2T SECURITY
Callback

Cyber Security News and Insights

Category: Risk Analysis

CAF 4.0 is here – what does that mean for my organisation?

CAF 4.0 has arrived, bringing major updates to the UK’s Cyber Assessment Framework. Compared to version 3.2, it introduces new contributing outcomes, over 100 new Indicators of Good Practice, and significant restructuring, especially in Objective C (cybersecurity monitoring and threat hunting). While many changes are minor or clarifications, around 60 require closer review, meaning organisations transitioning from CAF 3.2 will need to reassess key areas. Our blog breaks down where to focus your efforts when updating your assessment process.
Read More

So, what is a Cyber Risk Review?

For over a decade, 2T Security has been helping Critical National Infrastructure operators strengthen their defences by uncovering hidden cyber-risks in Operational Technology environments. Through focused, two-day workshops based on the NCSC’s Cyber Assessment Framework, our experts partner with your team to map IT-OT interconnections, expose legacy vulnerabilities, and deliver prioritised recommendations—rapidly improving resilience where it matters most.
Read More
laptop screen showing a risktree diagram, within a red warning triangle

RiskTree: new and improved

We are delighted to launch a new and improved version of RiskTree. Read more to learn about the new features that have been added. Visit our RiskTree pages to learn more about RiskTree and how it can help you assess and prioritise your organisation's risks.
Read More

Escalating Threats to Critical National Infrastructure

Why are bad actors targeting CNI? Which sectors are most at risk? And what can be done to offer better protection?
Read More

How we made the GovAssure profiles

In this article, we discuss the approach to creating GovAssure profiles. We didn’t want to assume that government could use the existing CAF baseline profile based on a different threat profile to the private sector. Read more about how we ensured that the chosen profile reflected the threats faced by government.
Read More
using the CAF in practice

Using the Cyber Assessment Framework (CAF) in practice

A brief guide to using the Cyber Assessment Framework (CAF) in practice. If you’ve read our earlier blogs about the Cyber Assessment Framework (CAF), you'll know that it isn’t intended to be a checklist - find out more about outcome level dependencies and chord diagrams...
Read More
THE 5 'W's of the CAF

The Five W’s of CAF

If you want to know more about the Cyber Assessment Framework you've come to the right place. In this article, we'll explain the what, why, who, where and when of the CAF!
Read More

Pass (on) the PIGs

Probability/impact graphs have been used for a long time to assess risk, especially in spreadsheet-based risk registers. They give a misleading impression of risk levels though and hence organisations should be using alternative, and better approaches.
Read More

Understanding Intrinsic, Residual and Target Risks

When you start using RiskTree, a powerful risk assessment tool, it's important to grasp the nuances of different risk types: intrinsic, residual, and target. These terms sometimes spark confusion, as their meanings aren't always universally clear. Let's demystify these concepts for a clearer understanding.
Read More

Bow Ties and Attack Trees for Risk

This post details why we implemented bowtie analytics in RiskTree. And, how RiskTree users can now build bow tie diagrams from their existing trees.
Read More
Load More Insights
News Categories:
News Categories:
Archives
Archives
Uncategorised (4)
2T Security (19)
Risk Management (16)
RiskTree (10)
Security Monitoring (7)
Risk Analysis (14)
Risk Reporting (6)
AWS (1)
Careers (9)
CAF (6)
GovAssure (4)
CNI (3)
Security Architecture (3)
CyberFirst (2)