The problem addressed here is assessing the risks to which some organization or activity is exposed as a result of some combination of cyberspace-related vulnerabilities and threats. It is an attempt to assess risk without resorting to quantitative m...
