Find out more about RiskTrees, how to make them, and how to use the RiskTree Designer and Processor. Key pages are highlighted below.
In place of the formulaic risk assessment approach set out in the Government IS1&2 process, RiskTree analysis is a more free-form
approach (but which is still structured and methodical) that focuses on the goals and processes of the attacker.
A RiskTree has a defined 'bad outcome' (the root node), which is the goal of the attacker. It then sets out different ways of achieving that outcome, which are
shown as branches of the tree from the root node.
Additional information can be layered over the tree to show details such as likelihood
or cost. Controls can then be evaluated for each possible branch.
Getting started can feel daunting, but don’t worry – we’ve created a short series of bite-sized videos and downloadable PDFs to help get you up and running.
Each section focuses on a specific aspect of RiskTree, so you can learn at your own pace, revisit topics as needed and build a solid foundation to build increasingly complex RiskTrees.
The RiskTree Designer and Processor let you build RiskTrees and then quickly create detailed risk assessment reports in an intuitive, browser-based platform.
Find out more about these tools using the buttons below.
Illustrated guides explaining how to achieve risk outcomes using RiskTree.
Questions and answers about RiskTrees and the RiskTree tools provided in this system.