MEHARI (MEthod for Harmonized Analysis of RIsk) is a free, open-source information risk analysis assessment and risk management method, for the use of information security professionals.
MEHARI enables business managers, information security/risk management professionals and other stakeholders to evaluate and manage the organization's risks relating to information, information systems and information processes (not just IT). It is designed to align with and support information security risk management according to ISO/IEC 27005, particularly in the context of an ISO/IEC 27001-compliant Information Security Management System (ISMS) or a similar overarching security management or governance framework.