## Tag Archives: probability calculus

### 6 Theories of Probability and 6 Reasons Why They Matter to ISRA

September 7, 2010 – 6:00 am
–
While probably everyone would agree that information security risk analysis (ISRA) is shot through with appeals to probability, very few non-academic discussions of ISRA provide any sort of rigorous analysis of what “probability” means. (See Alberts and Dorofee 2003 for a notable…

### Why the “Risk = Threat x Vulnerability x Impact” Formula is Mathematical Nonsense — Part 2

August 31, 2010 – 6:00 am
–
In my last post, I argued that security risk managers should stop using the “Risk = Threat x Vulnerability x Impact” formula (hereafter, the “R=TVC formula”), for two reasons. First, the variables “Threat” and “Vulnerability” are typically undefined; indeed,…