This website has been translated by machine translation software and has not been subsequently revised by translators. Further information at: link. Hide
the accesskey _ mod _ content
-

Tools for analysis and risk management

  • Short Name:
    PILLAR
    Summary:
    PILLAR combines TIC assets of a system with the possible threats, calculated risks and allows us to incorporate safeguards to reduce risk to acceptable residual values. This allows us to substantiate confidence in the system.

    FREE USE FOR THE AAPP ESPAÑOLAS (General, Autonomous Governments, Local and Universities).
    Target audience:
    Any Public Administration
    Agencies Responsible:
    DEFENCE MINISTRY
    National intelligence center
    National Criptologico centre
    Usage:
    Installable product
    Contact:

    https :// www.ccn-cert.cni.es/
    Option Tools. Section Pillar

    Type of Solution:
    Application
    Status of the Solution:
    Production
    Organic Area:
    State
    Technical Area:
    Security infrastructure and Identity Management
    Functional Area:
    Government and the public Sector
    License:
    License Owner
    Interoperability level:
    Technical
    Programming language:
    JAVA
    Operating system:
    MAC, Linux, Windows

    Description

    Purpose:

    Public organizations increasingly dependent of information technologies and communications (TICK) to achieve its goals of service. The raison d'être of PILLAR is directly related to the widespread use of electronic media, computer and online, which makes clear benefits for users; but also gives rise to certain risks that must be minimized with security measures that generate confidence in the use of such media.

    PILLAR interest to all those who work with mechanized information and computer systems that the deal. if such information or services provided through it are valuable, PILLAR will allow them to know how much this value is at stake and help them to protect it.

    Objective:

    The objectives pursued by the tool pillar are:

    • Perform risk analysis according to the methodology Magerit and ISO/IEC 27005.
    • Design of the plan to improve security.

    Description:

    PILAR consiste en una aplicación informática que compila los activos del sistema, sus relaciones de interdependencia y su valor para la organización. Conocido el sistema, permite introducir las amenazas posibles en los aspectos de disponibilidad, integridad, confidencialidad, autenticidad y trazabilidad, para derivar los riesgos potenciales sobre el sistema.

    Once known risks, you can determine a series of safeguards and estimate the residual risk. In the treatment of risk is a continuous process and recurrent in which the potección system is improving regularly to face new risks and increase confidence that the system deserves for perpetrators and users.

    Requirements:

    Personal computer with windows, linux or MacOSX and virtual machine java 2.
    Optionally you can use a repository of type database with access SQL.

    Results:

    Tool for monitoring continues the rule of risk and monitoring of projects to improve security.

    The results obtained from the use of this tool are as follows:

    • Potential impact and residual.
    • Potential risk and residual.
    • Map of risks.
    • Plan to improve security
    • The state continues monitoring risk

    Advantages:

    The advantages which the use of the tool:

    • Know the risks to treat them.
    • Conocer el grado de cumplimiento de diferentes perfiles de seguridad: 27002, protección de datos de carácter personal, esquema nacional de seguridad, etc.
    • Implement the methodology Magerit and ISO/IEC 27005
    Subscriptions

    In this area you can register to receive notification of changes that occur in news, documents or forums associated with the settlement or the active semantic.

    The fields with an asterisk * are required. It must mark at least one of the subscription rushes (News, documents or forums) and indicate the email in the text field indicated for the high or low of subscription.

    Enter the email with which you want to receive notifications of the solution or the active semantic.

    *

    You can consult the data protection policy of PAe and CTT in its legal notice

    Enter the email to unsubscribe from the unsubscribe.
General access point
General access point
Maintainer