98 lines
4.2 KiB
Markdown
98 lines
4.2 KiB
Markdown
MONARC - Method for an Optimised aNAlysis of Risks by CASES
|
|
===========================================================
|
|
|
|
|
|
|
|
|
|
|
|
[](https://github.com/monarc-project/MonarcAppFO/actions?query=build)
|
|
[](https://twitter.com/MONARCproject)
|
|
|
|
|
|
Introduction
|
|
------------
|
|
|
|
Depending on its size and its security needs, organisations must react in the
|
|
most appropriate manner. Adopting good practices, taking the necessary measures
|
|
and adjusting them proportionally: all this is part of the process to ensure
|
|
information security. Most of all, it depends on performing a risk analysis on
|
|
a regular basis.
|
|
|
|
Although the profitability of the risk analysis approach is guaranteed, the
|
|
investment represented by this approach in terms of the required cost and
|
|
expertise is a barrier for many companies, especially SMEs.
|
|
|
|
To remedy this situation and allow all organisations, both large and small, to
|
|
benefit from the advantages that a risk analysis offers, CASES has developed an
|
|
optimised risk analysis method: [MONARC](https://www.monarc.lu)
|
|
(**Optimised Risk Analysis Method**), allowing precise and repeatable risk
|
|
management.
|
|
|
|
The advantage of MONARC lies in the capitalisation of risk analyses already
|
|
performed in similar business contexts: the same vulnerabilities regularly
|
|
appear in many businesses, as they face the same threats and generate similar
|
|
risks. Most companies have servers, printers, a fleet of smartphones, Wi-Fi
|
|
antennas, etc. therefore the vulnerabilities and threats
|
|
are the same. It is therefore sufficient to generalise risk scenarios for these
|
|
assets (also called objects) by context and/or business.
|
|
|
|
Documentation
|
|
-------------
|
|
|
|
You will find a user guide and a technical guide on the
|
|
[MONARC website](https://www.monarc.lu/documentation).
|
|
|
|
For installation instructions see
|
|
[INSTALL](https://github.com/monarc-project/MonarcAppFO/tree/master/INSTALL).
|
|
|
|
You can also use the provided Virtual Machine
|
|
[Virtual Machine](https://github.com/monarc-project/MonarcAppFO/releases/latest).
|
|
|
|
|
|
Contributing
|
|
------------
|
|
|
|
If you are interested to contribute to the MONARC project, review our
|
|
[community page](https://www.monarc.lu/community).
|
|
There are many ways to contribute and participate to the project.
|
|
|
|
Feel free to fork the code, play with it, make some patches and send us the pull
|
|
requests.
|
|
|
|
There is one main branch: what we consider as stable with frequent updates as
|
|
hot-fixes.
|
|
|
|
Features are developed in separated branches and then regularly merged into the
|
|
master stable branch.
|
|
|
|
Please, do not open directly a GitHub issue if you think you have found a
|
|
security vulnerability. See our
|
|
[vulnerability disclosure](https://www.monarc.lu/community/vulnerability-disclosure/)
|
|
page.
|
|
|
|
|
|
License
|
|
-------
|
|
|
|
This software is licensed under
|
|
[GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
|
|
|
|
- Copyright (C) 2016-2019 Jérôme Lombardi - https://github.com/jerolomb
|
|
- Copyright (C) 2016-2019 Juan Rocha - https://github.com/jfrocha
|
|
- Copyright (C) 2016-2019 SMILE gie securitymadein.lu
|
|
- Copyright (C) 2017-2019 Cédric Bonhomme - https://github.com/cedricbonhomme
|
|
- Copyright (C) 2016-2017 Guillaume Lesniak
|
|
- Copyright (C) 2016-2017 Thomas Metois
|
|
- Copyright (C) 2016-2017 Jérôme De Almeida
|
|
|
|
For more information, [the list of authors and contributors](AUTHORS) is available.
|
|
|
|
Data provided with MONARC (threats, assets, vulnerabilities, referentials,
|
|
etc.) are licensed under
|
|
[CC0 1.0 Universal (CC0 1.0)](https://creativecommons.org/publicdomain/zero/1.0/) -
|
|
Public Domain Dedication.
|
|
These objects are available through the
|
|
[MONARC Objects Sharing Plarform](https://objects.monarc.lu).
|
|
If a specific author wants to license an object under a different license,
|
|
a pull request can be requested.
|