This website has been translated by machine translation software and has not been subsequently revised by translators. Further information at: link. Hide
the accesskey _ mod _ content
-

Tools for analysis and risk management

  • Short Name:
    PILLAR
    Summary:
    PILLAR combines TIC assets of a system with the possible threats, calculated risks and allows us to incorporate safeguards to reduce risk to acceptable residual values. This allows us to substantiate confidence in the system.

    FREE USE FOR THE AAPP ESPAÑOLAS (General, Autonomous Governments, Local and Universities).
    Target audience:
    Any Public Administration
    Agencies Responsible:
    DEFENCE MINISTRY
    National intelligence center
    National Criptologico centre
    Usage:
    Installable product
    Contact:

    https :// www.ccn-cert.cni.es/
    Option Tools. Section Pillar

    Type of Solution:
    Application
    Status of the Solution:
    Production
    Organic Area:
    State
    Technical Area:
    Security infrastructure and Identity Management
    Functional Area:
    Government and the public Sector
    License:
    License Owner
    Interoperability level:
    Technical
    Programming language:
    JAVA
    Operating system:
    MAC, Linux, Windows

    Description

    Purpose:

    Public organizations increasingly dependent of information technologies and communications (TICK) to achieve its goals of service. The raison d'être of PILLAR is directly related to the widespread use of electronic media, computer and online, which makes clear benefits for users; but also gives rise to certain risks that must be minimized with security measures that generate confidence in the use of such media.

    PILLAR interest to all those who work with mechanized information and computer systems that the deal. if such information or services provided through it are valuable, PILLAR will allow them to know how much this value is at stake and help them to protect it.

    Objective:

    The objectives pursued by the tool pillar are:

    • Perform risk analysis according to the methodology Magerit and ISO/IEC 27005.
    • Design of the plan to improve security.

    Description:

    PILLAR is a software application that compiles the assets of the system, its relations of interdependence and its value to the organization. Known the system, you can enter the possible threats in aspects of availability, integrity, confidentiality, authenticity and traceability, to derive the potential risks on the system.

    Once known risks, you can determine a series of safeguards and estimate the residual risk. In the treatment of risk is a continuous process and recurrent in which the potección system is improving regularly to face new risks and increase confidence that the system deserves for perpetrators and users.

    Requirements:

    Ordenador personal con windows, linux o MacOSX y máquina virtual java 2.
    Opcionalmente se puede usar un repositorio de tipo base de datos con acceso SQL.

    Results:

    Tool for monitoring continues the rule of risk and monitoring of projects to improve security.

    Los resultados que se obtienen con el uso de esta herramienta son los siguientes:

    • Potential impact and residual.
    • Potential risk and residual.
    • Map of risks.
    • Plan to improve security
    • The state continues monitoring risk

    Advantages:

    The advantages which the use of the tool:

    • Know the risks to treat them.
    • Knowing the degree of fulfilment of different profiles of security: 27002, protection of personal data, national security scheme, etc.
    • Implement the methodology Magerit and ISO/IEC 27005

    Subscriptions

    In this area you can register to receive notification of changes that occur in news, documents or forums associated with the settlement or the active semantic.

    - PAe subscription management

    The fields with an asterisk * are required. It must mark at least one of the subscription rushes (News, documents or forums) and indicate the email in the text field indicated for the high or low of subscription.

    Enter the email with which you want to receive notifications of the solution or the active semantic.

    *

    Enter the email to unsubscribe from the unsubscribe.
General access point
General access point
Maintainer