This website has been translated by machine translation software and has not been subsequently revised by translators. Further information at: link. Hide
the accesskey _ mod _ content

Tools for analysis and risk management

  • Short Name:
    PILLAR combines TIC assets of a system with the possible threats, calculated risks and allows us to incorporate safeguards to reduce risk to acceptable residual values. This allows us to substantiate confidence in the system.

    FREE USE FOR THE AAPP ESPAÑOLAS (General, Autonomous Governments, Local and Universities).
    Target audience:
    Any Public Administration
    Agencies Responsible:
    National intelligence center
    National Criptologico centre
    Installable product

    https ://
    Option Tools. Section Pillar

    Type of Solution:
    Status of the Solution:
    Organic Area:
    Technical Area:
    Security infrastructure and Identity Management
    Functional Area:
    Government and the public Sector
    License Owner
    Interoperability level:
    Programming language:
    Operating system:
    MAC, Linux, Windows



    Public organizations increasingly dependent of information technologies and communications (TICK) to achieve its goals of service. The raison d'être of PILLAR is directly related to the widespread use of electronic media, computer and online, which makes clear benefits for users; but also gives rise to certain risks that must be minimized with security measures that generate confidence in the use of such media.

    PILAR interesa a todos aquellos que trabajan con información mecanizada y los sistemas informáticos que la tratan. Si dicha información o los servicios que se prestan gracias a ella son valiosos, PILAR les permitirá saber cuánto de este valor está en juego y les ayudará a protegerlo.


    The objectives pursued by the tool pillar are:

    • Perform risk analysis according to the methodology Magerit and ISO/IEC 27005.
    • Design of the plan to improve security.


    PILLAR is a software application that compiles the assets of the system, its relations of interdependence and its value to the organization. Known the system, you can enter the possible threats in aspects of availability, integrity, confidentiality, authenticity and traceability, to derive the potential risks on the system.

    Once known risks, you can determine a series of safeguards and estimate the residual risk. In the treatment of risk is a continuous process and recurrent in which the potección system is improving regularly to face new risks and increase confidence that the system deserves for perpetrators and users.


    Ordenador personal con windows, linux o MacOSX y máquina virtual java 2.
    Opcionalmente se puede usar un repositorio de tipo base de datos con acceso SQL.


    Tool for monitoring continues the rule of risk and monitoring of projects to improve security.

    Los resultados que se obtienen con el uso de esta herramienta son los siguientes:

    • Potential impact and residual.
    • Potential risk and residual.
    • Map of risks.
    • Plan to improve security
    • The state continues monitoring risk


    The advantages which the use of the tool:

    • Know the risks to treat them.
    • Conocer el grado de cumplimiento de diferentes perfiles de seguridad: 27002, protección de datos de carácter personal, esquema nacional de seguridad, etc.
    • Implement the methodology Magerit and ISO/IEC 27005

    In this area you can register to receive notification of changes that occur in news, documents or forums associated with the settlement or the active semantic.

    Los campos con asterisco * son obligatorios. Se debe marcar al menos una de las copiones de suscripción (Noticias, Documentos o Foros) e indicar el correo en el campo de texto indicado para el alta o la baja de suscripción.

    Introduzca el email con el que desea recibir las notificaciones de la solución o del activo semántico.


    Puede consultar la política de protección de datos del PAe y CTT en su  legal notice

    Enter the email to unsubscribe from the unsubscribe.
General access point
General access point