Methodology
EAR tools support the analysis and risk management of an information system following the Magerit methodology.
Assets are exposed to threats that, when they materialise, degrade the asset, producing an impact. If we estimate the frequency with which threats materialise, we can deduce the risk to which the system is exposed.
Degradation and frequency qualify the vulnerability of the system. The information system manager has safeguards in place, which either reduce the frequency of occurrence, or reduce or limit the impact. Depending on the degree of implementation of these safeguards, the system moves to a new risk estimate, which is called residual risk.
PILAR has a general purpose standard library, and is able to perform safety ratings against widely known standards such as:
- ISO/IEC 27002 (2005, 2013) - Code of Practice for Information Security Management
- ENS - National Security Scheme
More information on Magerit (3.0):
