The Security Designer is a cyber-security risk modelling tool. It enables the user to model a socio-technical system, identifies the threats to the system following the web of attack paths, proposes mitigations drawn from a detailed knowledgebase, and computes the risks from the threat likelihood and business impact. The software supports two standards: ISO 27001 and ISO 27005. ISO 27001 is about how organisations should manage information security risks. ISO 27005 is an asset-based risk analysis procedure, which is generally regarded as the best way to find and understand risks.
The Security Designer (SD) enables automated and systematic identification of risks to the assets (both human and technological) contained or connected to the i4FS platform. SD also allows identifying the knock-on consequences and countermeasures to mitigate these risks. The tool allows collaboration between several stakeholders to develop the system model and the associated risk catalogue
The Security Designer combines a comprehensive system model with an innovative machine reasoning technique and a detailed knowledgebase of threats and control strategies to create an unsurpassed view of the risks to a system.
Threat Identification and Control Strategies
This component of Security Designer automatically identifies primary and secondary threats to assets, along with corresponding control strategies, providing users with a comprehensive understanding of required risk management measures for their system.
Weakness Identification and Control Suggestions
Based on the encoded threats and controls in the knowledge base, this component identifies potential weaknesses in the model and suggests appropriate controls to address emerging threats, helping users implement necessary security measures.
Security Modelling and Risk Assessment
Users construct a model by placing assets on the canvas and establishing links between them. Existing security controls are added, and the business impact of threat consequences is described. The software then automatically finds threats and computes risks, facilitating a comprehensive assessment of the system’s security.
Risk Mitigation and Iterative Process
Users address the threats with the highest risk by selecting additional controls or reconfiguring the model, engaging in an iterative process. The last two steps are repeated until an acceptable level of residual risk is achieved, ensuring continuous improvement and effective risk mitigation.
Read our easy to follow documentation to learn how to use the i4 Components.