Why can’t Threats act on Data?

We don’t allow that Threats act on Data element directly, because we consider them “intangible”. Data can only be threatened during transmission or when it is physically stored somewhere. Thus, Threats may only act on a Component, or Data Flow (or Channel in the future). It then automatically affects the transferred Data. However, this has [...]

Can I automate creation of Risk elements?

Yes, you can. The mechanism is similar to how you semi-automate the creation of Security Goals and Threats: create or go to an existing Model Assessment chunk and select the corresponding “risk assessment query”: Risk query The Risk query was made for the “one-Risk-per-Threat” way of thinking (see above). Note that you can [...]

Why can I define Risks over Security Goals, Threats and Controls?

We have observed two different ways of thinking about Risks: if damage is in the focus, people prefer to define Risks based on Security Goals, if attack paths and likelihood is in the focus, people prefer Threats. We think that it makes sense to have one Risk for several related elements so that reports become [...]

The Risk Table shows errors / is broken

There is a problem with the Risk Table when available Damage Potentials (DP) or Attack Effort (AE) values are altered. To fix this you have to remove the table and insert it again. Place the cursor somewhere in the table and press Ctrl+Up until it is select completely. Then press Delete to remove it. Press [...]

Why do I need the itemis SECURE?

itemis SECURE is the perfect solution for analyzing and managing the risks of networked systems. itemis SECURE is an immediately deployable, efficient and accessible tool that can be customized and integrated. With the tool, you are also prepared for the future for upcoming changes and new standards!

Which functionalities are offered by the itemis SECURE?

Standardization Supporting security standards including ISO 27005, ISO/SAE 21434 and IEC 62443 Customization Adaptable for custom assessment and development processes (including TARA) Modeling Guided modeling of system and security properties Reporting Automated generation of audit compliant documents Lifecycle Support Simple update and versioning of analysis iterations

Go to Top