Skip to main content

Author: – Marco Angelini, Engineering Spa– 

RATING is a Risk Assessment Tool for INtegrated Governance, developed by Engineering. It is an essential tool for organisations of any size to prevent the consequences of modern cyber-attacks.

RATING will help a company’s CISO, through the organization’s processes and services, to trace a general IT security risk profile, supporting him in identifying possible threats (using MITRE ATT&CK) that could compromise the company’s assets and suggesting solutions investment to mitigate the related risks. The process is composed by 3 phases:

  1. Cyber Vulnerability Assessment, where the company’s Cyber Posture is traced and where the chances of being attacked are highlighted.
  2. Impact Scenario Evaluation, where an analysis of the impacts is provided based on the value of the assets and the estimated losses on the organisation’s assets.

Risk Modeling and Cost/Benefit Analysis where the set of assets at risk is provided and the most appropriate mitigation actions are suggested.