riskcalc

Crates.ioriskcalc
lib.rsriskcalc
version
sourcesrc
created_at2025-05-08 00:51:48.480085+00
updated_at2025-05-08 00:51:48.480085+00
descriptionA library for risk analysis and Monte Carlo simulation
homepagehttps://schwaberow.de
repositoryhttps://github.com/vschwaberow/riskcalc
max_upload_size
id1664720
Cargo.toml error:TOML parse error at line 17, column 1 | 17 | autolib = false | ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include`
size0
Volker Schwaberow (vschwaberow)

documentation

README

riskcalc

A modular and extensible Rust library for information security risk analysis, inspired by real-world CISO experience. It provides structures and traits for defining risk components and performing qualitative, quantitative, and FAIR-based analysis.

Features

  • Modular Core: Define fundamental risk components like Assets, Threats, Vulnerabilities, Controls, Impact, and Likelihood with clear separation of concerns.
  • Multiple Analysis Methods:
    • Qualitative Analysis: Assess risk using configurable likelihood/impact matrices defined via QualitativePolicy.
    • Quantitative Analysis: Calculate metrics like Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE).
    • FAIR Analysis: Implement the Factor Analysis of Information Risk (FAIR) methodology, including Monte Carlo simulations for loss event frequency and magnitude.
  • Policy-Based Configuration: Define QualitativePolicy to customize risk matrix logic and specify how control effectiveness levels reduce likelihood/impact.
  • CVSS Integration: Incorporate Common Vulnerability Scoring System (CVSS v3.1) scores into vulnerability analysis.
  • Control Effectiveness: Model control effectiveness using different strategies (e.g., percentage reduction, fixed levels).
  • Risk Grouping: Analyze risks individually or group them for aggregated assessment.
  • Extensibility: Utilize traits (RiskAnalyzer, ControlEffectivenessCalculator, RiskCalculator, CvssProvider) to implement custom logic and integrate alternative calculation methods.
  • Type Safety: Employs strong typing (e.g., enums for categories, rust_decimal for currency) to enhance correctness and prevent errors.
  • Robust Error Handling: Uses specific error types via thiserror for clear and manageable error reporting.

Installation

Add riskcalc to your Cargo.toml:

[dependencies]
riskcalc = { git = "https://github.com/vschwaberow/riskcalc.git" } # Or path = "path/to/riskcalc" for local dev
rust_decimal = "1.35" # Ensure compatible version
rust_decimal_macros = "1.35"

Usage & Examples

Runnable examples demonstrating the different analysis types are available in the examples/ directory.

You can run them using Cargo:

# Run the qualitative analysis example
cargo run --example qualitative_analysis

# Run the quantitative (ALE) analysis example
cargo run --example quantitative_analysis

# Run the FAIR analysis example
cargo run --example fair_analysis

(Note: The FAIR example uses Monte Carlo simulation and may take a few seconds to run depending on the number of iterations configured.)

Contributing

Contributions are welcome! Please open an issue or submit a pull request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Commit count: 0

cargo fmt