Security Designer

The Security Designer is a cyber-security risk modelling tool. It enables the user to model a socio-technical system, identifies the threats to the system following the web of attack paths, proposes mitigations drawn from a detailed knowledgebase, and computes the risks from the threat likelihood and business impact. The software supports two standards: ISO 27001 and ISO 27005. ISO 27001 is about how organisations should manage information security risks. ISO 27005 is an asset-based risk analysis procedure, which is generally regarded as the best way to find and understand risks.

The Security Designer (SD) enables automated and systematic identification of risks to the assets (both human and technological) contained or connected to the i4FS platform. SD also allows identifying the knock-on consequences and countermeasures to mitigate these risks. The tool allows collaboration between several stakeholders to develop the system model and the associated risk catalogue


The Security Designer combines a comprehensive system model with an innovative machine reasoning technique and a detailed knowledgebase of threats and control strategies to create an unsurpassed view of the risks to a system.

Play Video

Threat Identification and Control Strategies

This component of Security Designer automatically identifies primary and secondary threats to assets, along with corresponding control strategies, providing users with a comprehensive understanding of required risk management measures for their system.

Weakness Identification and Control Suggestions

Based on the encoded threats and controls in the knowledge base, this component identifies potential weaknesses in the model and suggests appropriate controls to address emerging threats, helping users implement necessary security measures.

Security Modelling and Risk Assessment

Users construct a model by placing assets on the canvas and establishing links between them. Existing security controls are added, and the business impact of threat consequences is described. The software then automatically finds threats and computes risks, facilitating a comprehensive assessment of the system’s security.

Risk Mitigation and Iterative Process

Users address the threats with the highest risk by selecting additional controls or reconfiguring the model, engaging in an iterative process. The last two steps are repeated until an acceptable level of residual risk is achieved, ensuring continuous improvement and effective risk mitigation.

Additional ressources

Learn more about i4FS by visting the project website for general information, the wiki for information about the core components, the Technical Manual for API documentation, and downloading the repository’s source code.

Training Academy

Get a better understanding of the global architecture and information flow.

Source code

Our source code is opensource and available on our Gitlab repository.

Software Documentation

Read our easy to follow documentation to learn how to use the i4 Components.