Risk Assessment Workflow for Recommendation Roadmaps (RAWRR)
Organizational security interventions can be heavy in terms of data collection and analysis, scattered files review, and reporting. Few organizations and projects have a clear picture of their situation, objectives and risks. Much of that can be automated, which would allow the available time to be devoted to other core organizational security activities.
The “Risk Assessment Workflow for Recommendation Roadmaps” program, which from now on we will call “RAWRR”, seeks to offer an automated solution to these documentation and analysis needs during security interventions based on the adoption of a workflow, starting with threat modeling and developing everything around the threats and vulnerabilities facing the organization. RAWRR simplifies data collection, reporting, and developing a roadmap for audits and assessments.
RAWRR has been designed to be used by auditors around the world who use the SAFETAG methodology to carry out their security interventions, but it is flexible enough to be used in security interventions by people who do not follow that methodology.