How to work collaboratively in itemis SECURE using Git?

Motivation In case you have multiple distributed teams, which will work on threat analyses (TARAs) collaboratively, you may need a workflow that serves this purpose. You may want to split the TARA for organizational reasons or to make large projects manageable. The team shall be able to refine its target of evaluation (TOE) and [...]

How much system memory does the itemis SECURE need?

At the moment, the current default size for the memory is 4GB. However, you can adapt the size of the RAM/memory, itemis SECURE is allowed to use, on your own by following these steps: 1. Go to the bin-folder within the Security-Analyst Installation folder. Per default it should be located under "Program Files". 2. There [...]

How may I find the usages of my TARA elements (e.g. Assumptions)?

Given I have an assumption or any other risk analysis element When I right click it and select "Find Usages" Then I see a tool window with a grouped list of usages of that assumption When I double click an element of it Then I see the model element (e.g. Attack Step) that references my [...]

How can I share a composition across multiple projects without copying it?

We will basically create a project without assessment model composition, include our prepared composition manually to the project paths and then make our Analysis-model depend on its models.   1. Create a security analysis project without any Assessment Model Composition. We will add the composition later on by hand.   Select origin of Assessment [...]

How can I define stakeholders?

You can specify stakeholders, but the corresponding chunk is not added to the project by default. You have to add it with a right-click on the root node of your analysis (or a folder) in the project explorer. Specify Stakeholders

What is the purpose of assumptions?

Assumptions allow you to document constraints like "the backend is secure". Assumptions can also affect the risk calculation: for example, you can specify that the attack feasibility is always "very low" and connect that assumption with threats that you have identified for the backend.

Can I model my system iteratively?

You can add more system elements in future iterations. Because the tool is model-based, it is mostly easy to find the places that you have to adapt / update after a change.

How does asset identification work?

Asset identification is related to a special entity called "security goals". After you have modeled your system (or a part of it), you have to decide for each system element, if breaking one or multiple security attributes (e.g. Confidentiality, Integrity, Availability or Authenticity) of the system element might cause damage. If this is the case, [...]

How can I solve conflicts when merging changes?

If you have conflicting changes, the tool will show you this dialog when merging:   Merge conflict   Models with conflicts will be displayed red. You can select the model and press "Merge..." to solve the conflicts. This will show you a screen like this:   Merge revision   In [...]

Go to Top