Risk Assessment Score By Impact and Threat Analysis (RASBITA) is an application to help the government and enterprise agencies obtain the risk score for all IT security incidents. In turn the department can use this to tally up the financial loss that comes with the incidents. RASBITA will help the user with resource allocation and budgeting for IT security. It is easily customized to suit your ecosystem. We have added a dashboard.
four (4) Logical Modules
a. Risk Score
This score determines the priority given to security incident.
b. Impact and threats
These will refer to the impact the threat has on the organization’s assets. The threat itself is that agent which puts the asset in harm’s way.
c. Annualized Loss expectancy (ALE): SLE*ARO
This is the frequency of loss by an organization each year. Where the risk targets a specific vulnerability. This helps to determine ALE, ACS and NRRB.
d. Cost-Benefit Analysis
This will help organizations to make better decision in allocating resources against the threat after a compromise. This also can be done before any incident to device’ Actual Cost of safeguards (ACS). The will help the cost associated with BCP/DRP.
All these four sections feed data into incident response, mitigation and remediation processes. There is a Rasbita TM dashboard as well.
Factors on Rasbita TM Dashboard:
1. The most frequent user to pull report
2. Most current report date and time
3. Number of Users
4. Most frequent threat
5. The least frequent threat
6. The cost of threat at minimum
7. The cost of threat at maximum
8. Highest and lowest ALE
9. Minimum and maximum Cost of safeguards (ACS)
10. Most frequent priority
11. NRRB- Net Risk Reduction Benefit
****Incident Response Team, SOC Team, CISO, CIO-- Security will need this tool.
http://www.lokdon.com/samples/Rasbita_Whitepaper_Fn.pdf