Sign-up for a RiskTree trial >>

RiskTree purple logo

Cyber Security News and Insights

Category: RiskTree

Pass on probaility impact graphs

Pass (on) the PIGs

Probability/impact graphs have been used for a long time to assess risk, especially in spreadsheet-based risk registers. They give a misleading impression of risk levels though and hence organisations should be using alternative, and better approaches.
Read More
Tony Badsey-Ellis receiving his chartered cyber security professional certificate

2T SECURITY AMONG INDUSTRY’S FIRST CHARTERED CYBER SECURITY PROFESSIONALS

The UK Cyber Security Council ushered in the UK's first cohort of chartered cyber security practitioners this October. This followed the launch of its first pilot schemes last year, with an awards ceremony taking place in London. Tony Badsey-Ellis and Tony Beadle from 2T Security were among the first 40 to gain chartered status.
Read More
Understanding Risk Banner (800 × 400px) (1)

Understanding Intrinsic, Residual and Target Risks

When you start using RiskTree, a powerful risk assessment tool, it's important to grasp the nuances of different risk types: intrinsic, residual, and target. These terms sometimes spark confusion, as their meanings aren't always universally clear. Let's demystify these concepts for a clearer understanding.
Read More
bow-ties (800 × 400px) (800 × 400px) (2)

Bow Ties and Attack Trees for Risk

This post details why we implemented bowtie analytics in RiskTree. And, how RiskTree users can now build bow tie diagrams from their existing trees.
Read More
how to implement Boolean Logic in risktree

How to Implement Boolean Logic in RiskTree

Boolean Logic is a form of algebra that is centered around three simple words known as Boolean Operators: “Or,” “And,” and “Not.” If you're wondering how how to apply this in RiskTree, this post will help!
Read More
why should I use attack trees?

Why should I use attack trees?

Attack trees allow you to build a structured model of your risks. These can be quickly and easily updated as changes are made to the system being assessed. Rather than being an unwelcome annual process, updating the risk assessment becomes part of the day-to-day process. If you’re building a new system, it will integrate with project management, creating a virtuous circle..
Read More
banner montage, representing Attack Trees

Boost Your Risk Management Strategy with Attack Trees

Find out why the National Cyber Security Centre recommends using Attack Trees for understanding and addressing cyber risks. And, how RiskTree systematically analyses risks to support clear decision-making and a purposeful risk strategy.
Read More
Concept of cyber security in two-step verification, multi-factor authentication, information security, encryption, secure access to user's personal information, secure Internet access, cybersecurity.

Principles are good, but exceptions are OK

Recently we discussed the security of RiskTree with a client, who ran through the NCSC Cloud Security Principles. Since RiskTree is delivered as software-as-a-service, this made sense. One point that arose was the lack of Multi-Factor Authentication (MFA) in use: CSP Principle 10 states that 2FA is ‘considered good practice’, using either a hardware or software token or out-of-band challenge.
Read More
News Categories:
News Categories: