Posts Categorized: Products Open Source

C5-DEC CAD

Posted June 2024 by & filed under Products Open Source.

C5-DEC, short for “Common Criteria for Cybersecurity, Cryptography, Clouds – Design, Evaluation and Certification”, is a sub-project of the CyFORT project, which in turn stands for “Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience”.

C5-DEC CAD, the software component of C5-DEC, is a suite of tools for computer-aided design and development (CAD), mainly dealing with: the creation and evaluation of secure IT systems according to the Common Criteria standards, secure software development life cycle (SSDLC), and what we refer to as cyber-physical system security assessment (CPSSA).

This repository contains the source code and full documentation (requirements, technical specifications, user manual, test case specifications and test reports) of C5-DEC CAD, exemplifying the C5-DEC method, which relies on storing, interlinking and processing all software development life cycle (SDLC) artifacts in a unified manner.

Trick2MonarcApi

Posted June 2024 by & filed under Products Open Source.

Trick2MonarcApi is an open source Java API for MONARC (Optimised Risk Analysis Method), which allows risk information from other sophisticated risk management tools such as TRICK Service (Tool for Risk management of an ISMS based on a Central Knowledge base) to be imported by facilitating changes to the MONARC JSON data file. The tool has been developed to migrate risk information from several organisations within the scope of NIS into the data format required by the NIS regulator in Luxembourg.

This project conforms to MONARC version 2.12.7. This API reads a JSON data file exported from MONARC and gathers information by interpreting a subset of such a file and creating Java objects from the elements it can interpret from the exported JSON data file.
Furthermore, after the Java objects have been processed by this API, it can export a JSON file compliant with MONARC version 2.12.7.

The tool has been released as open source as part of the CyFORT project initiative, making its main features available for use and inviting further contributions.

DRAW

Posted December 2023 by & filed under Products Open Source.

DRAW (Dependencies for a Risk Analysis on a WhiteBoard) is an open source tool by itrust consulting and is used to represent assets and their corresponding dependencies in a graphical manner. The assets are represented as nodes in the graph and the dependency is represented as an edge from one asset to another. The asset carries information of the name of the asset and its type example the asset may be a Financial, Business process etc. The edge carries the dependency information and also the probability information. Probability implies the chances that an asset impacts the other asset.

Website   Project GIT

ARIANA

Posted December 2023 by & filed under Products Open Source.

To streamline standardized documentation, facilitate document editing, and support consultants in audit tasks, the Quality Management department of itrust consulting  introduced “ARIANA” (Assistance for Reporting on Information system Audits with Normative Assessment). This powerful tool is crafted on integrated Word and Excel VBA programs, ensuring a seamless experience. ARIANA enhances efficiency by enabling easy navigation, maintaining standardized formatting, and providing reliable document editing capabilities.