Cyber Security News and Insights
Category: Risk Reporting
For over a decade, 2T Security has been helping Critical National Infrastructure operators strengthen their defences by uncovering hidden cyber-risks in Operational Technology environments. Through focused, two-day workshops based on the NCSC’s Cyber Assessment Framework, our experts partner with your team to map IT-OT interconnections, expose legacy vulnerabilities, and deliver prioritised recommendations—rapidly improving resilience where it matters most.
Back in 2000, the ILOVEYOU virus struck. We reflect on the advice given then and what has changed.
Why are bad actors targeting CNI? Which sectors are most at risk? And what can be done to offer better protection?
Probability/impact graphs have been used for a long time to assess risk, especially in spreadsheet-based risk registers. They give a misleading impression of risk levels though and hence organisations should be using alternative, and better approaches.
Attack trees allow you to build a structured model of your risks. These can be quickly and easily updated as changes are made to the system being assessed. Rather than being an unwelcome annual process, updating the risk assessment becomes part of the day-to-day process. If you’re building a new system, it will integrate with project management, creating a virtuous circle..
If you manage risk, one vital part of your job is reporting your project’s status and results to other groups: the board, management, and external auditors. And when building reports, risk managers must pay careful attention to the relationships of the intended audiences.