RiskAudit – AI Cybersecurity Risk Assessment Platform

RiskAudit is a cybersecurity risk assessment platform built for organizations that need to evaluate their security posture against Saudi Arabia's NCA Essential Cybersecurity Controls (ECC 2-2024) framework. The platform walks users through a structured questionnaire covering six security domains: Governance & Risk Management, Identity & Access Management, Data Protection, System & Network Protection, Monitoring & Detection, and Awareness & Third-Party Security. Each question carries a risk weight, and the system calculates domain-level and overall risk scores using a weighted scoring algorithm. Once the assessment is complete, the platform sends the results to an AI engine powered by GPT-4.1, which generates a detailed executive report. This report includes a risk summary, top five identified risks, remediation plans broken into short-term, medium-term, and long-term actions, ECC gap mapping across all six domains, and a risk matrix summary. Users can view results through an interactive dashboard featuring risk score gauges, domain breakdowns, and toggleable 3x3 or 4x4 risk matrices. The executive report can be exported as a multi-page PDF with charts and visual summaries. The backend runs on Node.js with Express and MongoDB, handling assessment storage and AI report generation. The frontend is built with React, Redux for state persistence, and Tailwind CSS for a clean, responsive interface with smooth animations.