Product Product The Threat Modeling Tool The industry trusted automated threat modeling tool AI Threat Modeling with Jeff Our powerful AI Assistant which aids you throughout your diagram creation and saves time Bex AI - Conversational Security in Jira Automatically assess and improve the security of your software directly in Jira Services Tailored services to help you elevate your threat modeling and IriusRisk tool Key Features Integrations Fit into your SDLC and existing technology investments Content Library Check how we can help ensure you meet regulatory, industry and operational best practices Get Started Book a demo Pricing Free Community Version Solutions Solutions by painpoint Building Software Securely At every stage of your SDLC Regulation and Compliance Align to regulatory compliance or security frameworks AI & Machine Learning The first ever to threat model AI and ML applications ROI - Forrester Report Forrester Total Economic Impact of IriusRisk Threat Modeling Solutions by need Industry Financial Services Medical Devices Operational Tech Public Services Technology Solutions by role Security Teams Become the hero of the SDLC by increasing development speed while reducing risk. Developers Unleash the power of threat modeling when developers need it and where they want it. CISOs Show the value of your security posture while saving time, money and reducing risk. Resources Blog All the latest news and useful content from the threat modeling world Webinars Live or on-demand, find out what we can teach you Threat Modeling Training Get certified in automated threat modeling, for free Guides & ebooks Who doesn't like free advice and hacks Events Find out where you can meet us, across the globe Documentation All the info and help you need to use our product Methodologies The key ways and methods to threat model Video Grab your popcorn and watch some of our threat modeling content Case studies ‍ Financial Institution Based in America A large financial institution in a regulated market needed an on-premise threat modeling solution. Raiffeisen Bank International Providing an end-to-end solution for threat modeling across the company's network. See all case studies About About IriusRisk Origins Not your average company history! Leadership Team Meet our team helping to bring our vision to life Technical Advisory Board The threat modeling pioneers who help shape what we do Careers Like what you see? Come and work with us Trust, Legal & Security Hub Your trust is our priority. Read how we protect your data, ensure security, and meet compliance Contact We're a friendly bunch, so get in touch Partners Partners Find out more What does partnership look like with IriusRisk Become a partner Team up with and take threat modeling to the world Threat Modeling training with Toreon Effectively scale your threat modeling program Shostack + Associates Training and Accelerator Designed by Adam Shostack: Threat Modeling Training and The Accelerator Program Free Community Version Book a Demo Book a demoTry now 5 proven Threat Modeling methodologies (and when to use each one) Learn how threat modeling and associated methodologies can improve the evaluation of cybersecurity threats, and provide actionable countermeasures. Show me the methodologies How to choose the right threat modeling methodology for your organization Organizations are increasingly aware of the pressing need to bring threat modeling into their cyber security operations. In doing so, businesses can identify, understand and manage the threats they face, protecting them from the evolving threat landscape. However, while organizations are conscious of the need to threat model, it can be daunting to know where to begin. This is in part due to the range of threat modeling methodologies that companies can make use of, as each is a unique approach and provides varied benefits. Among these, the most common are STRIDE, OCTAVE, TRIKE PASTA and MAESTRO. We will unpack these methodologies and how to assess which is right for your organization. STRIDE: useful for analyzing systems and networks if adopters have a strong understanding of their threats. OCTAVE: takes an operational approach as opposed to technological. Great for risk-focused teams. TRIKE: open source approach based upon defense outlooks and techniques. PASTA: a scalable option for collaboration across technical and compliance teams, to consider the probability of attacks. Threat Modeling methodologies... Explained STRIDE OCTAVE® TRIKE PASTA MAESTRO STRIDE STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) is a popular methodology, originally developed by Microsoft. STRIDE is designed to focus on the identification of specific types of threats and vulnerabilities. The advantage of STRIDE is that it allows organizations to analyze systems and networks, classifying threats in a prioritized list, based on the likelihood of them occurring and the scale of their potential impact.