MonarcAppFO/README.md

100 lines
4.4 KiB
Markdown
Raw Normal View History

2017-08-07 11:01:28 +02:00
MONARC - Method for an Optimised aNAlysis of Risks by CASES
===========================================================
2019-12-17 14:57:44 +01:00
[![Latest Release](https://img.shields.io/github/release/monarc-project/MonarcAppFO.svg?style=flat-square)](https://github.com/monarc-project/MonarcAppFO/releases/latest)
2017-08-07 11:01:28 +02:00
![License](https://img.shields.io/github/license/monarc-project/MonarcAppFO.svg?style=flat-square)
![Contributors](https://img.shields.io/github/contributors/monarc-project/MonarcAppFO.svg?style=flat-square)
![Stars](https://img.shields.io/github/stars/monarc-project/MonarcAppFO.svg?style=flat-square)
2019-12-17 14:27:51 +01:00
[![Workflow](https://github.com/monarc-project/MonarcAppFO/workflows/build/badge.svg)](https://github.com/monarc-project/MonarcAppFO/actions?query=build)
2019-12-17 14:57:44 +01:00
[![Twitter](https://img.shields.io/twitter/follow/MONARCProject.svg?style=social&label=Follow)](https://twitter.com/MONARCproject)
2019-12-17 14:27:51 +01:00
2016-04-12 14:39:18 +02:00
Introduction
------------
2017-08-07 11:01:28 +02:00
2017-10-18 11:02:13 +02:00
Depending on its size and its security needs, organisations must react in the
most appropriate manner. Adopting good practices, taking the necessary measures
and adjusting them proportionally: all this is part of the process to ensure
information security. Most of all, it depends on performing a risk analysis on
a regular basis.
2017-06-21 22:39:25 +02:00
Although the profitability of the risk analysis approach is guaranteed, the
investment represented by this approach in terms of the required cost and
expertise is a barrier for many companies, especially SMEs.
2017-10-18 11:02:13 +02:00
To remedy this situation and allow all organisations, both large and small, to
2017-06-21 22:39:25 +02:00
benefit from the advantages that a risk analysis offers, CASES has developed an
2018-06-08 14:36:44 +02:00
optimised risk analysis method: [MONARC](https://www.monarc.lu)
2017-10-18 11:02:13 +02:00
(**Optimised Risk Analysis Method**), allowing precise and repeatable risk
management.
2017-06-21 22:39:25 +02:00
2017-10-18 11:02:13 +02:00
The advantage of MONARC lies in the capitalisation of risk analyses already
performed in similar business contexts: the same vulnerabilities regularly
appear in many businesses, as they face the same threats and generate similar
risks. Most companies have servers, printers, a fleet of smartphones, Wi-Fi
antennas, etc. therefore the vulnerabilities and threats
are the same. It is therefore sufficient to generalise risk scenarios for these
assets (also called objects) by context and/or business.
2017-02-13 15:39:06 +01:00
2017-06-21 22:54:16 +02:00
Documentation
2017-01-31 10:45:04 +01:00
-------------
2017-10-18 11:02:13 +02:00
You will find a user guide and a technical guide on the
[MONARC website](https://www.monarc.lu/documentation).
2017-06-21 23:02:55 +02:00
2017-07-12 09:22:25 +02:00
For installation instructions see
[INSTALL](https://www.monarc.lu/download/#source-code).
2017-01-31 10:45:04 +01:00
2021-09-08 11:23:56 +02:00
You can also use the provided [Virtual Machine](https://vm.monarc.lu).
2017-10-18 11:02:13 +02:00
2017-08-07 11:01:28 +02:00
Contributing
------------
If you are interested to contribute to the MONARC project, review our
2018-06-08 14:36:44 +02:00
[community page](https://www.monarc.lu/community).
2017-08-07 11:01:28 +02:00
There are many ways to contribute and participate to the project.
Feel free to fork the code, play with it, make some patches and send us the pull
requests.
2017-08-07 11:01:28 +02:00
There is one main branch: what we consider as stable with frequent updates as
hot-fixes.
Features are developed in separated branches and then regularly merged into the
master stable branch.
Please, do not open directly a GitHub issue if you think you have found a
security vulnerability. See our
[vulnerability disclosure](https://www.monarc.lu/community/vulnerability-disclosure/)
page.
2017-08-07 11:01:28 +02:00
2017-02-06 09:18:18 +01:00
License
-------
2017-07-12 09:22:25 +02:00
This software is licensed under
[GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
2022-05-19 11:08:19 +02:00
- Copyright (C) 2016-2022 SECURITYMADEIN.LU
2022-03-21 10:00:38 +01:00
- Copyright (C) 2016-2022 Jérôme Lombardi - https://github.com/jerolomb
- Copyright (C) 2016-2022 Juan Rocha - https://github.com/jfrocha
- Copyright (C) 2017-2022 Cédric Bonhomme - https://www.cedricbonhomme.org
- Copyright (C) 2016-2017 Guillaume Lesniak
- Copyright (C) 2016-2017 Thomas Metois
- Copyright (C) 2016-2017 Jérôme De Almeida
2022-03-21 10:00:38 +01:00
- Copyright (C) 2019-2022 Ruslan Baidan - https://github.com/ruslanbaydan
2018-01-12 21:56:42 +01:00
For more information, [the list of authors and contributors](AUTHORS) is available.
2018-01-25 15:48:12 +01:00
2019-03-04 07:51:04 +01:00
Data provided with MONARC (threats, assets, vulnerabilities, referentials,
etc.) are licensed under
2019-03-04 10:06:47 +01:00
[CC0 1.0 Universal (CC0 1.0)](https://creativecommons.org/publicdomain/zero/1.0/) -
Public Domain Dedication.
These objects are available through the
[MONARC Objects Sharing Plarform](https://objects.monarc.lu).
If a specific author wants to license an object under a different license,
2019-12-17 14:57:44 +01:00
a pull request can be requested.
You can find more information about MOSP on the
[dedicated repository](https://github.com/CASES-LU/MOSP).