RiskTree - Help

Introduction

A Hazard is a type of risk that can be included in a RiskTree. It represents risks that are not caused by a malicious attacker, but instead occur by accident. This could include a flood, a power failure, or a piece of equipment failing. It will have different assessment values to an attack risk. In place of the four attacker values, RiskTree uses a single value for the likelihood of the attack; this expresses the probability that the attack will occur, from highly unlikely (1) to highly likely (6). Hazards are indicated in RiskTree with a symbol.

Creating a Hazard risk

To set a risk as a Hazard, simply click on the Hazard checkbox when creating the risk node. This will automatically change the selection of risk assessment values for the node. Intermediate nodes (i.e., those with children) can be defined as Hazards too. It is good practice not to mix Hazards and attacks, so we recommend creating one or more branches of your RiskTree for Hazards, with all of the nodes set with this flag. RiskTree will not let you create attack nodes as children of Hazard nodes.

Hazard nodes are identifiable from the symbol on them. If they have assessment values, these will be in white text on a blue stripe, as shown below.

The editor for a Hazard node is as follows:

In this example, the Hazard checkbox has been ticked and disabled, because it is the child of another Hazard node and therefore it must also be a Hazard.

Within the risk table (on the Risks tab), Hazards will be identified with the symbol, and the Likelihood value will span the columns normally used for attacker assessment values.

Hazard countermeasures

The countermeasures applied to Hazard nodes have risk affectors for the same three assessment values, and are referred to as Hazard countermeasures. They will be shown in the Countermeasure table with the likelihood value spanning the attacker assessment value columns.

Since they have different risk affectors, they cannot be copied onto nodes that are not Hazards (either as a new countermeasure or a linked countermeasure). Similarly, countermeasures from standard risk nodes cannot be copied onto Hazard risks. In either case an error will be shown.

Error when pasting a Hazard countermeasure

Converting nodes

Existing nodes can be converted between attack and Hazard states by selecting Edit node from the node menu and changing the Hazard tickbox. You cannot convert some nodes:

Nodes with children that are not Hazards: the children must be converted to be Hazards first
Nodes with parents that are Hazards: the parents must be converted first
Nodes with linked countermeasures: the countermeasures will need to be unlinked first

When the checkbox is changed, the assessment value fields will be updated to reflect the type of assessment values required. All of the values on the node will be reset. If you did not intend to change the node type, click on the Cancel button, and the changes will be cancelled.

If you convert a node that has countermeasures, the countermeasures will be converted as well. The damage and replay assessment values will remain the same, but all other assessment values will be reset to No effect. You will need to update each of the countermeasures as required. A message box will be displayed to remind you to update the countermeasures.