In a similar manner, the absence of hard data has forced the adoption of informal

means for estimating risk, compared to the previous cited formal means.

Thus RAMCAP estimates risk as the product of consequence, threat, and vulnerability.

This approach is acceptable, so

long as the risk results can be made consistent across assets and sectors.

RAMCAP achieves consistency by systematically applying

the same risk formulation across assets and sectors.

Consistency can be further improved by applying rigorous methods for

estimating terms in the RAMCAP formulation.

Rigorous methods for estimating consequence, threat, and

vulnerability values, encompass various means of elicitation and modeling.

The Delphi method is perhaps the best known rigorous system

among elicitation methods.

Faultries, eventries, reliability block diagrams and other causal analysis

methods are well respected on reliability and safety engineering.

Such rigorous methods though, requires substantial investments, and

time, and resources, making them impractical for a large scale application.

Alternatively, RAMCAP employs a bounded system to elicit consequence, threat,

and vulnerability values, based on a standard set of reference scenarios.

These scenarios currently include 41 different natural and man-made hazards.

Using these same reference scenarios also promotes interoperability by facilitating

comparison of RAMCAP risk results across infrastructure assets and sectors.

The ability to compare risk results, apples to apples, across assets and

sectors, perfectly suited the purpose for which RAMCAP was designed.

Specifically, to make strategic decisions about

national investments in critical infrastructure protection.

The point of this lesson, with respect to cybersecurity, is that infrastructure

owners and operators may undergo a similar exercise to develop their own risk

analysis methodology that's tailored to their own unique set of circumstances.

Okay, let us review what we have learned here.

1, there is no absolute security, all security entails risk.

2, risk analysis provides a means for

assessing the cost-benefit return on security investments.

3, all risk formulations are a product of the tradeoffs chosen in making them.

4, when it comes to critical infrastructure,

the first tradeoff is the choice of analyzing the network or the asset.

No risk analysis is complete without considering the network.

5, quantitative risk analysis offers more confidence

in results compared to qualitative risk analysis, but at the expense of time.

6, the precision of a quantitative risk analysis

is determined by the choice of absolute or relative values.

7, the accuracy of a quantitative risk analysis

is determined by the choice of using formal or informal methods.

8, the consistency of results will be enhanced

by taking a systematic versus, an ad hoc, approach to risk analysis.

9, the time needed to conduct a risk analysis will be reduced

by taking a bounded approach versus a rigorous approach.