riskcalc
| Crates.io | riskcalc |
| lib.rs | riskcalc |
| version | 0.1.0 |
| created_at | 2025-05-08 00:51:48.480085+00 |
| updated_at | 2025-05-08 00:51:48.480085+00 |
| description | A library for risk analysis and Monte Carlo simulation |
| homepage | https://schwaberow.de |
| repository | https://github.com/vschwaberow/riskcalc |
| max_upload_size | |
| id | 1664720 |
| size | 164,299 |
Volker Schwaberow (vschwaberow)
documentation
README
riskcalc
A modular and extensible Rust library for information security risk analysis, inspired by real-world CISO experience. It provides structures and traits for defining risk components and performing qualitative, quantitative, and FAIR-based analysis.
Features
- Modular Core: Define fundamental risk components like Assets, Threats, Vulnerabilities, Controls, Impact, and Likelihood with clear separation of concerns.
- Multiple Analysis Methods:
- Qualitative Analysis: Assess risk using configurable likelihood/impact matrices defined via
QualitativePolicy. - Quantitative Analysis: Calculate metrics like Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE).
- FAIR Analysis: Implement the Factor Analysis of Information Risk (FAIR) methodology, including Monte Carlo simulations for loss event frequency and magnitude.
- Qualitative Analysis: Assess risk using configurable likelihood/impact matrices defined via
- Policy-Based Configuration: Define
QualitativePolicyto customize risk matrix logic and specify how control effectiveness levels reduce likelihood/impact. - CVSS Integration: Incorporate Common Vulnerability Scoring System (CVSS v3.1) scores into vulnerability analysis.
- Control Effectiveness: Model control effectiveness using different strategies (e.g., percentage reduction, fixed levels).
- Risk Grouping: Analyze risks individually or group them for aggregated assessment.
- Extensibility: Utilize traits (
RiskAnalyzer,ControlEffectivenessCalculator,RiskCalculator,CvssProvider) to implement custom logic and integrate alternative calculation methods. - Type Safety: Employs strong typing (e.g., enums for categories,
rust_decimalfor currency) to enhance correctness and prevent errors. - Robust Error Handling: Uses specific error types via
thiserrorfor clear and manageable error reporting.
Installation
Add riskcalc to your Cargo.toml:
[dependencies]
riskcalc = { git = "https://github.com/vschwaberow/riskcalc.git" } # Or path = "path/to/riskcalc" for local dev
rust_decimal = "1.35" # Ensure compatible version
rust_decimal_macros = "1.35"
Usage & Examples
Runnable examples demonstrating the different analysis types are available in the examples/ directory.
You can run them using Cargo:
# Run the qualitative analysis example
cargo run --example qualitative_analysis
# Run the quantitative (ALE) analysis example
cargo run --example quantitative_analysis
# Run the FAIR analysis example
cargo run --example fair_analysis
(Note: The FAIR example uses Monte Carlo simulation and may take a few seconds to run depending on the number of iterations configured.)
Contributing
Contributions are welcome! Please open an issue or submit a pull request.
License
This project is licensed under the MIT License - see the LICENSE file for details.