Quickstart
Spin up your first workspace in five minutes. Create an account, define a single business capability, attach two applications, and model a simple outage.
Riskbit works best when you seed it with real structure — but you can start with rough shapes and refine over weeks. Do not wait to have "perfect" asset data; the tool pays off immediately even with a partial inventory.
riskbit init --workspace="acme-group"
riskbit import --csv capabilities.csv
riskbit scenario run --name="ransomware-hq"
Asset taxonomy
The Riskbit data model has six layers, all user-configurable:
Locations (physical) → Infrastructure (hardware and cloud) → Applications → Foundational services (auth, network, storage) → Business capabilities → Financial streams.
Each layer can depend on any layer at or below it. Suppliers and staff attach as cross-cutting resources. Every node carries RTO, RPO, cost, and appetite fields.
Scenarios
A scenario is a triggered failure condition applied to one or more taxonomy nodes. Riskbit propagates the failure through dependencies, computes downtime and partial-availability over time, and translates into £ using your financial context.
Every scenario supports branching: if failover fires, if the supplier restores early, if reputational drag lingers. Each branch gets its own confidence interval.
Principles
Riskbit follows three rules. Transparency: every £ figure is decomposed into inputs the customer can see and change. Ranges, not points: we never output a single number without a confidence interval. Auditability: every input change is logged; every run is reproducible.
FAIR mapping
We implement the Factor Analysis of Information Risk taxonomy — Threat Event Frequency, Vulnerability, Loss Magnitude — and layer continuity-specific factors (RTO, RPO, supplier substitutability, staff availability) on top. Appendix B of the full methodology paper shows the mapping term-for-term.
ISO 22301 alignment
Riskbit's BIA module implements clauses 8.2 (Business impact analysis and risk assessment), 8.3 (Business continuity strategies and solutions), and 9.1 (Monitoring, measurement, analysis, and evaluation). Our continuity reports double as ISO 22301 evidence packs.
Integrations overview
Riskbit pulls data from three directions: technical (CMDB, vuln mgmt, EDR, cloud inventory), financial (GL, forecasting, billing), and operational (HR, ticketing, incident mgmt). All integrations are read-only unless you explicitly grant write access.
ServiceNow
Two connection modes: read-only CMDB sync (hourly), or write-back for incident correlation. OAuth 2.0 or scripted REST. See the ServiceNow store listing for the certified app.
Qualys
Pull asset groups and CVSS context into Riskbit. Vuln density becomes a Threat Event Frequency input on applicable scenarios. API token required.
Finance platforms
NetSuite, Oracle GL, Workday, Xero. Riskbit ingests revenue-stream mapping and recurring-cost data. No write-back. Daily sync.
API · Auth
Bearer tokens, scoped per-workspace. Rotate from Workspace Settings → API keys. All requests over HTTPS. Rate limit: 600 req/min.
curl https://api.riskbit.io/v1/scenarios \
-H "Authorization: Bearer $RISKBIT_TOKEN"
API · Scenarios
POST /v1/scenarios/run
{
"template": "ransomware-datacentre",
"targets": ["loc_hq", "app_orders"],
"duration_hours": 72
}
Returns a run ID. Poll /v1/runs/<id> for results, or configure a webhook.
API · Webhooks
Configure in Workspace Settings → Webhooks. Events: scenario.completed, appetite.breached, integration.error. Signed with HMAC-SHA256.
