Tags are a way of placing multiple layers of data into a RiskTree. They are independent from the tree structure, and can be used to generate different types of report. You can place tags on both nodes and countermeasures. Tags belong to groups, known as tag sets. You can load pre-built tag sets that are included with RiskTree, create your own tag sets and load them, or dynamically create tags whilst building a tree. Information about your tags is found on the Tags tab in both Designer and Processor. Both the Risks and Countermeasure tabs will show details of the tags within their information tables.
A tag is simply a label of up to seven characters that is shown in white text on a coloured background, like this: tag. Within a RiskTree, a risk assessment report, and a tag library, tag names must be unique.
A tag set is a collection of tags that belong together. For example, RiskTree includes a set of tags for the ISO27001 standard, allowing you to tag your countermeasures so that you can relate them easily to the standard. You could create a tag set for your risk owners, and then tag each risk with its owner. A tag file can contain multiple tag sets – for example, the MITRE ATT&CK tag library file contains both Techniques and Mitigations. Each tag set can be set to apply to Nodes, Countermeasures, or both.
A tag set can be created using the Tag Manager tool. This can also be used to edit an existing tag set, or to extract tags from a RiskTree file.