In this section we explain how to get started with Security Concept Phase, in particular how to integrate the new Elements into Existing Projects and how to make sure that the Risk Model is set up properly for the Security Concept Phase.
To assist you in seamlessly incorporating the Security Concept Phase into your ongoing projects, we provide a streamlined action to establish the foundational chunks and assistants. This includes a dedicated Report chunk, ensuring that you can promptly initiate the process of documenting the purpose of Controls and Assumptions.
For that, assuming you don’t have any chunks of the new Security Concept Phase yet, there is an action in the context menu of Analysis Solutions, to add all the new Assistants and the default chunks into the selected model.
By executing this action, you’ll efficiently integrate the essential building blocks for the Security Concept Phase, allowing you to focus on documenting the purpose of Controls and Assumptions right away. This streamlined process is designed to simplify the transition and enable you to seamlessly incorporate the Security Concept Phase into your existing projects.
To align with the Security Concept Phase, we have made updates to existing workflows, primarily aimed at establishing a connection between existing entities and the new elements. These changes aim to create a more cohesive and user-friendly experience.
With our highly customizable Risk Model, the choice of Risk Treatments is at your discretion. To fully utilize the advantages of the new Security Concept Phase types, it’s important to inform itemis SECURE about how these types fit into your existing Risk Treatments design and how associated Risks will be managed. This involves specifying whether a Risk treated by your custom Treatments would lead to Goals or Claims.
When migrating to the new version of itemis SECURE, we offer assistance for the default Treatments aligned with ISO 21434 recommendations. For your existing models, simply open your project in the updated version, and we will provide educated guesses based on the suggested sources. However, for any custom Treatments, the responsibility lies with you to provide the necessary information.
To determine whether your Risk Model requires additional input, refer to either the Composition solution or the MethodConfiguration model. It’s crucial to address missing leads to values, as they will trigger warnings. Alternatively, you can perform a “Pre-Update Check” after migrating your project by navigating to Migration -> Run Pre-Update Check in the main menu. This check will highlight any missing leads to values, marked as "migrate manually" results, allowing you to address them promptly.