360 Defence (UK) Ltd

360D Attack Trees using RiskTree for Risk Assessment (RxA) and Risk Management (RxM)

RiskTree® Agile Real-World Risk Management in business language. Attack tree approach predominantly uses Qualitative, but also Quantitative and Hybrid methods to assess how assets could be attacked systematically capturing, prioritising and presenting risks including countermeasures, controls providing a near real-time risk profile resulting in even complex risk profiles made clear

Features

• 360D Real World Risk Management, Risk Profiles in Near Real-Time
• RiskTree Umbrella Risk method for understanding, recording, and managing risks
• RiskTree uses an AttackTree approach providing a visualised risk register
• Risk Tree risks viewed at corporate, organisational, departmental level
• Qualitative, Quantitative, Quantification and Hybrid (Mix Qualitative and Quantitative (QvQ))
• Repeatable approaches applied to any risk management method e.g.,
• 1. Qualitative includes, Attack Tree, Risk Tree (RiskTree®) and Bowtie
• 2. Quantitative Monte Carlo Simulation (Statistical)
• 3. Numerical values to attackers and financial impacts to defenders
• Risk Tree founding requirements partners provide the service

Benefits

• Business presented with Cyber and hybrid risk in Near Real-Time
• Straightforward relationship between levels and risk types in business language
• Provides a visual or output based accurate Risk Register
• 360D provides detailed risk management with real-time countermeasures and controls
• What if countermeasures/controls scenarios reduces overspend on inappropriate Cyber countermeasures
• Business Impact Risk Appetites (BIRA's) applied to Risk Management (RxM)
• Threats Assessment profile (TxA) applied to Risks in Assessment (RxA)
• Alignment Business Needs, HMG Policy, NCSC guidance, knowledge transfer
• Hybrid Qualitative/Quantitively via attack trees e.g., Risk Tree (RiskTree®)
• Intrinsic, Residual and Target Risk Profiles at a button click

£850 to £1,600 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon@360defence.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

313980918459006

Contact

Simon L
+44 7767 360 360
simon@360defence.co.uk

Planning

• Planning service: Yes
• How the planning service works: Within the 360D collaborative engagement and partnership offered to clients, advice and guidance is provided to use the 360D partners, 2T hosted service via Amazon Web Services or if the client prefers internal hosting and/or when the classification is greater than OFFICIAL considered client internal hosting.; ; Planning service works with specific services; Yes; ; Hosting or software services the planning service works with; RiskTree
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with: RiskTree via AWS

Training

• Training service provided: Yes
• How the training service works: RIskTree Client training covering the risk methodology, approaches and providing templates as required) ; ; BIRA (Business Impact and Risk Appetite) see https://riskblox.2t-security.co.uk/BIRA/loadBIRA ; ; Training covering Business Impact Analysis across risks areas (client dependant but up to 13 currently) with the impact linked to a security property e.g., C,I,A , Financial Loss, Reputational damage followed by the Risk Appetite to assess teh level of risk that are acceptable versus unacceptable and needing risk management ; ; RiskBlox training - see https://riskblox.2t-security.co.uk client training ; (360D partnered in the tool development which leverages MITRE ATT&CK® Open Source data to concisely display Attack Techniques, their associated Mitigations, real-world examples of the technique and descriptions) ; ; Threat Assessment (TxA) client training to understand and identify the threats (to the client) from threat sources, actors or personas and the capability and motivation to attack th eorganisation or assets in question. Traing provided includes (as required) Light, Mid and Full assessment review. ; ; Training of any 360D Specialist Security Services provided; ; All of the above detail applies to the RIskTree methodology and approach
• Training is tied to specific services: Yes
• Services the training service works with:
  • RiskTree
  • RiskWiki
  • BIRA (Business Impact Risk Appetite)
  • RiskBlox (Risk Management tool leveraging MITRE ATT&CK® data
  • Umbrella Risk Management (URxM)
  • Threat Assessment (TxA)

Setup and migration

• Setup or migration service available: No

Quality assurance and performance testing

• Quality assurance and performance testing service: No

Security testing

• Security services: Yes
• Security services type:
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security audit services
  • Other
• Other security services:
  • End to end Service management and catalogue
  • Business Impact RIsk Appetite (BIRA) process (Joint Founder)
  • RiskBlox MITRE Att&ACK Cyber Process (Joint Founder)
  • Threat Assessment and Threat Management Specialist (Niche specialism all levels)

Ongoing support

• Ongoing support service: Yes
• Types of service supported:
  • Hosting or software provided by your organisation
  • Hosting or software provided by a third-party organisation
• How the support service works: Ongoing support service; Yes; Types of service supported; Hosting or software provided by a third-party organisation; How the support service works; Support of the training services provided for the RiskTree engagement subject to the contract in place.

Service scope

• Service constraints: None - RiskTree services will be covered in the corresponding contract and agreed deliverables.; ; Support of 360 Defence (UK) Limited may sometimes be in conjunction with RiskTree hosts 2T Security

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is via e-mail, following training of customer staff in the RiskTree process and software. We will acknowledge e-mails within 2 working days and will endeavour to provide a fix within a further 2 working days. This is included in the cost of the RiskTree subscription model. Custom enhancements and modifications can be made. The cost will depend on whether the changes will be useful to other customers, and the effort involved in creating and deploying them
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Support levels: Support is via e-mail, following training of customer staff in the RiskTree process and software. We will acknowledge e-mails within 2 working days and will endeavour to provide a fix within a further 2 working days. This is included in the cost of the RiskTree subscription model. Custom enhancements and modifications can be made. The cost will depend on whether the changes will be useful to other customers, and the effort involved in creating and deploying them

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At 360D security we are fully committed to continuously improving our environmental performance which in turn will help in a small way to fight climate change. ; ; Covid lockdowns proved with the right safeguards and countermeasures in place remote working does work and in turn lessens the environmental impact by removing commuting from the equation. ; ; Clients who have known us for many years and where the classification level is as an example OFFICIAL will only expect physical visits when necessary. ; ; When we do travel, we use the least impactful method for a given journey e.g., walking, cycling, public transport versus car, rail versus flying etc., ; ; Climate change is everyone’s responsibility and although small we complete our bit; ; ; We have been a paperless office for 15 years.

  Tackling economic inequality

  360D do not believe zero-day contracts are fair to and have not and will never use such mechanisms. ; 360D is an accredited Living Wage Employer. ; 360D believe in fairness dignity and respect and that every person can add a contribution. ; 360D signed the Scottish Business Pledge for more equality, opportunity and innovation. ; We mentor and pass on training and experience enhancing individuals to enable and build their careers in Cyber Security. As a minimum within our paid deliverables, we impart our experience with clear and concise detail via knowledge transfer. Our approach enables others to increase their experience which in turn improves their economic wellbeing. ; We strive to be entrepreneurial in spirit and help new organisations, as well as our people, flourish. ; As an SME, every small part we can play will help bridge economic inequality.

  Equal opportunity

  360 Defence UK Limited (360D) respect and welcome diversity, relishing difference, ensuring everyone is treated equally. Every person is unique, has a right to be heard, has a story to tell and should be listened to in equal measure.

  Wellbeing

  360D support a healthy work life balance. ; A happy workforce/team member allows for improved wellbeing, a reduction in ill health which enables focus and production, be that work based delivery outcomes or being able to take care of the important things such as downtime, family time. ; Covid as an impact to one of all, caused a change in applied working conditions and detail, within 360D and with client and supply chain organisations, collectively we have always worked on flexible working, around life events e.g., school runs, treatments, parcel deliveries, plumbing issues etc., working hours that suit an individual by their circumstances. This has actually also provided an improvement not only in individuals happiness and efficiency but also in additional improvements to deliverables and service. A bit cliché but true “Happy team, productive dream” ; 360D believe in flexibility for our workforce, our team members, their health is our health and combined that provides wellbeing wealth for all.

Pricing

• Price: £850 to £1,600 a unit a day
• Discount for educational organisations: Yes

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simon@360defence.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.