Author: – Marco Angelini, Engineering Spa–
RATING is a Risk Assessment Tool for INtegrated Governance, developed by Engineering. It is an essential tool for organisations of any size to prevent the consequences of modern cyber-attacks.
RATING will help a company’s CISO, through the organization’s processes and services, to trace a general IT security risk profile, supporting him in identifying possible threats (using MITRE ATT&CK) that could compromise the company’s assets and suggesting solutions investment to mitigate the related risks. The process is composed by 3 phases:
- Cyber Vulnerability Assessment, where the company’s Cyber Posture is traced and where the chances of being attacked are highlighted.
- Impact Scenario Evaluation, where an analysis of the impacts is provided based on the value of the assets and the estimated losses on the organisation’s assets.
Risk Modeling and Cost/Benefit Analysis where the set of assets at risk is provided and the most appropriate mitigation actions are suggested.
