Security Controls

The Security controls allows you to enable or disable the security controls for all TARA and RRA projects. Changing the enabled status of a security control has effects on the status of the corresponding circumvent tree. The disabled artifacts are excluded from the computations, which may influence the resulting AFR and risk values.

CycurRISK offers the "Disable security controls per threat" feature, with which you can either enable or disable the security controls per threat at once during the project creation.

To use this feature, the respective circumvent tree has to be embedded in the attack tree. When the control is disabled or enabled, the circumvent tree will be deactivated or activated in the attack tree, and the calculation will change.