What are Functional Components?
IriusRisk Functional Components represent and describe key application logic and capabilities, often referred to as application behaviour.
Most development activity happens in the code which runs on that relatively unchanging architecture. You can use functional components to iterate on designs before writing code, or as part of threat modeling user stories.
Identifying plausible cyber threats is a core step in threat modeling, but taking action is what leads to improved security. Development teams need to refine their threat model outputs, determine which countermeasures to act on, identify those that aren’t relevant, and which ones have already been implemented.
IriusRisk wants to ensure that we enable development teams with the ability to Threat Model, so delivering these new Functional Components supports that initiative.
Where are the Functional Components Located?
All of these functional components are stored under the Functional - IriusRisk section of the diagram components.
How To Use Functional Components
To leverage these new components you simply want to place the Functions into a Trust Zone. Remember the Trust Zone is the one diagraming requirement because everything exists somewhere. In this Example we will assume the application will run int he Public Cloud.
Answer the Questionnaires
The key to value with these components is context. We add context by answering the component questionnaires.
- Right Click on the component and select - Complete questionnaire...
- Navigate to the Additional context tab
- Answer the questions to the best of your knowledge
These questionnaires are designed so that developers can answer at their leisure and will not block the development process.
As you can see we have an "unsure" answer that can be selected. You can always come back and update this information in the future as the application evolves. We do however, encourage you to answer even if the answer is "unsure". This simply means that you will have a countermeasure that may or may not be relevant.
As you complete these questionnaires , the state of the countermeasure gets modified. That state could be required, NA, or even implemented. By having the ability to modify the CM state like this , we drastically reduce noise or burden on the developer.
We encourage you to reach out to your development teams and share these new features . Building a Threat Models is definitely a team effort and we hope that adding these new functional components will better enable you and your respective teams .
Comments
0 comments
Please sign in to leave a comment.