This documentation applies only to IriusRisk v1.x.y
Publishing a Template
Any product with its associated components, use cases, threats, weaknesses and countermeasures can be published as a template. The product can be published from the Action menu on the product listed in the products table.
Publishing a product as a template has the effect of removing it from product list and adding it to the list of templates, which is accessible from the Administration menu.
Using a Template
Templates are be available to all users of the system, including users that belong to other business units. They are displayed on the "Templates" tab of the main questionnaire:
Components included in the template are added to the generated threat model.
Editing a Template
To edit a template, you have to have permissions to edit it, that basically means that you are the owner of the template.
You can then edit a specific template by going to the Templates & Libraries menu option. When you select the template you want to edit, the tabs Architecture, Threats and Countermeasures are enabled.
From that point you can edit the template as if it was a Product.
The changes you make to a Template will be visible on next's Product creation from a Template but the old created products from this Template will not be affected.
Importing or exporting a Template
To import or export a template you have to go to the Templates and Libraries menu option and look for the import
or export options.
We use a simple XML format to represent to Template within the system. This format is easily parseable with common libraries and tools.
Creating Components within Templates
From within the "Threats" tab of the Template simply select “Add Component” from the Action drop-down menu.
This brings up the "Component Details" popup from which we can select standard components in the normal way, alternatively, we can add a new type of component and do so within the "Component Details" tab:
This adds our new component to the Template and we can now see it within the architectural diagram:
From within the "Threats" tab we now have the opportunity to create a new use case for our new component from the "Actions" drop-down as we see below:
And once the new Use-case is in place we can now add new threats or add threats from an existing library.