Impact Calculator Service v1.23

The engine that sees risk
in the dependency network

Impact Calculator analyzes the dependency network topology of your ICT assets and propagates risk algorithmically. This is not a 5×5 matrix — it is a mathematical model with ML prediction.

Request engine demo Architecture →

Problem

Traditional GRC tools use a static probability × impact matrix. They don't see:

  • Cascading threat propagation through the dependency network
  • Cyclic dependencies (SCC) and critical transit nodes
  • Impact of network topology on individual asset risk
  • Trends — no prediction based on historical data

RISKBOW Solution

Impact Calculator Service — a specialized microservice with a 5-stage calculation algorithm:

  • Threat propagation through dependency graph (geometric mean + critical path)
  • 4 graph algorithms: Tarjan SCC, Brandes, Bron-Kerbosch, entropy
  • ML Pipeline (RandomForest) for risk_rating and risk_tolerance prediction
  • Event-driven recalculation in <30s + CRON backup every 30 min

Impact Calculator Architecture

8 REST endpoint groups, OAuth 2.0 + JWT + RBAC, rule versioning with pre-deployment simulation.

API REST (Flask 3.1+)

/v1/rules Calculation rules
/v1/assessments KPI assessments
/v1/facts Facts / events
/v1/models ML models
/v1/tasks Scheduler
/v1/sccs Strongly connected
/v1/cliques Graph cliques
/v1/dicts Dictionaries

Graph analysis

  • SCC Tarjan — dependency cycles
  • CLQ Bron-Kerbosch — cliques
  • BTW Brandes — centrality
  • ENT Structural entropy
  • SRI Structural Risk Index

ML Pipeline

  • RF RandomForest risk_rating
  • RF RandomForest tolerance
  • DT DataTrainer (historyczne)
  • RT RuleTrainer (eksperci)
  • ET ExampleTrainer (fixtures)

7 Risk Event Types

Each event type has a dedicated risk_rating calculation algorithm. The system automatically reacts to changes.

event.vulnerability
Vulnerabilities
Range: 0–580
Critical × exploitable, CVSS, percentage
event.problem
Incidents
Range: 1–100
Impact 1–4, descending scale
event.problem_dora
DORA Problems
Range: 10–200
Elevated regulatory weight
event.cis
CIS Compliance
Range: 0–500
Percentage compliance score
event.missing_am
Missing Asset Mgmt
Constant: 10
event.no_vendor_support
No Vendor Support
Constant: 10
event.missing_sm
Missing Service Mgmt
Constant: 10
Extensible
Add your own event types

Want to see the engine in action?

Schedule a demo and see how threat propagation works on your ICT dependency network.

Request demo