What is a "Component"?
A component refers to the top-level item in a product's threat model and could conceptually refer to anything that can contain use-cases, threats, and countermeasures. In the default data-set provided with IriusRisk, components typically refer to application components such as data stores, web applications, services, clients etc; as well as referring to environments such as a PCI Cardholder Data Environment. There are no built-in restrictions in the definition or content of a Component, it could even refer to a process instead of an architectural component.
Creating a new Component
Creating a new component type requires adding a new Component Definition and add to this component definition the corresponding risk pattern and creating the rules to generate the questionnaire for this new component type.
To create a new Component definition, see the section Component Definition Creation.
And to create new rules for this component definition, see the section Customizing the Questionnaires.
Comments
0 comments
Article is closed for comments.