The complexity of networked systems requires an analysis of security risks at an early stage. If this analysis is completed at the end of software and system development, resources are tied up, error handling is based on symptoms instead of causes, and the danger of cyber attacks increases.
A modular risk assessment method provides a secure system concept and can also be applied to existing systems. Fraunhofer AISEC developed the Modular Risk Assessment (MoRA) method for this purpose. The methodical procedure is supported by the Security Analyst tool, which was developed in cooperation with itemis AG. The security of software and systems can be evaluated uniformly, comparably and comprehensibly on the basis of a risk model. In addition, MoRA is characterised by repeatability and high adaptability to the respective application domain.