Product

Product

The Threat Modeling Tool
The industry trusted automated threat modeling tool

AI Threat Modeling with Jeff
Our powerful AI Assistant which aids you throughout your diagram creation and saves time

Bex AI - Conversational Security in Jira
Automatically assess and improve the security of your software directly in Jira

Services
Tailored services to help you elevate your threat modeling and IriusRisk tool

Key Features

Integrations
Fit into your SDLC and existing technology investments

Content Library
Check how we can help ensure you meet regulatory, industry and operational best practices

Get Started

Book a demo

Pricing

Free Community Version

Solutions

Solutions by painpoint

Building Software Securely
At every stage of your SDLC

Regulation and Compliance
Align to regulatory compliance or security frameworks

AI & Machine Learning
The first ever to threat model AI and ML applications

ROI - Forrester Report
Forrester Total Economic Impact of IriusRisk Threat Modeling

Solutions by need

Industry
Financial Services
Medical Devices
Operational Tech

Public Services
Technology

Solutions by role
Security Teams
Become the hero of the SDLC by increasing development speed while reducing risk.

Developers
Unleash the power of threat modeling when developers need it and where they want it.

CISOs
Show the value of your security posture while saving time, money and reducing risk.

Resources

Blog
All the latest news and useful content from the threat modeling world

Webinars
Live or on-demand, find out what we can teach you

Threat Modeling Training
Get certified in automated threat modeling, for free

Guides & ebooks
Who doesn't like free advice and hacks

Events
Find out where you can meet us, across the globe

Documentation
All the info and help you need to use our product

Methodologies
The key ways and methods to threat model

Video
Grab your popcorn and watch some of our threat modeling content

Case studies
‍
Financial Institution Based in America
A large financial institution in a regulated market needed an on-premise threat modeling solution.

Raiffeisen Bank International
Providing an end-to-end solution for threat modeling across the company's network.

See all case studies

About

About IriusRisk

Origins
Not your average company history!

Leadership Team

Meet our team helping to bring our vision to life

Technical Advisory Board

The threat modeling pioneers who help shape what we do

Careers

Like what you see? Come and work with us

Trust, Legal & Security Hub

Your trust is our priority. Read how we protect your data, ensure security, and meet compliance

Contact

We're a friendly bunch, so get in touch

Partners

Partners

Find out more
What does partnership look like with IriusRisk

Become a partner
Team up with and take threat modeling to the world

Threat Modeling training with Toreon

Effectively scale your threat modeling program

Shostack + Associates Training and Accelerator

Designed by Adam Shostack: Threat Modeling Training and The Accelerator Program

Free Community Version
Book a Demo

Book a demoTry now

Threat Modeling to aid Regulatory Compliance

Identify and remediate modern cyber threats and align to regulatory compliance or security frameworks. Choose IriusRisk's automated and intuitive threat modeling platform.
Get Started

Why Threat Modeling, and why now?
Choosing not to threat model is no longer an option.

‍In May 2021, The White House and President Biden's administration issued an Executive Order (EO 14028) - Improving The Nation's Cybersecurity - stating that a top priority for the administration would be the prevention, detection, response and investigation of all information systems managed and controlled by all Government Agencies.

To implement the EO 14028, in February 2022, the National Institute of Science and Technology issued the Secure Software Development Framework guidance (currently at revision SSDF 1.1) and related Software Supply Chain Security Guidance. The NIST SSDF states that you have to "Produce Well-Secured Software" under task PW.1.1. and that stipulates that you have to do threat modeling. PW.2.1. states that you have to review the software design for compliance. Find full details here.

Also in May 2022, the Office of Management and Budget (OMB) stated that all Federal Agencies and their relevant software suppliers must demonstrate compliance with SSDF 1.1. Currently OMB is working with all Agencies and Suppliers towards that goal in order to secure their funding.

Other frameworks and standards.

NIST Secure Software Development Framework (SSDF) 1.1
Stated specifically within the guidelines under Control Ref SA-8, Section PW.1.1 - that some form of Risk Modeling (including Threat Modeling) must be done to assess the security risk for software and must comply with a variety of standards - including NIST CSF, IEC62443, ASVA, NIST 800-53 and many others.
‍
Learn More

Cybersecurity Act by Singapore's Cybersecurity Agency
Singapore's 2018 Cybersecurity Act indirectly makes it a criminal offence not to perform cybersecurity risk assessments which include threat modelling, on computers and systems that have been designated by the Cybersecurity Agency (CSA) as Critical Information Infrastructure (CII).

Learn More

FDA Playbook for Threat Modeling Medical Devices
To increase adoption of threat modeling throughout the medical device ecosystem, the United States Food and Drugs Administration (FDA) engaged with the Medical Device Innovation Consortium (MDIC), the MITRE Corporation and Adam Shostack & Associates to conduct threat modeling bootcamps. The resulting playbook discusses best practices for applying modern threat modeling techniques.

Learn More

Mandates and legislation not isolated just to the United States or Europe.
Although the USA is arguably leading the way for others to follow, such as Europe, other geographies such as APAC, have passed laws on cybersecurity even before the publicised Executive order in 2021. The Republic of Singapore passed its Cybersecurity Act in March 2018. It indirectly makes it a criminal offence not to perform cybersecurity risk assessments - which include threat modeling.

Security frameworks, standards and mandates aren't just happening at different levels regionally, but they are developed for specific-industry needs too. For example, IEC 81001-5-1:2021 for health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle.

How can IriusRisk threat modeling support regulation efforts?

Supports compliance efforts with full audit trails and threat model history

Easy collaboration across teams, geographies and specialisms, to keep key stakeholders informed

Increases security remediation with built-in Security Standards such as FedRamp, NIST and Mitre ATT&CK

Informed decision-making, prioritizations and faster implementation

With IriusRisk's threat modeling tool, all Federal Agencies and relevant suppliers can take immediate action to align their cybersecurity practices with the principles and guidelines outlined in the NIST Cybersecurity Framework - SSDF 1.1. The IriusRisk threat modeling tool can aid software vendors to comply with multiple requirements detailed within NIST's Secure Software Development Framework (SSDF).

Our comprehensive Security Libraries identify vulnerabilities and provide specific recommendations on countermeasures with many of the standards and requirements as specified in SSDF 1.1 PW tasks.

What are you waiting for? Try now for free.
Get a lifetime subscription. You won't be disappointed. And it only takes 60 seconds.

You'll have access to the Security Content Libraries, a growing list of almost 700 components, and a full list of threats and countermeasures.

Take a Look

Product
Threat Modeling Tool
IriusRisk Reporting
Integrations
Content Library
Updates

Get Started
Pricing
Services
Free Community Version
Book a Demo

Solutions
Building Secure Software
Infrastructure as Code
Case Studies

Regulation & Compliance
AI & Machine Learning
Secure by Design

Industry
Financial Services
Operational Technology
Medical Devices
Public Services
Technology

Role
CISO
Security Teams
Developers

Resources
Blog
Events
Webinars
Guides & eBooks
Forrester Study
Customer Updates
Newsletter sign up

About Us
Our Story
Partners
Leadership Team
Technical Advisory Board
Careers
Trust, Legal & Security Hub
Contact

Subscribe to our newsletter

Legal | Privacy Policy | Cookie Policy