Metadata lets you add additional information to your nodes and countermeasures. You can decide on the names of the new fields, and the format of the data that they take. For example, you might want a field to store a detailed risk statement for each risk, an owner for a countermeasure, or the review date for a risk. They are defined using the Config Creator tool and then imported into the RiskTree Designer for use. The metadata can be seen in the risk assessment reports produced by the RiskTree Processor.
A tag is simply a label of up to seven characters that is shown in white text on a coloured background, like this: tag. Within a RiskTree, a risk assessment report, and a tag library, tag names must be unique.
A tag set is a collection of tags that belong together. For example, RiskTree includes a set of tags for the ISO27001 standard, allowing you to tag your countermeasures so that you can relate them easily to the standard. You could create a tag set for your risk owners, and then tag each risk with its owner.
A tag set can be created using the Tag Manager tool. This can also be used to edit an existing tag set, or to extract tags from a RiskTree file.