EAR / PILAR
Environment for the Analysis of Risk
EAR provides a set of tools for analysis and management. It is specialized on Information and Communications Systems, and supports the methodology Magerit provided by the Spanish Administration:,
Assets are subject to threats that, when do happen, degrade [the value of] the asset. The cost of a happening is called impact. If we are able to estimate the frequency of threat happenings, then tools can estimate the risk to which the system is subject. Degradation and frequency are the means to estimate the vulnerability of the system.
System manager has an option to deploy safeguards, either to reduce the frequency, or to limit the impact. The degree of effectiveness of these safeguards, the system becomes subject to a residual risk.
EAR provides a standard library for assets, threats and sefeguards. Furthermore, it is able to derive security califications against widely known security standards, such as
EAR/PILAR has been partly funded by the Centro Criptológico Nacional (Spanish National Security Agency).