0% found this document useful (0 votes)

45 views31 pages

2020 02 12 - MONARC Training

The document introduces MONARC, an open source software, community, and method for optimized risk analysis. It describes MONARC as being based on ISO/IEC 27005 but simplified. The MONARC tool allows for risk modeling, inheritance of objects and impacts, and generates shareable deliverables. Future developments include improvements to sharing objects and dashboard visualizations.

Uploaded by

Boutique des Princesses

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

45 views31 pages

2020 02 12 - MONARC Training

Uploaded by

Boutique des Princesses

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 31

Introduction to MONARC

Optimised Risk Analysis Method

Security Made In Lëtzebuerg / CASES

Cyberworld Awareness and Security Enhancements Services

February 12, 2020

Team CASES Introduction to MONARC February 12, 2020 1 / 31

Who we are

Security Made In Lëtzebuerg (SMILE)

Our timeline

2003: Cyberworld Awareness and Security Enhancements Services

(CASES);
2007: Computer Incident Response Center Luxembourg (CIRCL);
2010: SMILE is a GIE (Groupement d’Intérêt Économique);
2017: Cyber security Competence Center (C3).

Team CASES Introduction to MONARC February 12, 2020 2 / 31

Who we are

CASES

Mission
Promote information security by supporting Luxembourg administrations and
SMEs.

Services:

awareness: article publications;

trainings: introduction to cyber security for different audiences 1 ;
software: MONARC, Fit4Cybersecurity, MOSP, TACOS, etc.2

1
https://www.cases.lu/services/trainings.html
2
https://github.com/CASES-LU
Team CASES Introduction to MONARC February 12, 2020 3 / 31
Who we are

Content at glance

1 What is MONARC?

2 The method

3 The tool

Team CASES Introduction to MONARC February 12, 2020 4 / 31

What is MONARC?

Summary

1 What is MONARC?
An open source software
A community
A method

2 The method

3 The tool

Team CASES Introduction to MONARC February 12, 2020 5 / 31

What is MONARC? An open source software

An open source software

Web application (SaaS, self-hosted, virtual machine, etc.);

source code3 under GNU Affero General Public License version
3;
data under CC0 1.0 Universal (CC0 1.0) - Public Domain
Dedication.

For many users, it started with a spreadsheet.

3
https://github.com/monarc-project
Team CASES Introduction to MONARC February 12, 2020 6 / 31
What is MONARC? A community

A community

sharing of risk models and all kind of objects (assets, threats,

vulnerabilitties, recommendations, referentials, etc.);
data available via a sharing platform: MOSP4 ;
more than 130 organizations on https://my.monarc.lu.

4
https://objects.monarc.lu/organization/MONARC
Team CASES Introduction to MONARC February 12, 2020 7 / 31
What is MONARC? A method

A method
Based on ISO/IEC 27005:2011, but optimized

Team CASES Introduction to MONARC February 12, 2020 8 / 31

The method

Summary

1 What is MONARC?

2 The method
Management of risk
An optimized method

3 The tool

Team CASES Introduction to MONARC February 12, 2020 9 / 31

The method Management of risk

A Structured, Iterative and Qualitative method

Structured: 1, 2, ..., n.
Iterative: Plan, Do, Check, Act
Qualitative: Values / Consequence
Impact/Consequence, Threat,
Vulnerability;
reputation, image;
operation;
legal;
financial;
person (to the).

Team CASES Introduction to MONARC February 12, 2020 10 / 31

The method Management of risk

Automated and simplified management

Method based on ISO/IEC 27005

Team CASES Introduction to MONARC February 12, 2020 11 / 31

The method Management of risk

Automated and simplified management

Sub-stages provided by the method are also in line with ISO/IEC 27005

Team CASES Introduction to MONARC February 12, 2020 12 / 31

The method Management of risk

ISO/IEC 27005:2011
Information risks

Formula

R = I ×T ×V

impact on Confidentiality Integrity Availability;

on secondary assets.

Team CASES Introduction to MONARC February 12, 2020 13 / 31

The method Management of risk

ISO/IEC 27005:2011
Operational risks

Formula

R = I ×P

impact on ROLFP;
on primary assets.