EAR  >  tools

EAR / tools Environment for the Analysis of Risk

PILAR - Risk Analysis and Management

To treat risk you use

• safeguards (or countermeasures)
• security policies
• security procedures

assessing residual risk over various stages of treatment.

Business Impact Analysis and Continuity of Operations

To treat risk you use

• safeguards (or countermeasures)
• backup elements
• disaster recovery plans

assessing residual risk over various stages of treatment.

RMAT (Risk Management Additional Tools) -
Customization tools

EVL - Security profiles

Criteria for security evaluation / certification / accreditation that are specific for a sector or a standard.
E.g. personal data protection laws and regulations.

TSV - Threat profiles

Establishing standard vulnerability values for threats against assets.
That is, adapting to an scenario of system deployment.

KB - Additional protections

It details specific instructions for the administrators, on specific asset types.

RMAT provides the means to generate and maintain customised profiles that can be dynamically added to the analysis tools as easily as copying them in the library directory.

Customisation tools are not intended for final users, but rather for consultants and big organisations.

BLANCA - Library Management

• classes of assets
• typical threats
• standard safeguards
• standard items for policies
• standard procedures

altogether with the nowledge of how good is a safeguard against a threat (in order to make recommendations, and estimate a residual risk value).

The existence of a standard library has a number of benefits:

to the final user:

that may focus on his problem: to identify and valuate the assets, threats, and safeguards

to the reader of risk reports:

that uses a standard terminology, and may easily compare different risk analysis

to the aditor:

that reads the risk reports using a standard terminology

Library management tools are not intended for final users, and are not distributed regularly.