Electron desktop app for ISO 27005 security risk assessments of engineering projects
- Stars36
- Forks19
- Open Issues90
BSD-4-Clause
- JavaScript
- HTML
- CSS
About ISRA Security Risk Assessment Tool
ISRA Security Risk Assessment Tool is an Electron desktop application used internally at Thales Digital Identity and Security to evaluate the security risks of engineering projects. It models business assets, supporting assets, threat agents, vulnerabilities, and risk treatment options in one place.
The workflow follows ISO 27005: define scope, identify business and supporting assets, rate consequences against ISO 25010 security characteristics, score vulnerabilities from 0 to 10, and build attack paths with AND and OR combinations to derive risk levels. Each risk is then accepted or assigned a treatment of mitigate, retain, avoid, or share.
The app is distributed as per-platform packages run as sratool or SRATool, so it works offline on a local machine. It ships generically but uses a JSON schema that can be adapted to an organization's needs, making it suited to internal risk methodology work rather than a hosted service.
Key features
- Model business assets, supporting assets, threat agents, and vulnerabilities
- Score vulnerabilities from 0 to 10 against supporting assets
- Build attack paths with AND and OR combinations to derive risk
- Track mitigate, retain, avoid, and share treatment decisions
- Adapt the JSON schema to an organization's needs
Details
- On GitHub since
- 2022
- Risk framework
- ISO 27005, ISO 25010
- License
- BSD-4-Clause
- Runtime
- Electron
- Platforms
- Windows, macOS, Linux
- Self-hosted
- Local desktop app