EAR / PILAR
Environment for the Analysis of Risk
EAR provides a set of tools for analysis and management.
It is specialized on Information and Communications Systems,
and supports the methodology
provided by the Spanish Administration:,
are subject to
when do happen,
degrade [the value of] the asset.
The cost of a happening is called
If we are able to estimate the frequency of threat happenings,
then tools can estimate the
to which the system is subject.
Degradation and frequency are the means to estimate
the vulnerability of the system.
System manager has an option to deploy
either to reduce the frequency,
or to limit the impact.
The degree of effectiveness of these safeguards,
the system becomes subject to a
EAR provides a standard library for assets, threats and sefeguards.
it is able to derive security califications against widely
known security standards, such as
- ISO/IEC 27002:2005 -
Code of practice for information security management
- SP800-53:2006 -
Recommended Security Controls for Federal Information Systems
EAR/PILAR has been partly funded by the
Centro Criptológico Nacional
(Spanish National Security Agency).