What's new with the SimpleRisk 20190930-001 release?
by Josh Sokol (Creator & CEO of SimpleRisk)

At SimpleRisk, we typically focus on four major releases a year that roughly align with the end of the calendar quarter.  This quarter was no different and, at the end of September, we released the latest version of SimpleRisk live.  This release featured a wide variety of new features and functionality that I will highlight for you below.

SimpleRisk Core

One of the biggest additions with the SimpleRisk 20190930-001 release is a feature that has been requested many times by current and prospective customers.  For many years, they have been asking us for the ability to save reports in SimpleRisk.  Now, the Dynamic Risk Report has a new option just above the risk table allowing you to save selections and select saved selections.  

Saved Report Selections in SimpleRisk

In addition, we added the ability to select a Public or Private selection Type value when saving your selection.  Public selections will be made available to all users of your SimpleRisk instance.  Only you will be able to see Private saved selections.

Another feature that we've had requested many times over the years is the ability to configure a risk appetite value.  To configure your Risk Appetite value, go to the Configure -> Settings menu and you will see a new slider bar at the bottom of the page that looks like this:

Risk Appetite Configuration Slider Bar

This value will start with all of your risks outside of your risk appetite, but you can drag it to whatever your organization's appetite value is and then click the "Update" button to save the configuration.  Once you do this, we've created a new Risk Appetite Report under the Reporting menu to help you see which risks are outside your risk appetite and which risks are within your risk appetite.  

Risk Appetite Report in SimpleRisk

Pretty cool, huh?  In addition to that new saved report and risk appetite functionality, here's a few other new features that you can expect with this release:

  • We added a new one-click update system so all upgrades going forward through the SimpleRisk UI will update the application, database, and Extras in one step.
  • We added the "Mitigation Accepted" column in the Dynamic Risk Report.
  • We converted the "Site/Location" risk dropdown into a multi-select allowing for the selection of multiple locations for a risk.
  • We alphabetized the list of assets in the asset management section.
  • We added a display for how much disk space the SimpleRisk instance is using on the health check page.
  • We migrated the external reference ID CVE lookups from vFeed to https://olbat.github.io/nvdcve.

SimpleRisk Extras

The SimpleRisk Extras are the paid for functionality that extend the features of the SimpleRisk Core.  This release included several new additions to our SimpleRisk Extra arsenal:

  • In the Risk Assessment Extra we introduced a "Risk Analysis" report that summarizes all risks across all questionnaires as well as an "Analysis" section in the questionnaires that provides a summary of all of the risks introduced based on the responses in a questionnaire.  We also introduced tagging so that you can define tags to apply to the risks created when a user answers a questionnaire.  We introduced a new "Control Audit" functionality that shows whether the controls mapped to a questionnaire passed or failed the responses.  Lastly, we introduced the concept of a sub-template that can be used to add multiple sub-questions when adding logic to a questionnaire.

Risk Analysis in the SimpleRisk Risk Assessment Extra

  • In the Import-Export Extra we added support for asset groups with both the Rapid7 Nexpose and Tenable.io integrations.  

As you can see, we've had a lot of positive changes with this release and are already hard at work on the next one.  If you ever want to see what's in store for future SimpleRisk releases, check out our SimpleRisk Feature Roadmap.