Public organizations increasingly dependent of information technologies and communications (TICK) to achieve its goals of service. The raison d'être of PILLAR is directly related to the widespread use of electronic media, computer and online, which makes clear benefits for users; but also gives rise to certain risks that must be minimized with security measures that generate confidence in the use of such media.
PILLAR interest to all those who work with mechanized information and computer systems that the deal. if such information or services provided through it are valuable, PILLAR will allow them to know how much this value is at stake and help them to protect it.
The objectives pursued by the tool pillar are:
- Perform risk analysis according to the methodology Magerit and ISO/IEC 27005.
- Design of the plan to improve security.
PILLAR is a software application that compiles the assets of the system, its relations of interdependence and its value to the organization. Known the system, you can enter the possible threats in aspects of availability, integrity, confidentiality, authenticity and traceability, to derive the potential risks on the system.
Once known risks, you can determine a series of safeguards and estimate the residual risk. In the treatment of risk is a continuous process and recurrent in which the potección system is improving regularly to face new risks and increase confidence that the system deserves for perpetrators and users.
Ordenador personal con windows, linux o MacOSX y máquina virtual java 2.
Opcionalmente se puede usar un repositorio de tipo base de datos con acceso SQL.
Tool for monitoring continues the rule of risk and monitoring of projects to improve security.
Los resultados que se obtienen con el uso de esta herramienta son los siguientes:
- Potential impact and residual.
- Potential risk and residual.
- Map of risks.
- Plan to improve security
- The state continues monitoring risk
The advantages which the use of the tool:
- Know the risks to treat them.
- Knowing the degree of fulfilment of different profiles of security: 27002, protection of personal data, national security scheme, etc.
- Implement the methodology Magerit and ISO/IEC 27005