99 lines
4.2 KiB
Markdown
99 lines
4.2 KiB
Markdown
MONARC
|
|
======
|
|
|
|
[![Latest Release](https://img.shields.io/github/release/monarc-project/MonarcAppFO.svg?style=flat-square)](https://github.com/monarc-project/MonarcAppFO/releases/latest)
|
|
![License](https://img.shields.io/github/license/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
![Contributors](https://img.shields.io/github/contributors/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
![Stars](https://img.shields.io/github/stars/monarc-project/MonarcAppFO.svg?style=flat-square)
|
|
[![Workflow](https://github.com/monarc-project/MonarcAppFO/workflows/build/badge.svg)](https://github.com/monarc-project/MonarcAppFO/actions?query=build)
|
|
|
|
|
|
Introduction
|
|
------------
|
|
|
|
Depending on its size and its security needs, organisations must react in the
|
|
most appropriate manner. Adopting good practices, taking the necessary measures
|
|
and adjusting them proportionally: all this is part of the process to ensure
|
|
information security. Most of all, it depends on performing a risk analysis on
|
|
a regular basis.
|
|
|
|
Although the profitability of the risk analysis approach is guaranteed, the
|
|
investment represented by this approach in terms of the required cost and
|
|
expertise is a barrier for many companies, especially SMEs.
|
|
|
|
To remedy this situation and allow all organisations, both large and small, to
|
|
benefit from the advantages that a risk analysis offers, CASES has developed an
|
|
optimised risk analysis method: [MONARC](https://www.monarc.lu)
|
|
(**Optimised Risk Analysis Method**), allowing precise and repeatable risk
|
|
management.
|
|
|
|
The advantage of MONARC lies in the capitalisation of risk analyses already
|
|
performed in similar business contexts: the same vulnerabilities regularly
|
|
appear in many businesses, as they face the same threats and generate similar
|
|
risks. Most companies have servers, printers, a fleet of smartphones, Wi-Fi
|
|
antennas, etc. therefore the vulnerabilities and threats
|
|
are the same. It is therefore sufficient to generalise risk scenarios for these
|
|
assets (also called objects) by context and/or business.
|
|
|
|
Documentation
|
|
-------------
|
|
|
|
You will find a user guide and a technical guide on the
|
|
[MONARC website](https://www.monarc.lu/documentation).
|
|
|
|
For installation instructions see
|
|
[INSTALL](https://www.monarc.lu/download/#source-code).
|
|
|
|
You can also use the provided [Virtual Machine](https://vm.monarc.lu).
|
|
|
|
|
|
Contributing
|
|
------------
|
|
|
|
If you are interested to contribute to the MONARC project, review our
|
|
[community page](https://www.monarc.lu/community).
|
|
There are many ways to contribute and participate to the project.
|
|
|
|
Feel free to fork the code, play with it, make some patches and send us the pull
|
|
requests.
|
|
|
|
There is one main branch: what we consider as stable with frequent updates as
|
|
hot-fixes.
|
|
|
|
Features are developed in separated branches and then regularly merged into the
|
|
master stable branch.
|
|
|
|
Please, do not open directly a GitHub issue if you think you have found a
|
|
security vulnerability. See our
|
|
[vulnerability disclosure](https://www.monarc.lu/community/vulnerability-disclosure/)
|
|
page.
|
|
|
|
|
|
License
|
|
-------
|
|
|
|
This software is licensed under
|
|
[GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
|
|
|
|
- Copyright (C) 2016-2023 Luxembourg House of Cybersecurity
|
|
- Copyright (C) 2016-2023 Jérôme Lombardi - https://github.com/jerolomb
|
|
- Copyright (C) 2016-2023 Juan Rocha - https://github.com/jfrocha
|
|
- Copyright (C) 2017-2023 Cédric Bonhomme - https://www.cedricbonhomme.org
|
|
- Copyright (C) 2016-2017 Guillaume Lesniak
|
|
- Copyright (C) 2016-2017 Thomas Metois
|
|
- Copyright (C) 2016-2017 Jérôme De Almeida
|
|
- Copyright (C) 2019-2023 Ruslan Baidan - https://github.com/ruslanbaidan
|
|
|
|
For more information, [the list of authors and contributors](AUTHORS) is available.
|
|
|
|
Data provided with MONARC (threats, assets, vulnerabilities, referentials,
|
|
etc.) are licensed under
|
|
[CC0 1.0 Universal (CC0 1.0)](https://creativecommons.org/publicdomain/zero/1.0/) -
|
|
Public Domain Dedication.
|
|
These objects are available through the
|
|
[MONARC Objects Sharing Plarform](https://objects.monarc.lu).
|
|
If a specific author wants to license an object under a different license,
|
|
a pull request can be requested.
|
|
You can find more information about MOSP on the
|
|
[dedicated repository](https://github.com/NC3-LU/MOSP).
|