This website has been translated by machine translation software and has not been subsequently revised by translators. Further information at: link. Hide
accesskey _ mod _ content
-

Tools for analysis and risk management

  • Short Name:
    PILLAR
    Summary:
    PILLAR combines ICT assets of a system with the possible threats, calculated risks and enable us to incorporate safeguards to reduce the risk to acceptable residual values. This allows us to base their confidence in the system.

    USO LIBRE PARA LAS AAPP ESPAÑOLAS (General, Autonómica, Local y Universidades).
    Target audience:
    Every Public Administration
    Responsible Agencies:
    MINISTRY OF DEFENCE
    National intelligence centre
    National Criptologico centre
    Usage:
    Product installable
    Contact:

    https :// www.ccn-cert.cni.es/
    By Choosing Tools Section Pillar.

    Type of Solution:
    Implementation
    State of the solution:
    Production
    Organic Área:
    State
    Technical Área:
    Security infrastructure and identity management
    Functional Área:
    Government and Public Sector
    License:
    A Proprietary Licence
    Interoperability level:
    Technical
    Programming language:
    JAVA
    Operating system:
    MAC, Linux, Windows

    Description

    Purpose:

    Public organizations increasingly dependent on information and communication technologies (ICT) to achieve its goals of service. The raison d'être of PILLAR is directly related to the widespread use of electronic media, computer and telematic means that some obvious benefits for users; but also gave rise to certain risks, which should be minimized through security measures that will generate confidence in the use of such means.

    PILLAR in the interests of all those who work with mechanized and information systems that address. If this information or services provided by it are valuable, PILLAR will allow them to know how much of this value is at stake and help them protect it.

    Objective:

    The objectives pursued by the Tool Pillar are:

    • Realizar el análisis de riesgos según la metodología Magerit e ISO/IEC 27005.
    • Design of the plan for improving security.

    Description:

    PILAR consiste en una aplicación informática que compila los activos del sistema, sus relaciones de interdependencia y su valor para la organización. Conocido el sistema, permite introducir las amenazas posibles en los aspectos de disponibilidad, integridad, confidencialidad, autenticidad y trazabilidad, para derivar los riesgos potenciales sobre el sistema.

    Una vez conocidos los riesgos, se pueden determinar una serie de salvaguardas y estimar el riesgo residual. En tratamiento del riesgo es un proceso continuo y recurrente en el que el sistema de potección se va mejorando regularmente para afrontar nuevos riesgos y aumentar la confianza que el sistema merece para los responsables y los usuarios.

    Requirements:

    Ordenador personal con windows, linux o MacOSX y máquina virtual java 2.
    Here you can use a repository of type database with access To standard SQL.

    Results:

    Herramienta para la monitorización continúa del estado de riesgo y seguimiento de proyectos de mejora de la seguridad.

    The results obtained from the use of this tool are as follows:

    • Potential impact and residuary.
    • Potential risk and vulnerability.
    • Hazard map.
    • Plan to improve the security council
    • Monitoring continues to the state of Risk

    Advantages:

    The advantages of the use of tools:

    • The knowledge of risks in order to deal with them.
    • To know the extent of compliance with different profiles: 27002 security, protection of personal data, national security, etc.
    • Implement the methodology Magerit and ISO/IEC 27005
    Subscriptions

    En esta área podrá darse de alta para recibir las notificaciones de cambios que se realicen en noticias, documentos o foros relacionados con la solución o el activo semántico.

    Los campos con asterisco * son obligatorios. Se debe marcar al menos una de las copiones de suscripción (Noticias, Documentos o Foros) e indicar el correo en el campo de texto indicado para el alta o la baja de suscripción.

    Introduzca el email con el que desea recibir las notificaciones de la solución o del activo semántico.

    *

    Puede consultar la política de protección de datos del PAe y CTT en su  legal notice

    Enter the email to unsubscribe from the subscription.
Responsible