Published under Risk Management

Tool Identity Card

General information
Basic information to identify the product

Tool name : EAR / Pilar (EAR is commercial / PILAR is public administration restricted)
Vendor name : A.L.H. J. Mañas
Country of origin : Spain

Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : Local
Supported by organization, club,... (e.g. as sponsor) : CCN (Spanish National Security Agency)

Brief description of the product
Give a brief description of the product containing general information, overview of functions...

  • EAR / PILAR is the software that implements and expands Magerit RA/RM Methodology. It is designed to support the risk management process along long periods, providing incremental analysis as the safeguards improve. Its functionalities include mainly:
    • Quantitative and qualitative Risk Analysis and Management
    • Quantitative and qualitative Business Impact Analysis &Continuity of Operations
    The tool is intuitive, provides fast calculations and generates a quantity of textual and graphical.

Supported functionality
Specify the functionality this tool provides.

R.A. Method phases supported

  • Risk identification : Yes. Asset identification, relationships, and value for the organization. Threat identification and estimation.
  • Risk analysis : Yes. Impact and risk. Potential and residual values. Qualitative and quantitative.
  • Risk evaluation : Yes. Results are priorised and presented to the management for business evaluation

Other phases

  • Asset inventory &evaluation : Qualitative and Quantitative.
  • Business Impact Analysis : Cost of service interruption taking the duration of the interruption into account. Data for developing disaster recovery plans.

R.M. Method phases supported

  • Risk assessment : Identification, analysis and assessment.
  • Risk treatment : Policies, procedures and safeguards maturity evolution.
  • Risk acceptance : Residual impact and risk. Accumulated values (on technical assets) and deflected value (on business processes)
  • Risk communication : Textual reports, and graphical reports, export capability in other sections.

Other phases

  • Compliance : Compliance level check with security frameworks (e.g. 17799:2005). Users may extend with other security profiles: national, sector, ...

Other functionality

  • Information sources : linkable link of information sources
  • Disaster recovery : Baseline for a disaster recovery plan
  • Security profiles : User plug-in: local, sector, national,...
  • Threat profiles : User plug-in: tailored to specific environement
  • Additional protection : User plug-in: very specific assets

Information processed

  • Value model : assets, dependencies, and values.
  • Risk map : threats on assets
  • Security policies : baseline to build.
  • Safeguard evaluation : maturity level along time.
  • Secutity procedures : baseline to build.
  • Additional asset protections : for specific assets
  • Risk state : qualitative and quantitative, accumulated and deflected.
  • Security compliance : against standard and user specific profiles.

Date of the first edition, date and number of actual version

Date of first release : 2004
Date and identification of the last version : December 2006 - version 3.3

Useful links
Link for further information

Official web site : http://www.ar-tools.com (download EAR) - http://www.ccn-cert.cni.es (download PILAR)
user group web site : http://www.ccn-cert.cni.es. In private part there is a group of Users for Spanish Administration
Relevant web site : http://www.sgsi.net

List the available languages that the tool supports

Languages available : English, Spanish, Italian, French

Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)

  • 1500EAR (AGR1 + AGR2 + BCM1 + BCM2)

Sectors with free availability or discounted price : Educational world-wide - Spanish Public Administration

Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : Free read-only mode
Identification required : No (web site)
Trial period : unlimited (not trial)

CD or download available : Anonymous trial (very limited)
Identification required : No (web site)
Trial period : renewable

CD or download available : Trial (limited functions)
Identification required : Yes (email request)
Trial period : 30 days

Tool architecture
Specify the technologies used in this tool

  • Technical component : Application
  • Purpose : Risk analysis and management support. Continuity of operations analysis and design.
  • Comment : Stand alone application (Java and XML), client/server version under development.

Page top


Target public
Defines the most appropriate type of communities for this tool

  • Government, agencies
  • Large scale companies
  • SME
  • Commercial CIEs
  • Non commercial CIEs

Specific sector : Information and communications

Information concerning the spread of this tool

General information : World-wide in many different organizations
Used inside EU countries : Spain, France, Italy, Hungary
Used outside EU countries : South America: Argentina, Chile, Peru, Colombia, NATO

Level of detail
Specify the target kind of people for this tool based on its functionality

Management : security plan preparation and monitoring
Operational : standard policies, procedures, and horizontal safeguards
Technical : administrator guidance (may be extended by means of plug-ins)

Compliance to IT Standards
List the national or international standard this tool is compliant with

  • ISO/IEC 13335:2004 supported
  • ISO/IEC 17799:2005 supported
  • ISO/IEC 15408:2005
  • ISO/IEC 27001:2005 supported
  • Other standards are being : extensible, user plug-ins

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

  • ISO/IEC 27001:2005
  • Other standards are being included : extensible, user plug-ins

Information about possible training courses for this tool

Course : Risk Management
Duration : 20h
Skill : IT management

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

  • To install : No complex installation needed, stand alone application. Database is an option.
  • To use : Usable interface, help functionality, example case provided. Knowledge of the Magerit methodology needed
  • To maintain : As installation, newer version can be easily installed in parallel with older versions. Backwards compatibility is always guaranteed.

Tool Support
Specify the kind of support the company provides for this product

Magerit : guideline on the method and its usagehttp://www.csi.map.es/csi/pg5m20.htm Html help : Help available both offline and online (on the websites)
User's forum : Online forum under development for the italian version

Organization processes integration
Describe user roles this tool supports

Supported Roles

  • Business Continuity Management : partly supported (ITC)
  • Disaster Recovery Management : helps to elaborate DRPs
  • Regulatory frameworks (e.g. privacy) : yes (as plug-in security profiles)

Intergration in Organization activities

  • N/A

Interoperability with other tools
Specify available interfaces or other ways of integration with other tools

  • Import/Export : XML and CSV formats

Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

  • Standard : ITC

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

  • Asset classes : Customize (with external tools)
  • List of threats &threat profiles : Customize (with external tools)
  • List of safeguards (general and specific) : Customize (with external tools)
  • Security compliance : Customize (with external tools)
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies