YAKINDU Security Analyst

Analysing and managing risks of connected systems is an important activity in the development of secure systems. It is a prerequisite for the identification and specification of security requirements and goals, the proper definition of security measures and the necessary validation and verification of security features.

Based on universal security standards and best-practice approaches, such as ISO/SAE 21434, UNECE WP.29, ISO 27000, ISO15288 and BSI Fundamental Protection and Common Criteria, Security Analyst enables comprehensive risk analysis of technical systems e.g. in the automotive development process.

Our solution is highly customizable making it future safe for upcoming changes or new standards.

See licenses

Capture development object

  • Graphical or textual modeling of the architecture of the system under development aka "Item Definition"
  • Build your system using components, channels, data flows and data
  • Hierarchical structuring of functions
  • Mapping of functions to architectural elements
 
 

Determine assets and impact

  • Record security goals for selected architectural elements of the development object (functions, data, components, data flows)
  • Estimate damage potentials based on damage criteria from selectable damage classes
  • Model dependencies between security goals (Boolean operators)
  • Propagate damage potentials for connected security goals

Analyze threat scenarios and attack paths

  • Define threats for selected elements of the system
  • Select adequate countermeasures freely or on the basis of catalogs
  • Estimate the effort required to successfully perform an attack based on project risk factors (expertise, know-how, time)
  • Model dependencies between security goals, threats and controls using interactive graphs
 
 
 

Assess and document risks

  • Identify risks to selected protection goals, threats and countermeasures
  • Aggregate risk levels across all associated protection goals, threats and countermeasures based on potential damage and attack effort
 
 

Generate flexible reports

  • Configure reports compliant with ISO/SAE 21434 and UNECE WP.29
  • Create your custom report from a growing list of report items
  • Export and publish as PDF, DOCX or XLSX

Collaboration

  • Work collaboratively on analyses and merge changes with tool support
  • Import and reuse of existing architectures and analyses
  • Exchange of analyses with development partners using the open exchange format for risk analyses "openXSAM"  
  • Integrate with existing tool chains through import and export functions
 
 

More from our Blog