PILAR may generate RTF or HTML texts to be used directly as bulk reports, or to be integrated into your own reports.

The documentation collects the information introduced to PILAR and summarises it in different presentations.

Reports are useful during risk analysis to check that the elements of the system are well recorded, and every stakeholder agrees with the model.

Reports are useful during risk treatment to follow the impact and risk indicators as safeguards are deployed and improved.

Risk summary

A standard all-included report.

Value model (short)

Value model (long)

The report goes through the assets, their dependencies, and their own and accumulated values, dimension by dimension.

—    The short version only presents the list of assets, and the value of the assets with own value.

—    The long version adds full detail, asset by asset.

Zones

            This report lists zones and border elements connecting zones.

Threat report

The report goes through assets and threats, showing the threats on each asset, and the assets exposed to each threat.

Evaluation of safeguards

The report goes safeguard by safeguard, presenting its effectiveness on each phase.

Defects report (report of vulnerabilities)

Similar to the “evaluation of safeguard” report above, but it filters out those safeguards that are good enough. In other words: you select a threshold level, and the safeguards below are reported.

Impact analysis                                         

Presents the impact, accumulated and deflected, on each asset on each phase.

Risk analysis

Presents the risk, accumulated and deflected, on each asset on each phase.

Security profiles (EVL)

Presents the evaluation of the controls of specific security profiles.