Cyber Security News and Insights
Category: RiskTree
For over a decade, 2T Security has been helping Critical National Infrastructure operators strengthen their defences by uncovering hidden cyber-risks in Operational Technology environments. Through focused, two-day workshops based on the NCSC’s Cyber Assessment Framework, our experts partner with your team to map IT-OT interconnections, expose legacy vulnerabilities, and deliver prioritised recommendations—rapidly improving resilience where it matters most.
We are delighted to launch a new and improved version of RiskTree. Read more to learn about the new features that have been added. Visit our RiskTree pages to learn more about RiskTree and how it can help you assess and prioritise your organisation's risks.
Probability/impact graphs have been used for a long time to assess risk, especially in spreadsheet-based risk registers. They give a misleading impression of risk levels though and hence organisations should be using alternative, and better approaches.
The UK Cyber Security Council ushered in the UK's first cohort of chartered cyber security practitioners this October. This followed the launch of its first pilot schemes last year, with an awards ceremony taking place in London. Tony Badsey-Ellis and Tony Beadle from 2T Security were among the first 40 to gain chartered status.
When you start using RiskTree, a powerful risk assessment tool, it's important to grasp the nuances of different risk types: intrinsic, residual, and target. These terms sometimes spark confusion, as their meanings aren't always universally clear. Let's demystify these concepts for a clearer understanding.
This post details why we implemented bowtie analytics in RiskTree. And, how RiskTree users can now build bow tie diagrams from their existing trees.
Boolean Logic is a form of algebra that is centered around three simple words known as Boolean Operators: “Or,” “And,” and “Not.” If you're wondering how how to apply this in RiskTree, this post will help!
Attack trees allow you to build a structured model of your risks. These can be quickly and easily updated as changes are made to the system being assessed. Rather than being an unwelcome annual process, updating the risk assessment becomes part of the day-to-day process. If you’re building a new system, it will integrate with project management, creating a virtuous circle..
Find out why the National Cyber Security Centre recommends using Attack Trees for understanding and addressing cyber risks. And, how RiskTree systematically analyses risks to support clear decision-making and a purposeful risk strategy.
Recently we discussed the security of RiskTree with a client, who ran through the NCSC Cloud Security Principles. Since RiskTree is delivered as software-as-a-service, this made sense. One point that arose was the lack of Multi-Factor Authentication (MFA) in use: CSP Principle 10 states that 2FA is ‘considered good practice’, using either a hardware or software token or out-of-band challenge.