There are three types of tags in IriusRisk: project tags, component tags, and data flow tags. Let's take a closer look at each type of tag and its use cases.
Project tags can be used to categorize and label different projects as a whole. They may be used to indicate the type of application being assessed, the business unit responsible for the project, or the compliance standard or regulation that the project needs to adhere to.
For example, if you're assessing a web application that needs to comply with PCI DSS, you could create a project tag called "PCI DSS" and apply it to all of your projects that are related to PCI DSS compliance.
Component tags are used to categorize and label different components within a project. Components refer to the different parts or elements that make up a system, application, or network. These components can include hardware, software, data, people, processes, and the interactions between them. Component tags can be used to label these different pieces and group them together based on their attributes or characteristics.
For example, if you're building a threat model for a web application, you could create component tags for different parts of the application such as a login page, a search feature, and a payment gateway. You could then apply these tags to the components that belong to each of the different parts of the web application.
Data Flow Tags
Data flow tags are used to categorize and label different data flows within a project. Data flows represent the movement of data between different components and systems within the overall system or application being assessed.
For example, if you're assessing a web application that transmits sensitive customer information to a back-end database, you can use data flow tags to show the type of data being transmitted, which may in turn have an effect on the threats or countermeasures presented.