In my many years of working in the field of risk management, I've come across a wide variety of ways that different organizations and people use to prioritize risks. These are commonly referred to as "Risk Scoring Methodologies". In SimpleRisk, we currently support six different risk scoring methodologies:
Anyone who has studied for the CISSP exam knows that the "textbook" definition of risk scoring is Risk = Likelihood x Impact. Typically, the Likelihood and Impact values are represented by ordinal numbers, which are mapped to some qualified value. We then use a matrix to represent the intersection of these values in order to obtain a final risk score. Some organizations will use a 3x3 matrix. Some may use a 10x10. Here at SimpleRisk, we've seen just about every combination you could imagine in-between, but the most common scenario is a matrix with five Likelihood values and five Impact
On November 23, 2020, SimpleRisk went live with our Q4 2020 release. This release primarily focused on fixing a number of bugs found in various places in the SimpleRisk Core and SimpleRisk Extras.
The 20201106-001 release of SimpleRisk was purely a bug fix release. We discovered a critical issue introduced in the 20201005-001 release which impacted all new file uploads of a non-text file. This included files like Word Documents, Excel Spreadsheets, and Adobe PDFs. While this release fixes the underlying issue which causes these bad file uploads, we have a follow-up release planned which will help to better identify them.
In 2014, the NIST Cybersecurity Framework (CSF) took the world by storm, aiming to help organizations to improve their ability to prevent, detect and respond to cyber attacks. It has been translated to many languages and is used by the governments of the United States, Japan, Israel, among many others. The Trends in Security Framework Adoption Survey, conducted in 2016, reported that 70% of the 300 surveyed organizations view NIST's framework as a security best practice, but, that same survey also found that 50% of
When I released the original free and open source version of SimpleRisk back in March 2013, I can honestly say that I had no idea it would become what it is today. I was simply tasked with starting a risk management program for National Instruments and they couldn't prioritize purchasing a GRC solution, so I ended up putting some of my secure coding skills to use. In its initial iteration, SimpleRisk was nothing more than a page to submit a risk, a page to edit risks, and a page to view all of the risks submitted. Just a simple risk registry.
This past weekend, we released the SimpleRisk 20180301-001 version of SimpleRisk. Much of our effort on this release was spent with a major enhancement to the Risk Assessment Extra. This Extra turns SimpleRisk into a fully functional internal and vendor risk assessment tool. It provides you with the ability to create a database of questions, add them to a questionnaire, send that questionnaire to one or more contacts, collect the results, and push resulting risks into SimpleRisk. Future iterations of this Extra will also provide you with the ability to add logic to questionnaires and co
At SimpleRisk, we typically focus on four major releases a year that roughly align with the end of the calendar quarter. This quarter was no different and, at the end of June, we released the latest version of SimpleRisk live. This release featured a wide variety of new features and functionality that I will highlight for you below.
At SimpleRisk, we typically focus on four major releases a year that roughly align with the end of the calendar quarter. This quarter was no different and, at the end of September, we released the latest version of SimpleRisk live. This release featured a wide variety of new features and functionality that I will highlight for you below.