Find out more about RiskTrees, how to make them, and how to use the RiskTree Designer and Processor. Key pages are highlighted below.

About RiskTrees

In place of the formulaic risk assessment approach set out in the Government IS1&2 process, RiskTree analysis is a more free-form approach (but which is still structured and methodical) that focuses on the goals and processes of the attacker. A RiskTree has a defined 'bad outcome' (the root node), which is the goal of the attacker. It then sets out different ways of achieving that outcome, which are shown as branches of the tree from the root node. Additional information can be layered over the tree to show details such as likelihood or cost. Controls can then be evaluated for each possible branch.

See more »

Using the RiskTree Designer and Processor

The RiskTree Designer and Processor let you build RiskTrees and then quickly create detailed risk assessment reports in an intuitive, browser-based platform. Find out more about these tools using the buttons below.

 Designer »

 Processor »


Questions and answers about RiskTrees and the RiskTree tools provided in this system.

 See the FAQ »