Welcome to our Blog
From software security to threat modeling to compliance & risk management frameworks (and everything inbetween). We've got it covered.
Featured Posts
March 15, 2024
Build a Cybersecurity Powerhouse: How to Launch a Successful Security Champion Program
Security Champions are like your cybersecurity sidekicks embedded in every department, making security a shared responsibility. They help you build a cybersecurity-conscious culture from within.
Read MoreLatest Posts
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
August 16, 2022
Evolving Threat Modeling - Taking Longer Strides
For those of us not intimately familiar with the subject; threat modeling is a structured process which allows us to identify security requirements, recognize security threats and potential vulnerabilities. Ultimately allowing us to quantify threats, determine the criticality of vulnerabilities and prioritize remediation methods.
Risk Management
Software security
Threat Modeling
August 4, 2022
Product Update: Release 4.6
We are excited to announce the release of IriusRisk 4.6 which includes these new enhancements and features:
Product Release
August 4, 2022
New Dataflow Library in IriusRisk v4.6
Data flow diagrams (DFDs) are graphical representations of a system architecture and its primary purpose is to model how data flows through a system. DFDs became popular in the 70s when they were used for structured analysis and design, and have maintained their popularity since then because they're easy to understand.
Product Release
Threat Modeling
July 27, 2022
IriusRisk launches infrastructure-as-code to enable automatic threat modeling of cloud-native designs
Cyber security firm evolves platform to the next generation of threat modeling
Infrastructure as Code
June 29, 2022
IriusRisk and Methods partner to deliver automated threat modeling for public sector software
IriusRisk and Methods join forces to enhance the security of public sector services through embedded threat modeling, reducing vulnerabilities in applications and fostering cross-functional collaboration in software development for UK government entities.
Standards, Compliance and Regulations
Software security
Intro to Threat Modeling
June 20, 2022
STRIDE and CAPEC with IriusRisk
IriusRisk is a pattern based threat modeling tool that enables organizations to rapidly accelerate their threat modeling process by helping them to map the two most important actionable outputs of a threat modeling process; the threats, and their appropriate mitigation.
Methodologies & Frameworks
Compliance & Regulation
June 16, 2022
Threat modeling workflow for Terraform defined architectures using IriusRisk
Terraform is an open-source infrastructure as code software tool created by HashiCorp. Terraform enables you to create, maintain and improve infrastructure reliably and predictably on major infrastructure cloud providers (e.g. AWS, GCP, Azure, OpenStack, CloudStack).
Methodologies & Frameworks
Infrastructure as Code
Cloud Security
June 16, 2022
Threat modeling workflow for AWS Cloudformation architectures using IriusRisk
IaC defined architectures can be a powerful way for developers to shift left and achieve cloud security and compliance in a positive, proactive manner, far before the stack is deployed in the production environment. Here is a guide on using IaC from AWS CloudFormation
Cloud Security
Software security
Threat Modeling
Infrastructure as Code
June 9, 2022
Product Update: Release 4.4
We are pleased to announce the release of IriusRisk 4.4 containing improvements to the home dashboard and reporting, as well as: - A new summary section in the Compliance Report that includes visual charts of compliance with relevant standards
- A Duplicate action for roles that allows you to easily create a copy of an existing role with all of the permissions
- Updated PCI-DSS library to include PCI-DSS v4 and PCI-SSS
Product Release