Find out more about RiskTrees, how to make them, and how to use the RiskTree Designer and Processor. Key pages are highlighted below.

About RiskTrees

In place of the formulaic risk assessment approach set out in the Government IS1&2 process, RiskTree analysis is a more free-form approach (but which is still structured and methodical) that focuses on the goals and processes of the attacker.

A RiskTree has a defined 'bad outcome' (the root node), which is the goal of the attacker. It then sets out different ways of achieving that outcome, which are shown as branches of the tree from the root node.

Additional information can be layered over the tree to show details such as likelihood or cost. Controls can then be evaluated for each possible branch.

See more »

Video Guides

Getting started can feel daunting, but don’t worry – we’ve created a short series of bite-sized videos and downloadable PDFs to help get you up and running.

Each section focuses on a specific aspect of RiskTree, so you can learn at your own pace, revisit topics as needed and build a solid foundation to build increasingly complex RiskTrees.

Videos »

Using the RiskTree Designer and Processor

The RiskTree Designer and Processor let you build RiskTrees and then quickly create detailed risk assessment reports in an intuitive, browser-based platform.

Find out more about these tools using the buttons below.

 Designer »

 Processor »

How-to guides

Illustrated guides explaining how to achieve risk outcomes using RiskTree.

 How-to guides »


Questions and answers about RiskTrees and the RiskTree tools provided in this system.

 See the FAQ »