EAR / Tools
EAR uses libraries to provide standard knowledge on
altogether with the nowledge of how good is a safeguard against a threat (in order to make recommendations, and estimate a residual risk value).
The existence of a standard library has a number of benefits:
to the final user:
that may focus on his problem: to identify and valuate the assets, threats, and safeguards
to the reader of risk reports:
that uses a standard terminology, and may easily compare different risk analysis
to the aditor:
that reads the risk reports using a standard terminology
Library management tools are not intended for final users, and are not distributed regularly.