Public and private organisations have an increasing dependency on information technologies to fulfil their mission and reach their business objectives. The purpose of Magerit is directly related to the generalised use of IT systems, communications, and electronic media, which bring evident benefits for the users but which is also subject to certain risks that must be kept under control by means of security countermeasures that generate confidence in the use of these media.
Magerit is of interest to anyone working with mechanised information and the computer systems that handle it. If this information, or the services that are provided thanks to it, are of value, this methodology will allow owners and administrators to know how much of this value is at risk and will help them to protect it.
Knowing the risks to which working elements are subject is simply essential to be able to manage them. This fact has given rise to a large number of informal guides, methodical approaches and support tools, all of which aim at an objective analysis to know how safe (or unsafe) systems are. The great challenge of all these approaches is the complexity of the problem they face, a complexity in the sense that there are many elements to be considered and that, if they are not rigorous, the conclusions will be unreliable. This is why a methodical approach is required that leaves no room for improvisation and does not depend on the whim of the analyst.
Even though serious responsibilities for complying with the organisation's objectives have been placed in the hands of information systems, doubts about their security continue to arise. Those affected, often not technicians, wonder if they can place their trust on these systems. Each failure lowers the trust on information systems, especially when the investments made in defending the means of work do not rule out failures. The ideal situation is that systems do not fail. But the reality is that most of us are used to living with systems that fail. The matter is not as much the absence of incidents, but the confidence that they are under control; it is known what failures may occur and what to do when they do occur. Fear of the unknown is the main source of lack of confidence and, as a result, knowledge brings confidence: knowing the risks allows them to be faced and controlled.
Download:
Book I: The Method
Book II: Catalogue of Elements
Book III: Techniques