A system model with focus on security is very helpful to gain a proper understanding of key security attributes. For sustainable analyses an explicit model is indispensable (see Threat Analysis and Risk Assessment) and it is an important basis for advanced tool assistance. Furthermore, such a model can be used as a synchronization artifact with other stakeholders like system architects or software developers. Therefore, you should not shy away from the effort of creating a security system model.

If an existing model of the system architecture shall be imported, it is crucial that appropriate filtering mechanisms can be applied. Implementation-related models are often cluttered with information that is not relevant for security. This is especially important if the model is supposed to be visualized graphically.

If the system model cannot be imported from other sources, e.g. because the project is in an early development phase, graphical editing capabilities are a big help. itemis SECURE provides a graphical editor that is most suitable to model the security relevant aspects of a technical system.

itemis SECURE Example Diagrams