Threat modeling for smarter banking and finance

The biggest business benefits from our engagement with IriusRisk, particularly from a senior leadership perspective, have been the overall security improvements.

The value is twofold: first, the direct improvements to products through threat modeling, but also the knowledge gained by product teams in the process. At first we needed to screen through all threats and implement extensive countermeasures.

By applying their learnings from the IriusRisk Threat Model, they are considering security much earlier in the design process.

IriusRisk has taken threat modeling from an inconsistent, manual process to an easily implemented security practice that we can roll out across our product portfolio.

The continuous improvement of the IriusRisk threat and control database means that we can trust that there are no gaps in our threat models and therefore our software is more resilient and secure.

IriusRisk is a key in our Security by Design strategy. It supports our teams involved in building software, (Architects, Devops & Cyber teams and also Developers), allowing us to verify the project risk level at early stages (Shiftleft), also monitoring the implementation and countermeasures alignment using integrations with JIRA or SAST tools.

Likewise, we can verify the GAP between planned at design stage versus implemented, using the capabilities of importing assets already deployed.

IriusRisk isn’t just our tooling. We see IriusRisk as a co-creator of the successful adoption, rollout, and scaling of threat modeling, both across the organization globally, and beyond the security team to DevOps.

This partnership doesn’t stop there; we look forward to exploring the possibilities of enhanced reporting and integration with the other existing tooling in our value chain.