TRICK Service is a full-featured risk management tool, assisting you in assessing risk, planning actions, and running your information security management system (ISMS). It accompanies you throughout the whole risk management process; starting with the definition of the risk context, covering risk estimation and treatment, and communicating the results. TRICK Service prepares you to be certified for ISO 27001, to comply with the requirements of the GDPR, or to respond to CSSF circular 12/544. It covers a wide variety of features such as quantitative/qualitative analysis of risk scenarios, estimation of Return on Security Investment (ROSI), embedding of custom or pre-defined catalogues for rated security controls (27002, GDPR, 22301, IoT, …), multi-user support and access control, import/export, and versioning.

A unified Cryptography Certification and Verification tool (CryptoCeVerif) with a dedicated set of cryptography-oriented tools, based on open standards and architectures. CryptoCeVerif is aimed at enhancing and automating various crucial aspects of security SDLC such as requirements engineering and cryptographic software verification and validation comprising verifiable and reproducible builds, with support for dynamic asset and SW artefact linking in heterogenous environments, e.g., source code to test case and requirements linking with built-in relation evaluators (e.g., loop detection, coverage calculators).

Developed in the context of the SATRAP-DL subproject of CyFORT, SATRAP (Semi-Automated Threat Reconnaissance and Analysis Platform) is an open-source, cross-platform software for computer-aided analysis of Cyber Threat Intelligence (CTI) through automated reasoning.

IDPS-ESCAPE, short for "Intrusion Detection and Prevention Systems for Evading Supply Chain Attacks and Post-compromise Effects", is a sub-project of the CyFORT project, "which in turn stands for Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience". CyFORT is carried out in the context of the IPCEI-CIS project.

C5-DEC, short for "Common Criteria for Cybersecurity, Cryptography, Clouds – Design, Evaluation and Certification", is a sub-project of the CyFORT project, which in turn stands for "Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience".

C5-DEC CAD, the software component of C5-DEC, is a suite of tools for computer-aided design and development (CAD), mainly dealing with: the creation and evaluation of secure IT systems according to the Common Criteria standards, secure software development life cycle (SSDLC), and what we refer to as cyber-physical system security assessment (CPSSA).

This repository contains the source code and full documentation (requirements, technical specifications, user manual, test case specifications and test reports) of C5-DEC CAD, exemplifying the C5-DEC method, which relies on storing, interlinking and processing all software development life cycle (SDLC) artifacts in a unified manner.

Trick2MonarcApi is an open source Java API for MONARC (Optimised Risk Analysis Method), which allows risk information from other sophisticated risk management tools such as TRICK Service (Tool for Risk management of an ISMS based on a Central Knowledge base) to be imported by facilitating changes to the MONARC JSON data file. The tool has been developed to migrate risk information from several organisations within the scope of NIS into the data format required by the NIS regulator in Luxembourg.

This project conforms to MONARC version 2.12.7. This API reads a JSON data file exported from MONARC and gathers information by interpreting a subset of such a file and creating Java objects from the elements it can interpret from the exported JSON data file.
Furthermore, after the Java objects have been processed by this API, it can export a JSON file compliant with MONARC version 2.12.7.

The tool has been released as open source as part of the CyFORT project initiative, making its main features available for use and inviting further contributions.

DRAW (Dependencies for a Risk Analysis on a WhiteBoard) is an open source tool by itrust consulting and is used to represent assets and their corresponding dependencies in a graphical manner. The assets are represented as nodes in the graph and the dependency is represented as an edge from one asset to another. The asset carries information of the name of the asset and its type example the asset may be a Financial, Business process etc. The edge carries the dependency information and also the probability information. Probability implies the chances that an asset impacts the other asset.

Website   Project GIT

To streamline standardized documentation, facilitate document editing, and support consultants in audit tasks, the Quality Management department of itrust consulting  introduced "ARIANA" (Assistance for Reporting on Information system Audits with Normative Assessment). This powerful tool is crafted on integrated Word and Excel VBA programs, ensuring a seamless experience. ARIANA enhances efficiency by enabling easy navigation, maintaining standardized formatting, and providing reliable document editing capabilities.

OpenARIANA helps to write security policies and procedures. By structuring information that generally comes from ISO standards, combining it and customizing it according to a company’s needs, it generates policies in the format desired by the customer, and templates to document observations and decisions of an auditor.

OpenTRICK is a general-purpose risk management tool conceived, developed and maintained by itrust consulting. It offers a wide range of features such as multi-user support, quantitative and qualitative analysis of risk scenarios, maturity assessment, access controls, import/export in Word or Excel, synchronisation with ticketing systems such as Redmine, JIRA, KIX… versioning of risk analysis, definition of risk profiles, embedding of own security control catalogues (such as DORA, GDPR, ENISA Security Objectif promoted by ILR for self-assessment, or international standards such as 22301, 27001, 27001, 27701, IEC62443, and PCI-DSS, using these catalogue for Risk treatment based on parametrization and estimation of ROSI and all these features support efficient risk management.

It comes with a methodology (e.g. risk criteria definition) and a risk process compliant to 27001, 27005 and taking into account regulator-specific requirements such as those defined by CSSF and ILR.

Covering the needs of historic customers including critical infrastructure, OpenTRICK is compatible to the SERIMA risk assessment module and can export the information in the json format based on a csv file mapping of the asset and risk name used by the customer to the corresponding names defined by the regulator.

As an integral part of OpenTRICK, TRICK Cockpit is the real-time risk monitoring instrument, designed to monitor the cyber security aspects of intelligent smart metering, and on other critical infrastructure, e.g. water distribution networks. It combines security risk analyses with real-time measurable elements on the operational infrastructure, and it provides a central security management and supervision system.

Typical measurement elements are alerts generated by firewall systems, incoming file scanning results, integrity of equipment configuration files, comparison of versions of installed programs with the list of latest versions considered secure, traffic analysis on certain networks. To this end, the infrastructure will be modelled as components and security measures (described according to recognized standards such as ISO/IEC 27002, and inspired by ISO/IEC 27004, indicators to evaluate the proper functioning of safety measures...).

The risk evolution module can used by an organization to compare risk parameters over the years, used by a regulator to compare different regulated entities, or a group to display the result of different subsidiaries.

As OpenTRICK is open source, it can be easily installed and maintained by the customer and all customers data transferred from the itrust hosted platform app.trickservice.com to the customer platform. This step is recommended as soon as parameters should be updated based on inputs from internal monitoring systems such as WaZuh, IDPS-ESCAPE, SATRAP-DL…

At the end of a project, the data encoded in TRICK Service, could be exported in sqlite, Word, Excel, or json, to avoid a dependency on the TRICK Service platform or even the OpenTRICK tool.

Malwasm, a reverse engineering tool, developed under the itrust initiated project Malware.lu.

The purpose of malwasm is to help reverse engineers analyse malicious software. The tool combines both static and dynamic analysis. Malwasm executes a malware via sandbox (virtual machine), logs the entire activity (opcode, registry value, etc.), and then uses a web browser to display the information.

TRICK Free to use is the freeware version of TRICK Service, which is a risk management tool that helps you estimate your risk, plan an action plan, and set up an information security management system (ISMS).

eTuP is a utility that permits point-to-point encryption in networks. It consists of two agents (one in the source (local) network, one at the destination (remote) device) that forward all Ethernet traffic from one place to another, over a tunneling protocol. The tunnel can be encrypted on-demand, thus securing all connections between the remote device and the network.

A vulnerability assessment tool for personal computers and servers running the Windows operating system. After installation of a light software client on machines spread over the monitored network, Software Checker informs the user of the installed software, key elements of the configuration, potential vulnerability of the software according to vulnerability databases such as OSVDB and the latest version of trusted software. Using standardised protocols, it could be integrated into a global detection system assessing the level of risk and detecting installed malware.

The current version of Software checker verifies whether the Windows operating system contains software with security vulnerabilities and informs the user of new software updates. Future developments will manage this information centrally, collecting information from other operating systems and using it for predicting potential attacks and planning upgrades.

A multi-antivirus scanner solution to perform malware infection analysis of suspicious files. It increases the probability to detect a malware by the use of multiple antivirus solutions.

A Linux toolbox for Information System vulnerability testing. This distribution integrates open source applications with a home-made environment (script, configuration, shell code …). The purpose of this distribution is to have an image of a fully operational system when we have to realise a penetration test.