PILAR is based on the MAGERIT methodology.
The steps for the implementation of this methodology are as follows:
- Identification of Assets. These are the assets owned by the Organisation classified according to their function.
- Asset valuation. This is the valuation assigned to the asset according to its criticality and taking into account the five dimensions of security.
- Threat Identification. These are events that would degrade the value of assets.
- Frequency. Refers to events that occur in a given time.
- Degradation. This is how badly the asset would be damaged if the threats materialise.
- Impact. This is an indicator of what may happen when threats occur.
- Risk Calculation. This is the probability of threats to the asset materialising.
- Identification and assessment of safeguards. These are the precise measures to be taken to reduce the risk.
- Calculation of Residual Risk. This is the risk remaining after safeguards have been applied.