RiskTree™

Risk is like fire: If controlled it will help you; if uncontrolled it will rise up and destroy you.”
– Theodore Roosevelt

To win the battle against criminals, terrorists and other hostile adversaries looking to acquire your data or intellectual property, tamper with your service, take you offline, give you financial and reputational pain,  it’s important to recognise and quantify those risks before they impact your mission. 360D’s mission is to provide that detail, give you the relevant countermeasures to prevent damage or recover when risks are realised.

360D do this by viewing your organisation from the attackers perspective. After all Threat Sources and their Threat Personas need to be successful once where as the defenders have to aim to be successful every time

We use attack trees and the supporting RiskTree™, methodology and software devised in conjunction with 2T Security and Help2InfoSec. This tried and tested process launched in 2014 is in use with a number of public and private bodies along with departments within the UK and devolved parliaments.

Specially devised to quickly, accurately and economically identify potential risks within an organisation and provide solutions RiskTree™ is a valuable asset to any business sector, government department, military and law enforcement, including assessing up to CNI category 5 risks.

RiskTree™ works by examining the cost, complexity, consequences (CCC) and Return of Investment (ROI) for attackers, along with the likely financial, physical and reputation damage impact suffered by their victims. This method makes it possible to quickly establish levels of risk and take appropriate action to mitigate any hazard.

The process for generating RiskTree™ is shown in the diagram below.

Because it is logic based RiskTree™ can be used to model supply chain management, assess an engineering project, support a business case, test business decisions and ideas before committing any large investment, and help model the outcomes of law enforcement or military operations.

Our team members are Lead Security Cyber Risk Management specialist, Lead NCSC Certified Practitioner, ex CLAS, CSA Star Auditor, ISO27001 Lead Auditrs, and Accredited Cyber Essentials (ACE) Consultants. 360 Defence and our RiskTree™ partners can be engaged directly or to provide a ‘train the trainer ‘ course on how to use RiskTree™ to its full potential.