81 lines
3.4 KiB
Markdown
81 lines
3.4 KiB
Markdown
MONARC - Method for an Optimised aNAlysis of Risks by CASES
|
|
===========================================================
|
|
|
|
![Latest Release](https://img.shields.io/github/release/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
![License](https://img.shields.io/github/license/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
![Contributors](https://img.shields.io/github/contributors/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
![Stars](https://img.shields.io/github/stars/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
|
|
Introduction
|
|
------------
|
|
|
|
[CASES](https://www.cases.lu) promotes information security through the use of
|
|
behavioral, organizational and technical measures. Depending on its size and its
|
|
security needs, organizations must react in the most appropriate manner.
|
|
Adopting good practices, taking the necessary measures and adjusting them
|
|
proportionally: all this is part of the process to ensure information security.
|
|
Most of all, it depends on performing a risk analysis on a regular basis.
|
|
|
|
Although the profitability of the risk analysis approach is guaranteed, the
|
|
investment represented by this approach in terms of the required cost and
|
|
expertise is a barrier for many companies, especially SMEs.
|
|
|
|
To remedy this situation and allow all organizations, both large and small, to
|
|
benefit from the advantages that a risk analysis offers, CASES has developed an
|
|
optimised risk analysis method:
|
|
[MONARC](https://github.com/monarc-project/MonarcAppFO)
|
|
(Method for an Optimised aNAlysis of Risks by CASES), allowing precise and
|
|
repeatable risk management.
|
|
|
|
The advantage of MONARC lies in the capitalization of risk analyses already
|
|
performed in similar business contexts: the same vulnerabilities
|
|
regularly appear in many businesses, as they face the same threats and generate
|
|
similar risks. Most companies have servers, printers, a fleet of smartphones,
|
|
Wi-Fi antennas, etc. therefore the vulnerabilities and threats are the same.
|
|
It is therefore sufficient to generalize risk scenarios for these assets (also
|
|
called objects) by context and/or business.
|
|
|
|
More information:
|
|
[Optimised risk analysis Method](https://www.cases.lu/index-quick.php?dims_op=doc_file_download&docfile_md5id=56ee6ff569a40a5b52bed0e526a6a77f) (pdf)
|
|
|
|
|
|
Documentation
|
|
-------------
|
|
|
|
For a general user documentation see
|
|
[here](https://github.com/monarc-project/MonarcAppFO/tree/master/docs).
|
|
|
|
For installation instructions see
|
|
[INSTALL](https://github.com/monarc-project/MonarcAppFO/tree/master/INSTALL).
|
|
|
|
|
|
Contributing
|
|
------------
|
|
|
|
If you are interested to contribute to the MONARC project, review our
|
|
[community page](https://monarc-project.github.io/pages/community/).
|
|
There are many ways to contribute and participate to the project.
|
|
|
|
Feel free to fork the code, play with it, make some patches and send us the pull
|
|
requests via the [issues](https://github.com/monarc-project/MonarcAppFO/issues).
|
|
|
|
There is one main branch: what we consider as stable with frequent updates as
|
|
hot-fixes.
|
|
|
|
Features are developed in separated branches and then regularly merged into the
|
|
master stable branch.
|
|
|
|
Please, do not open directly a GitHub issue if you think you have found a
|
|
security vulnerability. See our
|
|
[vulnerability disclosure](https://monarc-project.github.io/pages/community/vulnerability-disclosure)
|
|
page.
|
|
|
|
|
|
License
|
|
-------
|
|
|
|
This software is licensed under
|
|
[GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
|
|
|
|
Copyright (C) 2016-2017 SMILE gie securitymadein.lu
|