YAKINDU Security Analyst

Analysing and managing risks of connected systems is an important activity in the development of secure systems. It is a prerequisite for the identification and specification of security requirements and goals, the proper definition of security measures and the necessary validation and verification of security features.

Based on universal security standards and best-practice approaches, such as ISO 27000, ISO15288 and BSI Fundamental Protection and Common Criteria, Security Analyst enables comprehensive risk analysis of technical systems e.g. in the automotive development process.

Our solution is highly customizable making it future safe for upcoming changes or new standards.

See licenses

Capture development object

  • Graphical or textual modeling of the architecture of the system under development (components, interfaces, connections, data)
  • Hierarchical structuring of functions
  • Mapping of functions to architectural elements
Capture development object

Determine security goals

  • Record security goals for selected architectural elements of the development object (functions, data, components, connections)
  • Estimate damage potentials based on damage criteria from selectable damage classes
  • Model dependencies between security goals (Boolean operators)
  • Propagate damage potentials for connected security goals
Determine security goals

Analyze threats

  • Define threats for selected elements of the system
  • Select adequate countermeasures freely or on the basis of catalogs
  • Estimate the effort required to successfully perform an attack based on project risk factors (expertise, know-how, time)
Analyze threats

Assess and document risks

  • Identify risks to selected protection goals, threats and countermeasures
  • Aggregate risk levels across all associated protection goals, threats and countermeasures based on potential damage and attack effort
  • Compose results flexibly and generate reports automatically
Risks

Visualize dependencies and propagation paths

  • Represent modeled dependencies between protection goals, threats and countermeasures as interactive graphs
  • Display propagation paths of calculated values for damage potential and attack effort
Visualize

Assess analyses

  • Create coverage analyses (potential versus modeled protection goals and threats)
  • Record and annotate protection goals and threats intentionally not included in the analysis
  • Identify and resolve inconsistencies
Analyse

Collaboration

  • Attach comments to any model element
  • Save and reuse partial models or analyses
  • Manage inter-departmental and distributed
    analysis versions
  • Use stand-alone or central project files
  • Integrate with existing tool chains through import and export functions
Collaboration