YAKINDU Security Analyst user guide

Security Analyst insight

itemis Security Analyst is a model-based software solution for threat analyses and risk assessments (TARA) of technical systems. It supports your threat analysis and risk assessment throughout the entire life cycle in a sophisticated manner, providing full compliance with ISO/SAE 21434 and UN Regulation No. 155.

First steps

Welcome to itemis Security Analyst! In this chapter you’ll learn how to get started with itemis Security Analyst. This includes installation, general introduction and creating your initial project.

Tool overview

This section explains how to use this tool to conduct your TARA which is an engineering methodology to identify, prioritize, and respond to cyber threats through the application of countermeasures that reduce susceptibility to a cyber attack. The subsequent sections will provide you with an overview and clarify some important characteristics.

Method configuration

The method configuration serves as a foundation for all calculations taking place in itemis Security Analyst. It contains the domain-specific sets of feasibility options, impact options, impact categories, etc.

Threat analysis and risk assessment

This chapter provides information for each process step, that is needed as part of a threat analysis and risk assessment (TARA). The following subsections correspond to these core activities.

Report generation

Security Analyst reports can be created in DOCX and PDF formats. To generate and display the corresponding document, right-click on the chunk in the project explorer, and select Generate Report (docx) or Generate Report (pdf). Alternatively, if a chunk is selected, buttons available in the main editor window’s bottom section.

Catalogs

Catalogs in itemis Security Analyst consist of a threats catalog, a controls catalog, and a technologies catalog. Each catalog features pre-evaluated elements to be re-used across your TARAs and prepares for future automation throughout the TARA lifecycle.

Import and export

The import and export chapter covers everything you need to know to import and export data to and from the Security Analyst. As most users of Security Analyst already have existing models, Security Analyst provides two ways to import data. You have the following options to import data into the tool:

Advanced features

Some advanced features might not be needed in everyday use of itemis Security Analyst. These are covered in this chapter and includes scripting capabilities, details about the XSAM exchange format, the MPS platform and version control system intergration.