Welcome to our Blog
From software security to threat modeling to compliance & risk management frameworks (and everything inbetween). We've got it covered.
Featured Posts
Build a Cybersecurity Powerhouse: How to Launch a Successful Security Champion Program
Security Champions are like your cybersecurity sidekicks embedded in every department, making security a shared responsibility. They help you build a cybersecurity-conscious culture from within.
Read MoreLatest Posts
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
June 16, 2022
Threat modeling workflow for Terraform defined architectures using IriusRisk
Terraform is an open-source infrastructure as code software tool created by HashiCorp. Terraform enables you to create, maintain and improve infrastructure reliably and predictably on major infrastructure cloud providers (e.g. AWS, GCP, Azure, OpenStack, CloudStack).
Methodologies & Frameworks
Infrastructure as Code
Cloud Security
June 16, 2022
Threat modeling workflow for AWS Cloudformation architectures using IriusRisk
IaC defined architectures can be a powerful way for developers to shift left and achieve cloud security and compliance in a positive, proactive manner, far before the stack is deployed in the production environment. Here is a guide on using IaC from AWS CloudFormation
Cloud Security
Software security
Threat Modeling
Infrastructure as Code
June 9, 2022
Product Update: Release 4.4
We are pleased to announce the release of IriusRisk 4.4 containing improvements to the home dashboard and reporting, as well as: - A new summary section in the Compliance Report that includes visual charts of compliance with relevant standards
- A Duplicate action for roles that allows you to easily create a copy of an existing role with all of the permissions
- Updated PCI-DSS library to include PCI-DSS v4 and PCI-SSS
Product Release
May 27, 2022
IriusRisk becomes a Technical Member of ISA Security Compliance Institute (ISCI)
The ISA Security Compliance Institute (ISCI) functions as an operational group within ISA’s Automation Standards Compliance Institute.
News
May 6, 2022
IriusRisk Threat Modeling Club Live! What is the Open Threat Model?
Learn about the importance of an open approach to threat modeling in software development.
Infrastructure as Code
May 5, 2022
IEC/ANSI 62443 Example 4 - OT Communications Protocols
This strategy is commonly called “defense in depth”. The standard IEC 62443 addresses all parts of the strategy in- volving all involved actors. The first defense layers result from the practice of OSM by the asset owner and are addressed in IEC 62443-2-1 [6].
Standards, Compliance and Regulations
Threat Modeling
April 27, 2022
IriusRisk appoints Elise Hayes as Strategic Alliance Director for North America
Hayes joins fast-growth startup after partner base quadruples in 2021.
News
April 22, 2022
Product Update: Release 4.3
We are proud to announce the release of IriusRisk 4.3 containing a brand new way to navigate projects, as well as: A new Terraform API endpoint
Concurrent editing of diagrams
New filtering and bulk action for countermeasures
Faster Rules Engine performance
Compliance Report improvements
Plus more…
Product Release
April 6, 2022
IriusRisk Community Edition Hits Four Thousand Users
IriusRisk updates popular free Community edition to add more functionality for an ever growing user base
Community Edition