2017-08-07 11:01:28 +02:00
|
|
|
MONARC - Method for an Optimised aNAlysis of Risks by CASES
|
|
|
|
===========================================================
|
|
|
|
|
|
|
|
![Latest Release](https://img.shields.io/github/release/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
|
|
![License](https://img.shields.io/github/license/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
|
|
![Contributors](https://img.shields.io/github/contributors/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
|
|
![Stars](https://img.shields.io/github/stars/monarc-project/MonarcAppFO.svg?style=flat-square)
|
2016-04-12 14:39:18 +02:00
|
|
|
|
|
|
|
Introduction
|
|
|
|
------------
|
2017-08-07 11:01:28 +02:00
|
|
|
|
2017-10-18 11:02:13 +02:00
|
|
|
Depending on its size and its security needs, organisations must react in the
|
|
|
|
most appropriate manner. Adopting good practices, taking the necessary measures
|
|
|
|
and adjusting them proportionally: all this is part of the process to ensure
|
|
|
|
information security. Most of all, it depends on performing a risk analysis on
|
|
|
|
a regular basis.
|
2017-06-21 22:39:25 +02:00
|
|
|
|
|
|
|
Although the profitability of the risk analysis approach is guaranteed, the
|
|
|
|
investment represented by this approach in terms of the required cost and
|
|
|
|
expertise is a barrier for many companies, especially SMEs.
|
|
|
|
|
2017-10-18 11:02:13 +02:00
|
|
|
To remedy this situation and allow all organisations, both large and small, to
|
2017-06-21 22:39:25 +02:00
|
|
|
benefit from the advantages that a risk analysis offers, CASES has developed an
|
2018-06-08 14:36:44 +02:00
|
|
|
optimised risk analysis method: [MONARC](https://www.monarc.lu)
|
2017-10-18 11:02:13 +02:00
|
|
|
(**Optimised Risk Analysis Method**), allowing precise and repeatable risk
|
|
|
|
management.
|
2017-06-21 22:39:25 +02:00
|
|
|
|
2017-10-18 11:02:13 +02:00
|
|
|
The advantage of MONARC lies in the capitalisation of risk analyses already
|
|
|
|
performed in similar business contexts: the same vulnerabilities regularly
|
|
|
|
appear in many businesses, as they face the same threats and generate similar
|
|
|
|
risks. Most companies have servers, printers, a fleet of smartphones, Wi-Fi
|
|
|
|
antennas, etc. therefore the vulnerabilities and threats
|
|
|
|
are the same. It is therefore sufficient to generalise risk scenarios for these
|
|
|
|
assets (also called objects) by context and/or business.
|
2017-02-13 15:39:06 +01:00
|
|
|
|
2017-06-21 22:54:16 +02:00
|
|
|
Documentation
|
2017-01-31 10:45:04 +01:00
|
|
|
-------------
|
|
|
|
|
2017-10-18 11:02:13 +02:00
|
|
|
You will find a user guide and a technical guide on the
|
2018-07-08 01:06:39 +02:00
|
|
|
[MONARC website](https://www.monarc.lu/documentation).
|
2017-06-21 23:02:55 +02:00
|
|
|
|
2017-07-12 09:22:25 +02:00
|
|
|
For installation instructions see
|
|
|
|
[INSTALL](https://github.com/monarc-project/MonarcAppFO/tree/master/INSTALL).
|
2017-01-31 10:45:04 +01:00
|
|
|
|
2018-11-07 08:43:18 +01:00
|
|
|
You can also use the provided Virtual Machine
|
|
|
|
[Virtual Machine](https://github.com/monarc-project/MonarcAppFO/releases/latest).
|
2017-05-26 10:36:54 +02:00
|
|
|
|
2017-10-18 11:02:13 +02:00
|
|
|
|
2017-08-07 11:01:28 +02:00
|
|
|
Contributing
|
|
|
|
------------
|
|
|
|
|
|
|
|
If you are interested to contribute to the MONARC project, review our
|
2018-06-08 14:36:44 +02:00
|
|
|
[community page](https://www.monarc.lu/community).
|
2017-08-07 11:01:28 +02:00
|
|
|
There are many ways to contribute and participate to the project.
|
|
|
|
|
|
|
|
Feel free to fork the code, play with it, make some patches and send us the pull
|
2018-07-08 01:06:39 +02:00
|
|
|
requests.
|
2017-08-07 11:01:28 +02:00
|
|
|
|
|
|
|
There is one main branch: what we consider as stable with frequent updates as
|
|
|
|
hot-fixes.
|
|
|
|
|
|
|
|
Features are developed in separated branches and then regularly merged into the
|
|
|
|
master stable branch.
|
|
|
|
|
2017-08-21 09:03:49 +02:00
|
|
|
Please, do not open directly a GitHub issue if you think you have found a
|
|
|
|
security vulnerability. See our
|
2018-07-08 01:06:39 +02:00
|
|
|
[vulnerability disclosure](https://www.monarc.lu/community/vulnerability-disclosure/)
|
2017-08-21 09:03:49 +02:00
|
|
|
page.
|
|
|
|
|
2017-08-07 11:01:28 +02:00
|
|
|
|
2017-02-06 09:18:18 +01:00
|
|
|
License
|
|
|
|
-------
|
|
|
|
|
2017-07-12 09:22:25 +02:00
|
|
|
This software is licensed under
|
|
|
|
[GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
|
2017-02-06 08:24:06 +01:00
|
|
|
|
2019-02-28 22:21:45 +01:00
|
|
|
- Copyright (C) 2016-2019 Jérôme Lombardi - https://github.com/jerolomb
|
|
|
|
- Copyright (C) 2016-2019 Juan Rocha - https://github.com/jfrocha
|
|
|
|
- Copyright (C) 2016-2019 SMILE gie securitymadein.lu
|
|
|
|
- Copyright (C) 2017-2019 Cédric Bonhomme - https://github.com/cedricbonhomme
|
2018-01-25 21:38:45 +01:00
|
|
|
- Copyright (C) 2016-2017 Guillaume Lesniak
|
|
|
|
- Copyright (C) 2016-2017 Thomas Metois
|
|
|
|
- Copyright (C) 2016-2017 Jérôme De Almeida
|
2018-01-12 21:56:42 +01:00
|
|
|
|
|
|
|
For more information, [the list of authors and contributors](AUTHORS) is available.
|
2018-01-25 15:48:12 +01:00
|
|
|
|
2019-03-04 07:51:04 +01:00
|
|
|
Data provided with MONARC (threats, assets, vulnerabilities, referentials,
|
|
|
|
etc.) are licensed under
|
2019-03-04 10:06:47 +01:00
|
|
|
[CC0 1.0 Universal (CC0 1.0)](https://creativecommons.org/publicdomain/zero/1.0/) -
|
|
|
|
Public Domain Dedication.
|
2019-03-04 07:50:10 +01:00
|
|
|
These objects are available through the
|
|
|
|
[MONARC Objects Sharing Plarform](https://objects.monarc.lu).
|
2018-09-26 10:39:38 +02:00
|
|
|
If a specific author wants to license an object under a different license,
|
|
|
|
a pull request can be requested.
|
|
|
|
|