| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
simplerisk [2017/10/14 01:50]
serbizadmin |
simplerisk [2020/06/13 15:10] (current)
|
| **SimpleRisk** is an open-source risk management system released under [[Mozilla Public License]] and used for [[risk management]] activities.[(BlackHat USA 2014, https://www.blackhat.com/us-14/arsenal.html#Sokol)] It enables risk managers to account for risks, plan mitigation measures, facilitate management reviews, prioritize for project planning, and track periodic reviews. '''SimpleRisk''' allows risk managers to prioritize enterprise responses according to the severity of threats and vulnerabilities that could impact the business.[(toolsmith: SimpleRisk - Enterprise Risk Management Simplified, http://holisticinfosec.blogspot.com/2014/02/toolsmith-simplerisk-enterprise-risk.html)] | **SimpleRisk** is an open-source risk management system released under [[Mozilla Public License]] and used for [[risk management]] activities.[("BlackHat USA 2014," https://www.blackhat.com/us-14/arsenal.html#Sokol)] It enables risk managers to account for risks, plan mitigation measures, facilitate management reviews, prioritize for project planning, and track periodic reviews. **SimpleRisk** allows risk managers to prioritize enterprise responses according to the severity of threats and vulnerabilities that could impact the business.[("toolsmith: SimpleRisk - Enterprise Risk Management Simplified," http://holisticinfosec.blogspot.com/2014/02/toolsmith-simplerisk-enterprise-risk.html)]\\ |
| \\ | \\ |
| **SimpleRisk** sports a dashboard for submitting a new risk for consideration by your team, for creating risk reports and graphs of risk levels and locations.<ref>{{Cite web|url = http://www.sectechno.com/simplerisk-enterprise-risk-management-platform/ |title = Simplerisk Enterprise Risk Management Platform |accessdate = 16 March 2016|publisher = HolisticInfoSec}}</ref> Highly configurable, SimpleRisk report generation is dynamic; risk formulas could be tweaked on the fly.<ref>{{Cite web|url = http://www.sans.org/reading-room/whitepapers/riskmanagement/risky-business-35287 |title = SimpleRisk: Enterprise Risk Management Simplified |accessdate = 17 March 2016|publisher = SANS}}</ref> | **SimpleRisk** sports a dashboard for submitting a new risk for consideration by your team, for creating risk reports and graphs of risk levels and locations.[("Simplerisk Enterprise Risk Management Platform," http://www.sectechno.com/simplerisk-enterprise-risk-management-platform/ )] Highly configurable, SimpleRisk report generation is dynamic; risk formulas could be tweaked on the fly.[("SimpleRisk: Enterprise Risk Management Simplified," http://www.sans.org/reading-room/whitepapers/riskmanagement/risky-business-35287)] |
| |
| == Overview== | == Overview== |
| '''SimpleRisk''' was borne out of the need to have an inexpensive system to deal with enterprise risks, including application and physical threats and vulnerabilities, malwares. To manage risks, the choice of tools for risk managers has almost always been between expensive GRC ([[governance, risk management, and compliance]]) software and cumbersome, time consuming spreadsheets.<ref>{{Cite web|url = https://www.simplerisk.it/history |title = History |accessdate = 15 March 2016|publisher = SimpleRisk}}</ref> Using a LAMP (Linux, Apache, MySQL, PHP) stack, Josh Sokol developed '''SimpleRisk''' based on some simplifications of the [[IT risk management#NIST SP 800 30 framework|NIST 800-30 risk management framework]].<ref>{{Cite web|url = http://www.webadminblog.com/index.php/2013/09/15/enterprise-risk-management-for-the-masses/|title = Enterprise Risk Management for the Masses |accessdate = 16 March 2016|publisher = SecTechno}}</ref> | **SimpleRisk** was borne out of the need to have an inexpensive system to deal with enterprise risks, including application and physical threats and vulnerabilities, malwares. To manage risks, the choice of tools for risk managers has almost always been between expensive GRC ([[governance, risk management, and compliance]]) software and cumbersome, time consuming spreadsheets.[(History, https://www.simplerisk.it/history)] Using a LAMP (Linux, Apache, MySQL, PHP) stack, Josh Sokol developed **SimpleRisk** based on some simplifications of the [[IT risk management#NIST SP 800 30 framework|NIST 800-30 risk management framework]].[("Enterprise Risk Management for the Masses," http://www.webadminblog.com/index.php/2013/09/15/enterprise-risk-management-for-the-masses/ )] |
| |
| Hackers Mail lists '''SimpleRisk''' as one of "the best open source risk assessment tools."<ref>{{Cite web|url = http://hackersmail.com/index.php/2015/09/18/list-of-best-open-source-risk-assessment-analysis-tool/ |title = List of Best / Open Source Risk Assessment / Analysis Tool|accessdate = 15 March 2016|publisher = Hackers Mail}}{{dead link|date=August 2017}}</ref> | Hackers Mail lists **SimpleRisk** as one of "the best open source risk assessment tools."[("List of Best / Open Source Risk Assessment / Analysis Tool," http://hackersmail.com/index.php/2015/09/18/list-of-best-open-source-risk-assessment-analysis-tool/ )] |
| |
| ==Reviews== | ==Reviews== |
| ==External links== | ==External links== |
| * [[http://simplerisk.it/ |Official website]] | * [[http://simplerisk.it/ |Official website]] |
| | \\ |
| | \\ |
| | ==See Also== |
| | * [[mL Risk Management System]] |
| | \\ |
| | \\ |
| |
| ~~REFNOTES~~ | ~~REFNOTES~~ |