Company wide settings may be specific to the industry, to the tier, or to the companies individual policies. Such specifics include the Method Configuration with all the names and details on which Attack Feasibility Levels (AFL) or Impact Levels (IL) are used in this company. It also includes Threats and Controls Catalogs. Or detailed configurations on how Risk Values propagate through the tree.
Company wide settings live in a separate solution, sometimes called composition. This is something like an analysis solution, just that there is no analysis inside. Instead, the composition provides rules, settings and catalogs of items that an analysis may rely on. Each analysis relies on exactly one composition. A composition may be used by multiple analyses.
You may play around with it to get an impression on the power of itemis SECURE. Nonetheless, changes to it may need to get propagated through to the projects. When you would like to set up something like this, contact us at security-analyst@itemis.de and we’ll be glad to help you with it.