Case Study for Major European Financial Services Provider

The FinServ Company had a Threat Identification Audit which showed several of its threat models needed redoing. This is where they knew that a threat modeling tool was needed to implement the necessary security and data requirements. IriusRisk had been seen before and it was felt that the diagramming area was very technical, which was feedback at the time, as for the FinServ team, having business considerations - not just technical - and a straightforward interface was crucial. 

IriusRisk was the chosen tool due to the much improved clarity and ease of use of its interface - an important consideration for its development team. IriusRisk also demonstrated that it had listened to prior product feedback, and it could integrate with the FinServ Company’s other technology stack and preexisting security investments. 

The outcomes...

A clear interface - that focuses on the business aspects of threat modeling to have straightforward conversations across teams
Developer adoption - having a tool that looked cool and is easy to use with lots of tasks that support the development team
Demonstrating data quality - by threat modeling with IriusRisk, the team is able to provide the necessary evidence and work for its Threat Identification Audit.

“The biggest impact of IriusRIsk is it enables a self service model of threat modeling, with a low threshold for developers. They can actually start it themselves and everybody who needs to be involved can actually consume, refine, evaluate and understand what has been done by the developers, and help them out where needed as well.“

Product Owner of Threat Modelling, and Team Lead at the FinServ Organization