There are 2 different MONARC installations possible:
- MONARC and the back Office (also known as Instance Management).
The table below summarises the functionality of both versions:
|Features||MONARC||MONARC Back Office|
|Creation, edition, management of risk analysis||✔|
|Import and export of risk analysis||✔|
|Fine management of permissions per projects||✔|
|Management of users per projects||✔|
|Database of risk models||✔||✔|
|Management of risk models||✔||✔ **|
|Creation and removal of MONARC instances||✔|
** Accross multiple MONARC FrontOffice
The MONARC Instance Management is appropriate for big organizations or state organizations. More derails about the architecture here.
Since MONARC is an open-source project, you can also have a look at our roadmap.
The risk assessment is done in a MONARC instance, not the Instance Management. Each instance has, after all, its own user management - inaccessible by the MONARC Instance Management - to control access by user and risk analysis.
User management is done by the administrators of each instance (there can be multiple administrators per instance). So if a user creates a risk analysis to perform a risk assessment, she or he have read/write permissions for that analysis only. No user sees or can access the risk analysis from any other users by default. It is the work of the instance administrator to grant access. The choices are as follows:
- No access
- Read only
These are kept very simple and is by design. If it is desired to create different departments with each of them only being allowed to write to their respective objects but read only on the others, we suggest to create different risk analysis’ with the desired permissions. It is easy to combine the risk analysis later through “export/import” into a new analysis for a combined report.
Import and export
It is possible to import and export all the risk model information and thus share between instance. Or simply import the risk model from one instance in the MONARC Instance Management if multiple instances could benefit from that model, effectively removing the need to import and update that model on each instance.
MONARC Instance Management - Back Office
As an operator or service provider having multiple clients that desire to use MONARC for their risk assessment, this would be the optimal solution. It provides a centralised management of all the instances. This means that you as service provider have a dashboard-like view of how many clients you have. You can add and remove MONARC Instances (Front Offices) and import Risk Models that are automatically accessible to all your instances.
As a bank, you might have different departments in different countries and thus the risk assessment varies - yet the model stays the same. Thus this would be a much easier way to share objects between departments with a centralised import - no need to import the model in each instance!
It is to be noted, that you do not have access to the different instances and that the user management for each instance is done on the instance itself. This is a conscious choice to allow an administrator to create instances but not give access at the same time. This gives the admin for each MONARC instance the power to really manage the access of their instance.
It is to be noted that the MONARC instance management is only interesting, if the implementation should result in some sort of cloud and you are the service provider. If you only wish to conduct risk assessment and your are a single small to medium sized company, we suggest you have an installation of a single MONARC instance without the Instance Management. This will take less maintenance.
MONARC Stats Service
MONARC Stats Service is a libre software which is providing:
- an API in order to collect statistics from one or several MONARC instances and to return these statistics with different filters and aggregation methods;
- a dashboard that summarizes the current cybersecurity landscape. The charts are based on the statistics collected.
This software can be deployed just next to a MONARC instance or on a dedicated server.
The documentation can be viewed online here.