IruisRisk Documention
Introduction
The Four-Question Framework for Threat Modeling
Question 1: What are we working on - Creating a threat model
Create a diagram from scratch 
Trust zones and components 
Adding Component details 
Changing Component Visibility by Business Unit
Answer our questionnaire to create a diagram 
Import a template
File Import Feature
Use our AI Assistant, Jeff 
Embedded IriusRisk Project Diagrams in external tools
Question 2: What can go wrong - Assessing Threats in IriusRisk
Analyzing the threats
Filter Threats and Countermeasures by Custom Fields
Threat Details
Fields: Threat Details
Impact: Threat Details
Risk Summary: Threat Details
Risk types and their explanations
Test State: Threat Details
Question 3: What are we going to do about it - Countermeasures
Change the Countermeasures Status
Seeing countermeasures applicable to a Standard
Create Issue Trackers from your Countermeasures
Configuring your Issue Trackers
Question 4: Did we do a good job
Reporting
Compliance Report
Current Risk Summary Report
Technical Countermeasure Report
Technical Threat Report
Export your threat model
Risk Score
Configurable Options in IriusRisk
Security Content
Risk pattern libraries
Risk Calculation
Security Classifications
Standards
Templates
Objects
Components
Assets
Trust Zones
Deleting Tags in Dataflows and Risk Pattern
Workflows
Custom Fields
Rules
Integrations & Imports
Miscellaneous
Version History
See Threat Model Output (Threats and Countermeasures) Changes Over Time
Automated Component Change Detection in IriusRisk
Copy the Project link to share with others
Audit Log
Deleting Tags in Dataflows and Risk Pattern
User Management
APIs to use UUID rather than Username
Using SAML as an authentication-only identity provider
Objects

Objects

4
min
Last updated
September 24, 2024
Workflows

Contents

Components

Assets

Trust Zones

Deleting Tags in Dataflows and Risk Pattern

Objects include assets, components and trust zones as three separate drop downs. We also explore the use of Tags at the end of this section.

Components 

If you navigate here, you will see a very long list of existing component groups, for various uses and technologies. These are grouped for example by ‘Alibaba Cloud’ which you can then expand to see each component associated to Alibaba:

If you click on any of the components, you see a tab with further details. From here you can toggle to make a component ‘not visible’ for example, if it is an item that is not relevant to your architecture or is perhaps out of scope so you want to remove the option to see use it. In addition, you can change the component image from here. As per the below example. 

To create your own component, select the ‘New component’ button. Again you can choose an image if you wish, write the name, associate it to a grouping of components such as AWS. Type in your description, and then at this point, you're able to add the source of threats by choosing from the drop down, and the same for the Risk patterns. Don’t forget to press ‘Create’. 

Assets

In this section this is your assets relating to data such as customer information, credit card data and so on. You can add your own in the same way as components, by selecting ‘New’ and completing a couple of fields including selecting a Security Classification from the drop down. 

You will then see the new Asset listed alongside the others with its own CIA score:

Trust Zones

There will be some predefined trust zones in here such as Internet, and Public cloud. Each has a risk rating based upon how ‘trusted’ these zones are. For example a private secured zone will have a very high trust rating, whereas the internet will be very low. 

Creating a new trust zone is very straightforward. Select the ‘New’ button, and enter the name, reference, description and % of trust you want to apply to the new trust zone. 

Configure Trust Zone Visibility

You can also configure the visibility of Trust Zones at a Business Unit level. This will allow for individual Trust Zones to be restricted to the Business Units of users who need to see them, ensuring that sensitive items remain secure and improving user experience by allowing for more focussed user selection. By default all trust zones will be visible.

Go to ‘Objects’ at the top of the screen (you will need to exit your threat model/ Project) in order to find this menu. Under ‘Objects’ select Trust ‘Zones’. Next, select the Trust Zone you wish to edit, and a model will come in like the below, simply toggle the blue ‘Yes’ button to ‘No’.

Once this has been toggled to ‘No’ you are able to select the Business Units of your choice from the drop down like so:

 

Deleting Tags in Dataflows and Risk Pattern

You may be using multiple tags across your projects and want to remove them. Deleting tags in dataflows and risk patterns is now possible via the API. Please note that deleting a tag will remove all instances of that tag across all projects. We will be introducing the ability to delete these tags in the UI coming in release 4.33 (end of October 2024).

Close Modal