Lib.rs

Simulation
#risk #governance #riskcalc

riskcalc

A library for risk analysis and Monte Carlo simulation

Owned by Volker Schwaberow.

1 unstable release

Uses new Rust 2024

new 0.1.0 May 8, 2025

#82 in Simulation

MIT license

120KB
3K SLoC

riskcalc

A modular and extensible Rust library for information security risk analysis, inspired by real-world CISO experience. It provides structures and traits for defining risk components and performing qualitative, quantitative, and FAIR-based analysis.

Features

  • Modular Core: Define fundamental risk components like Assets, Threats, Vulnerabilities, Controls, Impact, and Likelihood with clear separation of concerns.
  • Multiple Analysis Methods:
    • Qualitative Analysis: Assess risk using configurable likelihood/impact matrices defined via QualitativePolicy.
    • Quantitative Analysis: Calculate metrics like Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE).
    • FAIR Analysis: Implement the Factor Analysis of Information Risk (FAIR) methodology, including Monte Carlo simulations for loss event frequency and magnitude.
  • Policy-Based Configuration: Define QualitativePolicy to customize risk matrix logic and specify how control effectiveness levels reduce likelihood/impact.
  • CVSS Integration: Incorporate Common Vulnerability Scoring System (CVSS v3.1) scores into vulnerability analysis.
  • Control Effectiveness: Model control effectiveness using different strategies (e.g., percentage reduction, fixed levels).
  • Risk Grouping: Analyze risks individually or group them for aggregated assessment.
  • Extensibility: Utilize traits (RiskAnalyzer, ControlEffectivenessCalculator, RiskCalculator, CvssProvider) to implement custom logic and integrate alternative calculation methods.
  • Type Safety: Employs strong typing (e.g., enums for categories, rust_decimal for currency) to enhance correctness and prevent errors.
  • Robust Error Handling: Uses specific error types via thiserror for clear and manageable error reporting.

Installation

Add riskcalc to your Cargo.toml:

[dependencies]
riskcalc = { git = "https://github.com/vschwaberow/riskcalc.git" } # Or path = "path/to/riskcalc" for local dev
rust_decimal = "1.35" # Ensure compatible version
rust_decimal_macros = "1.35"

Usage & Examples

Runnable examples demonstrating the different analysis types are available in the examples/ directory.

You can run them using Cargo:

# Run the qualitative analysis example
cargo run --example qualitative_analysis

# Run the quantitative (ALE) analysis example
cargo run --example quantitative_analysis

# Run the FAIR analysis example
cargo run --example fair_analysis

(Note: The FAIR example uses Monte Carlo simulation and may take a few seconds to run depending on the number of iterations configured.)

Contributing

Contributions are welcome! Please open an issue or submit a pull request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Dependencies

~7MB
~133K SLoC