Introduction
IriusRisk allows the user to delete threats from a threat model. We offer full control over manually created threats. This can be characterized by selecting a threat, whereby a 'Manually created' label will be assigned.
We do, however, provide some limitation when a threat is imported from a library, whether that be a default or custom library.
This article intends to explain the rules logic associated with this scenario to help explain the limitations and help explain any unexpected behavior.
The use case
Our rules engine continuously performs a series of checks for certain conditions and will fire certain actions based on those conditions.
One of these is a check for use case content.
Whenever the rules engine identifies an empty use case, it will import that entire use case back into the project, pulling data from the library the content originated.
Working example
To show the above behavior in action, let's take an example where we have a use case and under that use case we have two threats.
If I was to delete these two threats so that we have an empty use case as follows, let's note the behavior.
On threat model update (or navigation away from the threats screen), note how these two threats are re-imported to our threat model as the check for use case content has failed.
Hopefully this helps explain why our threats are being added back.
Suggested workflow to nullify threats from a library
If we have imported threats that we wish to nullify, we must make use of the follow functionality:
- Accept Risk - this is used when we accept the risk but we do not value mitigating this threat. We are acknowledging the risk but do not plan to tackle it.
- Not Applicable - this is used when we do not accept the threat as applicable for our threat model.
Exceptional behaviors
As noted above, the check to re-import threats from the library is met whenever there is an empty use case. This means all threats under this use case must be missing. This means that so long as some content is present, the missing threats will not be added back.
Comments
0 comments
Article is closed for comments.