Geoff talks about the increasing number of tools available for assessing risk in our IT systems and what we need to know about them to use them safely and appropriately.