senaduka/old-riskletpy
1
0
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

updated get top risks prompt

Browse Source
This commit is contained in:
Amir
2025-09-29 14:07:15 +02:00
parent 98f5801bad
commit d2ff9690a1
14 changed files with 202 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
backend/core/utils.py
View File

@@ -13,7 +13,7 @@ from django.contrib.staticfiles.finders import find
import matplotlib.image as mpimg
site_domain = settings.SITE_DOMAIN
import random
import re
def extract_organization_details(organization):
@@ -51,26 +51,84 @@ def get_top_risk(organization):
organization_details = extract_organization_details(organization)
prompt = f"""
You are an AI risk assessor. Based on the following company details and list of known risks,
identify the 10 most critical risks for this company. Respond only with risk IDs.
You are an expert cybersecurity risk analyst. Your task is to identify
the top 10 most critical cybersecurity risks for a client based on
their specific company profile and a comprehensive risk catalog. Your
analysis must be logical, evidence-based, and directly tied to the
client's details.
Company Details:
{organization_details}
Methodology:
List of Risks:
{risk_list}
Analyze the Company Profile: Carefully review all details provided
about the company, including its industry, size (revenue and
employees), IT dependency, regulatory requirements, and operational
characteristics (e.g., remote work, third-party vendors, internal
development).
Provide only the 10 most critical risk IDs in a simple comma-separated format, e.g "1,3,7,12,..."
Evaluate the Risk Catalog: Review the provided list of known risks.
Map Profile to Risks: Correlate specific details from the company
profile to the risks in the catalog. For example:
A company in the Financial sector subject to GDPR is highly
susceptible to "Privacy Regulation Violation" (Risk ID 61).
A company with significant "Internal Software Development" is more
vulnerable to "CI/CD Pipeline Compromise" (Risk ID 30) and "Source
Code Exposure" (Risk ID 9).
High dependency on a "Cloud Provider" increases the criticality of
"Cloud Provider Service Outage" (Risk ID 20).
Prioritize by Impact: Determine the most critical risks by assessing
the potential impact (financial, operational, reputational, and
regulatory) on this specific company. A risk is critical if it poses a
severe threat to the company's core operations, data, or compliance
standing.
Final Selection: Select the 10 risks with the highest criticality and
provide a clear, concise justification for each choice.
Company Details:
{organization_details}
List of Risks:
{risk_list}
Required Output Format:
Provide your response as a numbered list from 1 to 10. For each item,
include the Risk ID, the Risk Name, and a brief, one-sentence
justification that links a specific company detail to why that risk is
critical.
Example:
Risk ID 18 (Ransomware Infection): Critical due to the company's high
IT dependency and the severe operational and financial impact a
ransomware event would cause.
Risk ID 61 (Privacy Regulation Violation): Critical because the
company operates under GDPR, making any breach of personal data a
significant legal and financial liability.
"""
response = client.chat.completions.create(
model="gpt-4o-mini",
messages=[{"role": "system", "content": prompt}]
)
risk_ids = response.choices[0].message.content.strip().split(",")
return [int(risk_id) for risk_id in risk_ids if risk_id.isdigit()]
content = response.choices[0].message.content.strip()
matches = re.findall(
r'Risk ID\s*(\d+)\s*\((.*?)\)\*\*:\s*(.+?)(?=\n\d+\.|\Z)', content, re.DOTALL
)
results = []
for risk_id, risk_name, explanation in matches:
results.append({
"risk_id": int(risk_id),
"risk_name": risk_name.strip(),
"explanation": explanation.strip()
})
return results
def get_controls_for_risk(risk, organization):
client = OpenAI(api_key=settings.OPENAI_API_KEY)