PILAR is based on the MAGERIT methodology.

The steps for the implementation of this methodology are as follows:

  1. Identification of Assets. These are the assets owned by the Organisation classified according to their function.
  2. Asset valuation. This is the valuation assigned to the asset according to its criticality and taking into account the five dimensions of security.
  3. Threat Identification. These are events that would degrade the value of assets.
  4. Frequency. Refers to events that occur in a given time.
  5. Degradation. This is how badly the asset would be damaged if the threats materialise.
  6. Impact. This is an indicator of what may happen when threats occur.
  7. Risk Calculation. This is the probability of threats to the asset materialising.
  8. Identification and assessment of safeguards. These are the precise measures to be taken to reduce the risk.
  9. Calculation of Residual Risk. This is the risk remaining after safeguards have been applied.