European Regional Development Funding (FEDER)
A way of making Europe

Project Description

IRIUSCOMMED is a project that is a collaboration between IriusRisk, TMC, and the European Union. The basis of the project is to create a threat modeling community across all EU member states. To encourage the adoption of process and tools in a collaborative manner, sharing knowledge and experience. TMC was set up in 2022 together with IriusRisk and have always shared the values that the EU brings and look forward to work with them to advance the knowledge and adoption of threat modeling across all member states.

This project has been instrumental in delivering ThreatModCon Europe, as well as all the wonderful local chapters we have put together over the recent months. We are delighted to keep promoting and advancing secure-by-design in conjunction with our close partners.

Objectives

  • Increase the effectiveness of threat modeling tools.
  • Analyze and improve the entire value chain of threat modeling in EU member states
  • To raise awareness of what threat modeling is, its real impact and its benefits for companies, organizations, SMEs and infrastructures
  • Evaluate the perception, acceptance and preferences of developers to use and implement the tool in their daily work.

Project tasks

    • Help people starting in Threat Modelling
      • Improve all the steps where the developers have to interact with the platform without having prior knowledge of cybersecurity.
      • Mark the number of potential inputs that the developer receives during the process of creating and design of a threat model so that it does not get overwhelmed.
      • Reduce the number of abandoned threat models that are left uncompleted.
      • Reduce the time taken to complete a threat model.
    • Creation of  Threat Models Diagram
      • Facilitate the elements that make up the components and their data flow relationships for the correct design of an architectural diagram.
      • Show requirements that a diagram must meet to be good enough to generate a secure threat model.
      • Help to correctly select design priorities and which complements to implement at all times according to the design and business needs.
    • Understand threat and counter threats
      • Generation of rule engines
      • Generation of counter threats
    • Functional risk pattern
      • Creation of functional components
      • Develop a drag and drop solution
    • Create a threat model community
      • Create a proactive user community that shares information and constantly improves the state of the art, as well as identifying new threats, counter-threats and risk patterns for the community.

Results

The project has surpassed all the milestones predicted, including the creation of the largest and only EU Threat Modeling conference (two years and counting). And has further developed local chapters that span the continent.

We would like to thank all involved in the project as we, as usual, race towards our new goals.