81 lines
3.2 KiB
Markdown
81 lines
3.2 KiB
Markdown
MONARC - Method for an Optimised aNAlysis of Risks by CASES
|
|
===========================================================
|
|
|
|
![Latest Release](https://img.shields.io/github/release/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
![License](https://img.shields.io/github/license/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
![Contributors](https://img.shields.io/github/contributors/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
![Stars](https://img.shields.io/github/stars/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
|
|
Introduction
|
|
------------
|
|
|
|
Depending on its size and its security needs, organisations must react in the
|
|
most appropriate manner. Adopting good practices, taking the necessary measures
|
|
and adjusting them proportionally: all this is part of the process to ensure
|
|
information security. Most of all, it depends on performing a risk analysis on
|
|
a regular basis.
|
|
|
|
Although the profitability of the risk analysis approach is guaranteed, the
|
|
investment represented by this approach in terms of the required cost and
|
|
expertise is a barrier for many companies, especially SMEs.
|
|
|
|
To remedy this situation and allow all organisations, both large and small, to
|
|
benefit from the advantages that a risk analysis offers, CASES has developed an
|
|
optimised risk analysis method: [MONARC](http://www.monarc.lu)
|
|
(**Optimised Risk Analysis Method**), allowing precise and repeatable risk
|
|
management.
|
|
|
|
The advantage of MONARC lies in the capitalisation of risk analyses already
|
|
performed in similar business contexts: the same vulnerabilities regularly
|
|
appear in many businesses, as they face the same threats and generate similar
|
|
risks. Most companies have servers, printers, a fleet of smartphones, Wi-Fi
|
|
antennas, etc. therefore the vulnerabilities and threats
|
|
are the same. It is therefore sufficient to generalise risk scenarios for these
|
|
assets (also called objects) by context and/or business.
|
|
|
|
<img src="/docs/ScreenCast.gif" width="100%">
|
|
|
|
Documentation
|
|
-------------
|
|
|
|
You will find a user guide and a technical guide on the
|
|
[MONARC website](http://monarc.lu/).
|
|
|
|
For installation instructions see
|
|
[INSTALL](https://github.com/monarc-project/MonarcAppFO/tree/master/INSTALL).
|
|
|
|
If you want to test MONARC you can use the
|
|
[latest release](https://github.com/monarc-project/MonarcAppFO/releases/latest)
|
|
available as a VirtualBox machine.
|
|
|
|
|
|
Contributing
|
|
------------
|
|
|
|
If you are interested to contribute to the MONARC project, review our
|
|
[community page](http://monarc.lu/pages/community).
|
|
There are many ways to contribute and participate to the project.
|
|
|
|
Feel free to fork the code, play with it, make some patches and send us the pull
|
|
requests via the [issues](https://github.com/monarc-project/MonarcAppFO/issues).
|
|
|
|
There is one main branch: what we consider as stable with frequent updates as
|
|
hot-fixes.
|
|
|
|
Features are developed in separated branches and then regularly merged into the
|
|
master stable branch.
|
|
|
|
Please, do not open directly a GitHub issue if you think you have found a
|
|
security vulnerability. See our
|
|
[vulnerability disclosure](http://monarc.lu/pages/community/vulnerability-disclosure)
|
|
page.
|
|
|
|
|
|
License
|
|
-------
|
|
|
|
This software is licensed under
|
|
[GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
|
|
|
|
Copyright (C) 2016-2017 SMILE gie securitymadein.lu
|