A new methodology for a quantitative security risk assessment and management.
Adoption a Bayesian Network model for security risk modeling.
Use of “Noisy-OR” and “Leaky Noisy-OR” and “Noisy-AND” to relax logic conditions.
Integration of threat/vulnerability likelihood with potential losses to quantify security risk.