SecurITree is Better
1: Transparent, defensible decisions based on objective criteria
Most hostile risk analysis tools are checklist-based. They require the analyst to answer a series of questions about the system - which may or may not be relevant to the situation. These tools then use formulas (frequently secret) in conjunction with weak statistics (or even guesses) to arrive at an estimate of risk. There is no way of checking the results for correctness. There is no way of knowing the validity of the output.
All of the conclusions derived by SecurITree are based on assumptions about the target system and its adversaries as defined by the analyst. The assumptions are not based on subjective opinions. Instead, subject matter experts estimate quantifiable criteria such as Cost of Attack, Technical Difficulty, Noticeability of Attack for each specific attacker activity. The specificity of the criteria means that experts will generally concur on their estimates, at least to within tolerances similar to other engineering disciplines. The analyst then constructs a profile of the adversary's characteristics based on what is known about them. For example, juvenile delinquents are less able to spend large sums of money on attacks than are terrorists. SecurITree then shows the logical outcome of the assumptions. If attacks are eliminated from consideration the basis for this determination is clearly explained.
In much the same way that an engineering blueprint can be reviewed by peers, SecurITree attack tree models can be checked for completeness and reasonableness before approval. Where differences of opinion exist, SecurITree allows the analyst to see if different assumptions will yield different results.
SecurITree shows you the logical outcome of your assumptions. It never leaves you wondering why you got an answer. Even experts that might intuitively know the answer will now know and how and why they reached a conclusion.