Once you have built your RiskTree® and have assessed the intrinsic risks, you’ll want to start showing how they are mitigated. When you put the assessment values onto the tree you excluded the effects of any controls. This step is where you factor them in.

RiskTree® has two types of countermeasure: existing and target. Existing countermeasures are things that you already have in place and which hopefully reduce the risk levels. Target countermeasures are things that you could do to further reduce risk. They might be controls that you are already planning to implement, or controls that you’d like to explore in more detail to see what their effect might be.

Countermeasures are added to the RiskTree® through the node menu.

Node menu

Click on the Countermeasures option, which will open the Countermeasures box. You’ll need to provide a name for the countermeasure, and then consider how it affects risks. For example, encrypting a database might make it more costly for an attacker (as they have to spend more time, or put more computing effort into the decryptions) as well as more complex. Typically, a countermeasure will affect between one and three assessment values. The indicators to the right of each drop-down show you whether the change will reduce or increase risk.

Countermeasures box

You also have to state whether the countermeasure exists. If it does, it contributes to the residual risk level. Those that do not exist will only be taken into account when the target level of risk is calculated. The target level can be used for performing ‘what-if’ analysis, or for holding information from a backlog of development features.

If you want to add any notes or evidence about the countermeasure, click on the button with the speech bubble. As with nodes, this allows formatted text to be provided and the speech bubble will be filled in when notes exist.

Complete your countermeasure by clicking on the Update and close button. You will see the countermeasure attached to the bottom of the risk as a small coloured disc. These will be green for existing countermeasures, and blue for target. The disc will contain a reference number for the countermeasure. This number is used throughout RiskTree, prefixed CM (for countermeasure).

Countermeasures in RiskTree

Details for your new countermeasure will also appear in the Countermeasures tab:

Countermeasures tab

Countermeasure effects

When you put a countermeasure on a node, it will affect all of the end nodes below it in the tree. For example, in our sample tree if we show that the hosting company has a strong and effective audit system that would detect any of the attacks in its branch, we could put this as a countermeasure on the Hosting company node. All six of the risks in the diagram above would then be mitigated by this one countermeasure.

How putting a countermeasure on a node, will affect all of the end nodes below it in the tree

Countermeasures can be edited via the countermeasure menu which, as for nodes, appears when you move the mouse cursor over the countermeasure disc.

Countermeasures menu

Clicking Edit countermeasure will open the same box that you used to create the countermeasure, but with all of the information about the countermeasure populated. The speech bubble icon for Add notes/evidence will be solid if you have created any notes.

Copying countermeasures

If the same countermeasure needs to be presented on multiple branches of the tree, you can use the copy function. Select Copy countermeasure on the countermeasure menu. Then, move your cursor over the node onto which you want to paste, and select Paste…. The paste side menu will appear, with two options: …as copy, and …as link.

Countermeasures menu paste option

Pasting as a copy will create a new countermeasure on the chosen node, with the same name, values, and other attributes as the original countermeasure. It will have a new reference number through, and is completely independent of the original. Any changes that are made to the original will not affect the copy, and vice-versa.

By comparison, pasting a countermeasure as a link will create the countermeasure on the chosen node with the same reference number. It is the same countermeasure, and changes made to any instance of it will also be made to all other instances with the same reference number.

You can also paste all of the countermeasures from a selected node onto another node. Open the node menu on the originating node, and select Copy node. Go to the destination node, open the node menu, and select Paste countermeasures. All of the countermeasures will be pasted onto it. They can be pasted as copies, or as linked countermeasures. To set this behaviour, go to the Settings box, select the Functionality tab, and select/deselect the option to Create new copies of countermeasures when pasting nodes.

Settings menu

If you have created a linked countermeasure, but then realize that it should be a separate (although presumably similar) countermeasure, select the Unlink option from the countermeasure menu. The countermeasure will remain, but will be given a new number.

Deleting countermeasures

For a countermeasure that exists on one node only, selecting Delete from the countermeasure menu will instantly remove the countermeasure. The remaining countermeasures with higher reference numbers will be renumbered to ensure that there is no gap in the numbering.

For countermeasures on multiple nodes, there are two options on the countermeasure menu. Delete all copies will remove every countermeasure with the same number from the RiskTree project. If you just want to remove the instance of the countermeasure that has been selected, click on Remove from this node.

Moving countermeasures

Sometimes you create a countermeasure on a node and then realize that it applies to the other nodes that share a parent, and so the countermeasure would be better located on the parent node. This is easily achieved by clicking on the Move up option on the menu. Alternatively, you might have a countermeasure on a parent node and realize that it applies to some, but not all of the child nodes. In this case, select Move down on the menu. The countermeasure will be duplicated across all of the children, and can then be removed from those that it does not affect. When a countermeasure is moved down, all of the new countermeasures will be linked, and have the same reference number as the original countermeasure.

Calculating risks

Once your RiskTree is populated with countermeasures, you will be able to calculate residual and target risk assessments. These will appear as options on the Identify and Assess menu, as well as the calculate option on the circular menu:

Menu

Selecting either of these options will start the calculation process, which will display a progress bar. Once complete the risk scores will be displayed in a table which will now include rows for residual and (if selected) target risks.

Risk summary

In the Risk Table tab, each risk will show the three types of risk stacked vertically:

Risk detail

The example above shows a risk that is intrinsically VERY HIGH, is reduced to HIGH at residual (because of the effect of CM1), and could be reduced further to a target level of MEDIUM-HIGH if CM4 is provided. Clicking on the countermeasure references will show the detail of the countermeasure.