We don’t allow that Threats act on Data element directly, because we consider them “intangible”. Data can only be threatened during transmission or when it is physically stored somewhere. Thus, Threats may only act on a Component, or Data Flow (or Channel in the future). It then automatically affects the transferred Data. However, this has [...]
Yes, we know about several usability problems. We continuously improve usability with every version.
Yes, you can. The mechanism is similar to how you semi-automate the creation of Security Goals and Threats: create or go to an existing Model Assessment chunk and select the corresponding “risk assessment query”: Risk query The Risk query was made for the “one-Risk-per-Threat” way of thinking (see above). Note that you can [...]
We have observed two different ways of thinking about Risks: if damage is in the focus, people prefer to define Risks based on Security Goals, if attack paths and likelihood is in the focus, people prefer Threats. We think that it makes sense to have one Risk for several related elements so that reports become [...]
There is a problem with the Risk Table when available Damage Potentials (DP) or Attack Effort (AE) values are altered. To fix this you have to remove the table and insert it again. Place the cursor somewhere in the table and press Ctrl+Up until it is select completely. Then press Delete to remove it. Press [...]
itemis SECURE is the perfect solution for analyzing and managing the risks of networked systems. itemis SECURE is an immediately deployable, efficient and accessible tool that can be customized and integrated. With the tool, you are also prepared for the future for upcoming changes and new standards!
Standardization Supporting security standards including ISO 27005, ISO/SAE 21434 and IEC 62443 Customization Adaptable for custom assessment and development processes (including TARA) Modeling Guided modeling of system and security properties Reporting Automated generation of audit compliant documents Lifecycle Support Simple update and versioning of analysis iterations
