Motivation In case you have multiple distributed teams, which will work on threat analyses (TARAs) collaboratively, you may need a workflow that serves this purpose. You may want to split the TARA for organizational reasons or to make large projects manageable. The team shall be able to refine its target of evaluation (TOE) and [...]
At the moment, the current default size for the memory is 4GB. However, you can adapt the size of the RAM/memory, itemis SECURE is allowed to use, on your own by following these steps: 1. Go to the bin-folder within the Security-Analyst Installation folder. Per default it should be located under "Program Files". 2. There [...]
Given I have an assumption or any other risk analysis element When I right click it and select "Find Usages" Then I see a tool window with a grouped list of usages of that assumption When I double click an element of it Then I see the model element (e.g. Attack Step) that references my [...]
We will basically create a project without assessment model composition, include our prepared composition manually to the project paths and then make our Analysis-model depend on its models. 1. Create a security analysis project without any Assessment Model Composition. We will add the composition later on by hand. Select origin of Assessment [...]
You can specify stakeholders, but the corresponding chunk is not added to the project by default. You have to add it with a right-click on the root node of your analysis (or a folder) in the project explorer. Specify Stakeholders
Assumptions allow you to document constraints like "the backend is secure". Assumptions can also affect the risk calculation: for example, you can specify that the attack feasibility is always "very low" and connect that assumption with threats that you have identified for the backend.
You can add more system elements in future iterations. Because the tool is model-based, it is mostly easy to find the places that you have to adapt / update after a change.
Asset identification is related to a special entity called "security goals". After you have modeled your system (or a part of it), you have to decide for each system element, if breaking one or multiple security attributes (e.g. Confidentiality, Integrity, Availability or Authenticity) of the system element might cause damage. If this is the case, [...]
If you have conflicting changes, the tool will show you this dialog when merging: Merge conflict Models with conflicts will be displayed red. You can select the model and press "Merge..." to solve the conflicts. This will show you a screen like this: Merge revision In [...]
After updating itemis SECURE the internal structures used to store the data might have changed. You have to migrate your project before you can go on. You can safely use the wizard which guides you through the migration process.