: Transition into Fedora Security Lab with ​Fedora 21 or ​Fedora 22
  • Creator: Marcel Reifenberger
  • Licence: ​CC BY-ND 4.0

OpenDEEM is a Method and Metric to calculate the financial value/risk of a project or any activity where financial risks are involved. It is mainly driven by eight different properties and several sub-calculations.

The primary target is to quantify the efficiency of non-measurable elements as well as to parse them into a calculated outcome. The efficiency result will be called act impact (AI).

The secondary target is to identify the maximum justified investment limit.

OpenDEEM will also point out unused potentials, cumulated impacts, investment performances and buffers. The possibility to point out whether an investment is covered is also given.

The calculated outcome via OpenDEEM is defined by using the average costs of former company investments multiplied with the average value of ‘AIs’ which cause real costs (avc).

Static investment ranges for identic items are preconditioned in this calculation. This extrapolation can be used to legitimate investments and will minimize the IT driven business impact.

The act impact itself is a reduction parameter, which quantifies a specific actions used to reduce the IT specific business impact. The investment buffer is an additional way to show whether the investments are also well planned from cost saving perspective. The AI can be also used as a benchmark to legitimate how useful an investment - in comparison to all former taken investments - is.

## OpenDEEM Properties

  • The action target factor will categorize the effort-impact-allocation per deed.
  • The criticality rating identifies the criticality per deed.
  • The expansion range will rate the expansion of the deed over the entire company.
  • The primary skill rating will be used as a classification of different business units. This rating is dynamic and must be checked each time before using the matrix.
  • Another quantification count is the concept improvement ratio. This ratio will rate how passable the deed- in relation to the existing environment - is.
  • The business requirement ratio is used to specify which business requirement level the deed will reach.
  • The trustworthiness factor is defined to identify how reliable the deed is.
  • The refunding factor will categorize whether consequential costs or economics will be followed by the specific deed.
  • By using a graphic OpenDEEM will also show the results from an overall perspective. If the green line is on a lower level than the red one, the investment is covered as well as positive and there will be a unused potential. If the green line is upon the red one, the costs are higher than the maximum justified investment limit.

## Evaluate your vision

With OpenDEEM you have the ability to compare the costs of an investment to its real value for the company. Let us assume an investment of USD 10,000 was only worth USD 5,500 – through OpenDEEM that would come up before spending the money.

## Areas of implementation

May you ask yourself - where is my value add? OpenDEEM is totally dynamic! The areas of implementation are only bordered by your imagination. See for yourself some examples:

As a control instrument within the PDCA...

...or more detailed as a control factor in the space of your business continuity management processes (BSI 100-4).

Furthermore as a deviation ratio of your investments...

...or just to rate which deed will be the most efficient one to improve your security level e.g. according to ​OSSTMM RAV.

Take this chance!