|
PILAR RM Risk Analysis
and Management Help Files version
2024.1 February, 2024 |
1 First screen.................................................................................................................................. 5
1.1 License............................................................................................................................................... 5
2 Edit / Options.............................................................................................................................. 6
2.1 Options – Valuation...................................................................................................................... 7
2.2 Options – Likelihood..................................................................................................................... 7
2.3 Options – Effects............................................................................................................................ 7
2.4 Options – Threats.......................................................................................................................... 8
2.5 Options – Maturity........................................................................................................................ 8
2.6 Options – Special phases............................................................................................................... 8
2.7 Options – CSV................................................................................................................................... 9
2.8 Options – Value model.................................................................................................................. 9
2.9 Options – Project phases.............................................................................................................. 9
2.10 Security domains and project phases.................................................................................... 9
2.11 Options – Xor.............................................................................................................................. 10
2.12 Options – Loops.......................................................................................................................... 10
2.13 Options – Save............................................................................................................................. 11
2.14 Options – Export: safeguards............................................................................................... 11
2.15 Options – Cross dimension value transfer....................................................................... 11
2.16 Options – Timing......................................................................................................................... 11
2.17 Options – Privacy risk.............................................................................................................. 12
2.18 Options – Residual risk............................................................................................................ 12
2.19 Options – ROLL........................................................................................................................... 12
2.20 Discontinued............................................................................................................................... 12
2.20.1 Options - Authenticity....................................................................................................... 12
2.20.2 Options - Accountability................................................................................................... 12
2.20.3 Options – LOG (experimental)........................................................................................ 12
3 Reports......................................................................................................................................... 13
3.1 From template.............................................................................................................................. 13
3.2 Textual reports........................................................................................................................... 13
3.3 Graphical reports....................................................................................................................... 14
3.4 Databases....................................................................................................................................... 18
4 Perimeters................................................................................................................................. 18
5 OK, Cancel, Help....................................................................................................................... 19
6 Main control panel............................................................................................................. 20
6.1 Basic controls.............................................................................................................................. 20
6.2 Project controls.......................................................................................................................... 22
7 Project.......................................................................................................................................... 23
7.1 Project data.................................................................................................................................. 23
7.2 Information sources................................................................................................................... 25
7.2.1 Edition..................................................................................................................................... 26
7.3 Applicability stages.................................................................................................................... 28
7.3.1 Edition..................................................................................................................................... 29
7.4 Security domains.......................................................................................................................... 30
7.4.1 Edition..................................................................................................................................... 31
7.4.2 Removal................................................................................................................................... 32
7.5 Dimensions selection.................................................................................................................. 33
7.6 Asset classes selection.............................................................................................................. 34
7.7 Selection of criteria for valuation...................................................................................... 35
7.8 Threats selection........................................................................................................................ 36
7.9 Project phases............................................................................................................................... 37
7.9.1 Combination and removal of phases............................................................................... 38
7.9.2 Edit one phase....................................................................................................................... 39
7.10 Risk Treatment.......................................................................................................................... 40
7.11 Project translation................................................................................................................. 42
7.11.1 Alternative format: CSV.................................................................................................... 43
8 Risk analysis............................................................................................................................. 44
8.1 Assets / Identification............................................................................................................... 44
8.1.1 Layers menu........................................................................................................................... 46
8.1.2 Assets menu............................................................................................................................ 48
8.1.3 Statistics menu...................................................................................................................... 52
8.1.4 Asset operations.................................................................................................................... 52
8.2 Assets / Edit one asset............................................................................................................... 53
8.2.1 Asset classes........................................................................................................................... 54
8.2.2 GDPR: privacy........................................................................................................................ 55
8.3 Assets / Sources........................................................................................................................... 57
8.4 Assets / Classes............................................................................................................................ 59
8.5 Assets / CPE names...................................................................................................................... 61
8.6 Assets / Dependencies................................................................................................................ 64
8.6.1 Dependencies – Layers........................................................................................................ 69
8.6.2 Dependencies – Graph......................................................................................................... 70
8.6.3 Dependencies – Buses.......................................................................................................... 72
8.6.4 Dependencies – Blocks......................................................................................................... 73
8.6.5 Dependencies – Map............................................................................................................ 74
8.6.6 Dependencies per dimension of security........................................................................ 75
8.7 Assets / Valuation...................................................................................................................... 77
8.7.1 Valuation by domains.......................................................................................................... 77
8.7.2 Valuation asset by asset...................................................................................................... 79
8.7.3 To set a qualitative valuation........................................................................................... 83
8.7.4 To set a quantitative valuation......................................................................................... 84
8.7.5 To nullify a valuation........................................................................................................... 85
8.7.6 Availability valuation.......................................................................................................... 86
8.8 Zones................................................................................................................................................ 88
8.8.1 Asset classes........................................................................................................................... 88
8.8.2 Zones and borders................................................................................................................ 89
8.8.3 Zone definition....................................................................................................................... 90
8.8.4 Attack paths........................................................................................................................... 91
8.8.5 Border protection................................................................................................................. 92
8.8.6 Time analysis......................................................................................................................... 94
8.9 Threats........................................................................................................................................... 97
8.9.1 Aggravating & mitigating factors.................................................................................... 97
8.9.2 Identification......................................................................................................................... 98
8.9.3 Valuation.............................................................................................................................. 102
8.9.4 TSV – Threat Standard Values........................................................................................ 104
8.9.5 Technical vulnerabilities (CVE)...................................................................................... 105
8.10 Incidents.................................................................................................................................... 109
8.10.1 Edit one incident.............................................................................................................. 109
8.11 Safeguards................................................................................................................................ 111
8.11.1 Aspect.................................................................................................................................. 111
8.11.2 Type of protection............................................................................................................ 111
8.11.3 Relative weight................................................................................................................. 111
8.11.4 Hooks................................................................................................................................... 111
8.11.5 Additional information.................................................................................................. 112
8.11.6 On safeguards’ tree.......................................................................................................... 112
8.11.7 Applicability summary................................................................................................... 113
8.11.8 Valuation (phases).......................................................................................................... 114
8.11.8.1 Central table.......................... 116
8.11.8.2 Bottom tool bar........................ 118
8.11.8.3 SoA – Statement of Applicability....... 119
8.11.9 Valuation (domains)....................................................................................................... 119
8.11.10 Reference and target phases...................................................................................... 120
8.11.11 Safeguard maturity valuation................................................................................... 121
8.11.12 Operation combo........................................................................................................... 122
8.11.13 Suggest operation......................................................................................................... 123
8.11.14 Find................................................................................................................................... 124
8.12 Security actions...................................................................................................................... 126
8.12.1 Security action.................................................................................................................. 127
8.13 Risk scenarios.......................................................................................................................... 129
8.13.1 Edit one risk scenario..................................................................................................... 130
8.13.2 Automated estimation of
residual risk...................................................................... 132
8.13.3 Manual calculus of
residual risk.................................................................................. 132
8.14 Impact & risk............................................................................................................................. 133
8.14.1 Criticality levels – Colour encoding............................................................................ 133
8.14.2 Accumulated impact....................................................................................................... 133
8.14.2.1 Alternate view......................... 135
8.14.3 Accumulated risk............................................................................................................. 136
8.14.3.1 Alternate view......................... 138
8.14.4 Accumulated impact and risk table............................................................................ 138
8.14.4.1 Impact summary......................... 141
8.14.4.2 Risk summary........................... 141
8.14.5 Deflected impact.............................................................................................................. 142
8.14.5.1 Alternate view......................... 145
8.14.6 Deflected risk.................................................................................................................... 145
8.14.7 Deflected impact and risk table................................................................................... 145
8.14.7.1 Impact summary......................... 147
8.14.7.2 Risk summary........................... 148
9 Security profiles (EVL)................................................................................................... 149
9.1 EVL - Basic usage........................................................................................................................ 151
9.2 EVL - View options..................................................................................................................... 154
9.3 EVL - Control options.............................................................................................................. 154
9.4 EVL - Hooks.................................................................................................................................. 155
9.5 EVL – Applicability................................................................................................................... 156
9.6 EVL – Mandatory controls.................................................................................................... 157
9.7 EVL - Valuation.......................................................................................................................... 158
9.8 EVL – Compensating controls............................................................................................... 159
9.9 EVL – Additional measures.................................................................................................... 160
9.10 EVL - Reference and target phases.................................................................................. 162
9.11 EVL – Valuation by phases................................................................................................... 162
9.12 EVL - Valuation by security domains................................................................................ 167
9.13 Groups of security domains................................................................................................. 167
9.14 Mapping (EVL à EVL)............................................................................................................ 169