Maintaining accurate and up-to-date threat models is crucial for effective risk assessment and mitigation. As threats evolve and countermeasures are implemented, you want to ensure that you can easily identify and prioritize the most critical risks.
To address this challenge, you have the option to remove weaknesses without countermeasures at both the project and global levels. This feature works in conjunction with the rules engine, which automatically identifies and removes threats and countermeasures that are no longer applicable. By removing empty weaknesses alongside outdated threats and countermeasures, our automated feature ensures that your threat models remain clean, focused, and actionable.
You can configure this feature globally, applying the automatic removal of weaknesses without countermeasures across all your projects. To do this,
- Navigate to your global settings from the home page, via the 'gear' icon and 'settings'
- Enable the option 'Automatically remove weaknesses without countermeasures identified' and enjoy a consistent experience throughout your IriusRisk environment.
For more granular control, you also have the option to set at project-level, allowing you to customize the behavior based on your specific project requirements. To do this:
- Open the project you wish to enable the setting for
- From the 'Home' tab within the project, select the 'gear' icon and 'settings'
- In the 'General' tab, you have the option to enable 'Automatically remove weaknesses without countermeasures identified'
With this, you can simplify your threat modeling process, ensuring that your threat models remain accurate and focused. By automatically removing weaknesses without countermeasures, you can spend more time analyzing and addressing the most critical aspects of your security posture.