Helping to document and monitor security interventions.
Organizational Security interventions can be heavy in terms of data gathering and analysis, reviewing scattered files and building reports. Few organizations and projects have a clear picture of their situation, goals and risks and how each changes over time with implementation of security measures. Much of that can be automatized, which would make that time be better spent on other core OrgSec activities.
As things currently stand, “data gathering, report generation and roadmap development for audits and assessments” are usually done manually and using a mixture of tools not specifically designed for that. A single tool where users can record findings in a structured way as soon as they come, and for that to ease the report generation and roadmap development, would be very useful in the field.
RAWRR (Risk Assessment Workflow for REcommendation Roadmaps) as a project will have three main areas of focus:
– A Software tool that will simplify data gathering, report generation, roadmap development for audits and assessments, help see the evolution of the organization’s or project’s risks and priorities and measure and evaluate the effect of different security measures.
– Usability testing ingrained throughout the development of the tool.
– Security evaluations for at-risk organizations, that will help both increase their security and test RAWRR.