Marcus Ranum is one of the Three Wise Men of digital security. He offers two approaches to dealing with risk:Think of all possible disasters, rank by likelihood, prepare for Top 10. Build nimble response teams and command/control structures for fast and effective reaction to threats as they materialize. He also slams the idea that one can use an equation to quantify risk. He calls “Risk = Threat X Vulnerability X Asset Value” one wild guess times another wild guess. He says a perimeter is a place where one makes a stand regarding what is and what is not allowed.”]
Source: https://taosecurity.blogspot.com/2007/08/marcus-ranum-highlights-from-usenix.html