IruisRisk Documention
Introduction
The Four-Question Framework for Threat Modeling
Question 1: What are we working on - Creating a threat model
Create a diagram from scratch 
Blueprint vs a full threat model
Trust zones and components 
Adding Component details
Spotting Unanswered Questionnaires to Improve Accuracy
Creating Tags
Tooltip update for unsynced components
Replacing trust zones in the diagram  
Replacing components in the diagram 
Copy the Project link to share with others 
Changing Component Visibility by Business Unit
Answer our questionnaire to create a diagram 
Create from a template
Import from a diagramming tool or Infrastructure as Code (IaC)
Keeping DrawIO diagrams format when importing
Custom Mappings for Jira
Importing LeanIX Diagrams
Expanded Azure DevOps Field Mapping
Lucidchart and Visio Diagram Imports
Use our AI Assistant, Jeff 
(BETA) Import from AWS Cloud
Embedded IriusRisk Project Diagrams in external tools
Question 2: What can go wrong - Assessing Threats in IriusRisk
Analyzing the threats
Filter Threats and Countermeasures by Custom Fields
Threat Details
Fields: Threat Details
Impact: Threat Details
Risk Summary: Threat Details
Risk types and their explanations
Test State: Threat Details
Weaknesses with no Countermeasures
Question 3: What are we going to do about it - Countermeasures
See the Countermeasures in the diagram itself
The Threats & Countermeasures tab
Smart Views: AI-powered Views
Multiple Select for Countermeasures
Change the Countermeasures Status
Seeing countermeasures applicable to a Standard
Create Issue Trackers from your Countermeasures
Configuring your Issue Trackers
Question 4: Did we do a good job
Reporting
Compliance Report
Current Risk Summary Report
Technical Countermeasure Report
Technical Threat Report
Export your threat model
Risk Score
Report Deletions
Configurable Options in IriusRisk
Security Content
Risk pattern libraries
Model Questionnaire Builder
Risk Calculation
Security Classifications
Standards
Templates
Objects
Components
Component details and image
Create a custom component 
Component questionnaire builder
Assets
Trust Zones
Deleting Tags in Dataflows and Risk Pattern
Workflows
Custom Fields
Rules
Integrations & Imports
Project Roles and User Access
Set users role in a Business Unit (BU)
Miscellaneous
Archiving Projects
Version History
Automated Component Change Detection in IriusRisk
Copy the Project link to share with others
Audit Log
Export your Project List as XML
Deleting Tags in Dataflows and Risk Pattern
IAM Roles authentication for pulling projects from an AWS Cloud
APIs to use UUID rather than Username
Authentication and SAML configurations via the user interface
Widget displaying risk reduction across projects
Searching for Projects in your Project List
Question 2: What can go wrong - Assessing Threats in IriusRisk

Question 2: What can go wrong - Assessing Threats in IriusRisk

Know your enemy. Be aware of your threats and weaknesses.

2
min
Last updated
December 3, 2025

Contents

Analyzing the threats

Threat details

A video overview of Threats (and Countermeasures) is available here.

As you will know, there are many risks when building applications, this is the ‘what can go wrong’ question. After updating your diagram the IriusRisk Rules Engine and security content proves its value. The tool automatically identifies risk patterns and recommends countermeasures (security controls) to mitigate the threats. It leverages automation to provide the threats associated with your application or architecture, sorts them by component and use case, and gives them a level of priority. 

See the Threats in the diagram itself

You can navigate to the full Threats & Countermeasures tab, as per the instructions below, however you can also see this information directly in the diagram view, without having to leave this area. This can be helpful to get snapshot information side by side quickly. Click on the component and you will see a shortcut menu which includes the threat (and countermeasure) details. These views can be expanded or compared side by side. 

Navigate to the Threats & Countermeasures tab 

If you go to ‘Home’ at the top of the screen, you will be taken to your dashboard for that project. Here you are shown your Threat risk distribution, your Countermeasures states, and your Test results. These charts will dynamically change as you assess and mitigate your threats. Top left also gives your model an overall risk score, and tally of your threats and countermeasures. 

Analyzing the threats
Close Modal