|
PILAR Basic Risk Analysis
and Management Help Files version
2024.1 February, 2024 |
1 First screen.................................................................................................................................. 4
1.1 License............................................................................................................................................... 4
2 Edit / Options.............................................................................................................................. 5
2.1 Options – Likelihood..................................................................................................................... 5
2.2 Options – Effects............................................................................................................................ 6
2.3 Options – Maturity........................................................................................................................ 6
2.4 Options – Special phases............................................................................................................... 6
2.5 Options – ROLL................................................................................................................................ 6
2.6 Deprecated options....................................................................................................................... 6
2.6.1 Options - Authenticity............................................................................................................ 7
2.6.2 Options - Accountability........................................................................................................ 7
3 Reports............................................................................................................................................ 8
3.1 From template................................................................................................................................. 8
3.2 Textual reports.............................................................................................................................. 8
4 Perimeters.................................................................................................................................... 9
5 OK, Cancel, Help....................................................................................................................... 10
6 Main control panel............................................................................................................. 11
6.1 Basic controls.............................................................................................................................. 11
6.2 Project controls.......................................................................................................................... 12
7 Project.......................................................................................................................................... 13
7.1 Project data.................................................................................................................................. 13
7.2 Security domains.......................................................................................................................... 14
7.2.1 Edition..................................................................................................................................... 15
7.2.2 Removal................................................................................................................................... 16
7.3 Project phases............................................................................................................................... 16
7.3.1 Combination and removal of phases............................................................................... 18
7.3.2 Edit one phase....................................................................................................................... 18
7.4 Risk Treatment............................................................................................................................. 19
8 Risk analysis............................................................................................................................. 22
8.1 Assets / Identification............................................................................................................... 22
8.1.1 Layers menu........................................................................................................................... 23
8.1.2 Assets menu............................................................................................................................ 24
8.1.3 Statistics menu...................................................................................................................... 27
8.1.4 Asset operations.................................................................................................................... 28
8.2 Assets / Edit one asset............................................................................................................... 28
8.2.1 Asset classes........................................................................................................................... 30
8.2.2 GDPR: privacy........................................................................................................................ 31
8.3 Assets / Valuation...................................................................................................................... 32
8.3.1 To set a qualitative valuation........................................................................................... 34
8.4 Threats........................................................................................................................................... 35
8.4.1 Aggravating & mitigating factors.................................................................................... 35
8.4.2 Identification......................................................................................................................... 37
8.4.3 TSV – Threat Standard Values.......................................................................................... 38
8.5 Safeguards..................................................................................................................................... 39
8.5.1 Aspect....................................................................................................................................... 39
8.5.2 Type of protection................................................................................................................ 39
8.5.3 Relative weight...................................................................................................................... 40
8.5.4 Additional information....................................................................................................... 40
8.5.5 On safeguards’ tree.............................................................................................................. 40
8.5.6 Valuation per domains........................................................................................................ 41
8.5.6.1 Central table............................ 44
8.5.6.2 Bottom tool bar.......................... 45
8.5.6.3 SoA – Statement of Applicability......... 46
8.5.7 Reference and target phases............................................................................................. 46
8.5.8 Safeguard maturity valuation.......................................................................................... 47
8.5.9 Operation combo.................................................................................................................. 48
8.5.10 Suggest operation.............................................................................................................. 49
8.5.11 Find........................................................................................................................................ 49
8.6 Zones................................................................................................................................................ 50
8.7 Impact & risk.................................................................................................................................. 52
8.7.1 Criticality levels – Colour encoding................................................................................. 52
8.7.2 Indirect risk............................................................................................................................ 52
8.7.2.1 Alternate view........................... 54
9 Security profiles (EVL)..................................................................................................... 56
9.1 EVL - Basic usage.......................................................................................................................... 58
9.2 EVL - View options....................................................................................................................... 63
9.3 EVL - Control options................................................................................................................ 63
9.4 EVL – Applicability...................................................................................................................... 64
9.5 EVL – Mandatory controls...................................................................................................... 65
9.6 EVL - Valuation............................................................................................................................ 65
9.7 EVL – Compensating controls................................................................................................. 67
9.8 EVL – Additional measures....................................................................................................... 68
9.9 EVL - Reference and target phases........................................................................................ 69
9.10 EVL – Valuation by phases...................................................................................................... 69
9.11 EVL - Valuation by security domains.................................................................................. 74