SimpleRisk
Stable release |
20170614-001
/ June 14, 2017[1] |
---|---|
Written in | PHP |
Type | Risk management system |
License | Mozilla Public License 2.0 |
Website | simplerisk.com |
SimpleRisk is an open-source risk management system released under Mozilla Public License and used for risk management activities.[2] It enables risk managers to account for risks, plan mitigation measures, facilitate management reviews, prioritize for project planning, and track periodic reviews. SimpleRisk allows risk managers to prioritize enterprise responses according to the severity of threats and vulnerabilities that could impact the business.[3]
SimpleRisk sports a dashboard for submitting a new risk for consideration by your team, for creating risk reports and graphs of risk levels and locations.[4] Highly configurable, SimpleRisk report generation is dynamic; risk formulas could be tweaked on the fly.[5]
Overview
SimpleRisk was borne out of the need to have an inexpensive system to deal with enterprise risks, including application and physical threats and vulnerabilities, malwares. To manage risks, the choice of tools for risk managers has almost always been between expensive GRC (governance, risk management, and compliance) software and cumbersome, time consuming spreadsheets.[6] Using a LAMP (Linux, Apache, MySQL, PHP) stack, Josh Sokol developed SimpleRisk based on some simplifications of the NIST 800-30 risk management framework.[7]
Hackers Mail lists SimpleRisk as one of "the best open source risk assessment tools."[8]
Reviews
- Robert Sorensen, "SimpleRisk: Enterprise Risk Management Simplified," The SANS Institute, 2014.
References
- ↑ "Downloads". SimpleRisk. Retrieved 14 June 2017.
- ↑ "BlackHat USA 2014". Black Hat. Retrieved 15 March 2016.
- ↑ "toolsmith: SimpleRisk - Enterprise Risk Management Simplified". HolisticInfoSec. Retrieved 15 March 2016.
- ↑ "Simplerisk Enterprise Risk Management Platform". HolisticInfoSec. Retrieved 16 March 2016.
- ↑ "SimpleRisk: Enterprise Risk Management Simplified". SANS. Retrieved 17 March 2016.
- ↑ "History". SimpleRisk. Retrieved 15 March 2016.
- ↑ "Enterprise Risk Management for the Masses". SecTechno. Retrieved 16 March 2016.
- ↑ "List of Best / Open Source Risk Assessment / Analysis Tool". Hackers Mail. Retrieved 15 March 2016.