Summary

IriusRisk allows users to create their own security content and security libraries to address relevant security policies. This article explains how to update custom libraries and models in the case where the default libraries are updated. 

The Security Team can create content for custom libraries or create custom libraries from a default library.

In this case, you have created your own library from a default library. This default library should be disabled to allow you to import your own library into your IriusRisk instance. The article focuses on the changes made once the default library has been disabled and corresponding elements updated with the new content or new components.

Update Notifications

You will receive regular updates via email with respect to the new features and modifications implemented into IriusRisk. The email notifications clearly identify any applicable updates, some examples are shown in the following extract: 

Update Notification Extract

Detailed steps:

Using a new component definition from an updated default library with a disabled status

If the disabled library on the customer instance of IriusRisk has new component definitions added they will be shown on the component palette of your architecture diagram and ready to be used. no risk patterns will be associated with it, this is due to the disabled status of the library.
Customers should review the release notes for applicable updates, they may need a more detailed explanation about “what’s new”, to find out what new components have been defined in the affected libraries and manage any modified relations.

Your current models will not be affected since these components are “new components”, they will not be in use.

CS-Default Library Example

Consider that you have created a custom library from the CS-Default library version 3.5 of IriusRisk following the process described in this tutorial.

Once a new release is issued and includes applicable new content. As mentioned before regarding the email communication with the release notes for the 3.6 version. 

Follow the instructions to update your instance. In order to have your content up-to-date, Revert to the release notes and identify which new components need to be taken into consideration.

Regarding the IriusRisk instance, these new component definitions will be shown as disabled, as well their associated Risk Patterns, this is due to the master library being disabled.

As shown, this new component definition is linked to a new set of Risk Patterns, so these new Risk Patterns are not in your custom library.

So, it is time to put yourselves hands-on:

Once both component definition and library have been identified you have to export the specific library. Even though you have disabled CS-Default to import your custom library you can still export it, so do it!

Click on “Templates and Library” (book icon) in the sidebar on the left:

Exporting the Library

The following tasks must be conducted: 

1. Once both component definition and library have been identified you have to export the specific library. Library export is still available regardless of the CS-Default library disabled status.
   
   
2. Click on “Templates and Libraries” (book icon) located on the left sidebar:
   
   
   
   
3. Then select the disabled (and now already updated) library from which we want to take the new component definitions and anything related to them. In this case, we select “CS-Default”.
   
   
4. Click on the three dots in the “Action” column  and select “Export”:
   
   
   
   A pop-up window is shown giving detailed information about the components duplication process. Click on the “Export” button:
   
   
   
   
5. The file will be processed and you will be prompted to select the destination folder and name of the library file being exported.

Note: The same process should be executed with your custom library in order to update it with the new content.

Add New Component Definitions: 

Once both files have been created and saved, and in order to add these new component definitions to your custom library, follow the next steps:

1. Open the XML file of the disabled default library and find the related component definitions and applicable content identified as Risk Patterns.
   
   
2. Edit the XML corresponding to the disabled library, locate and copy the new component definitions.
   
   
   
   
3. Then paste them in the specific section of the XML file on the custom library.
   
   
   
   
4. Remember to verify that the associated risk patterns already exist in your custom library, otherwise, you will have to copy them from the updated library over to your custom library.
   
   
   
   Note: You can find them defined as “component” nodes in the XML file.
   
   
   
   
5. Increase the revision number of your custom library. You will find the revision in the first lines of the XML:
   
   
   
   
6. Save and go back to the IriusRisk app.
   
   
7. On the row of your custom library, select the “Update Library” action. This will update your instance with the new security content:
   
                            
   
   
8. Now you can either drag&drop the XML file of the new version of your library or search and find it across the directory tree to update your custom library:
   
                            
   
   
9. Now you have your custom library updated successfully.

Update a component definition from a previously disabled updated default library

If the update of the components is related to a new risk pattern associated with the component it will not be associated in the application as mentioned before this is due to the disabled library status.

Component Definition Update Example

Here you can find an example of a component definition replicated from the disabled library. 

The area surrounded in red shows the new Risk Pattern associated with the component definition on the update of the disabled library.

1. This new Risk Pattern is shown as disabled. So, to update your custom library with this new content you should repeat the steps as per the previous example,
   The extract below shows the new Risk Pattern from this example from the image above.
   
   
   
   
2. Now, as in the previous example, you need to search for the new Risk Pattern in the XML file of the disabled library and copy it to your custom library
   
   
   
   
3. Also, it should be associated with the proper component definition in your custom library.
   
   
   
   
4. Increase the revision number of your custom library. You will find the revision with in the first few lines of the XML:
   
   
   
   
5. Save and go back to the IriusRisk app.
   
   
6. Select your custom library and select the “Update Library” action. This will update your instance with the new security content:
   
                            
   
   
7. Now you can either drag&drop the XML file of the new version of your library or search and find it across the directory tree to update your custom library:
   
                            
   
   
   
8.  The custom library should now be updated.

The same procedure can be followed for other updates such as changing names, ref, ID, etc. These can also be integrated into the updated component definition as a new.

Thus, the procedure of including the changes will have to be, by now, the same as explained before.