Discussion Questions: What are your thoughts on risk modeling becoming pervasive in the security management?
Why has risk modeling management tools, like MSRAM, have become favored over other risk management methodologies and initiatives? What are the consequences of not having risk management models? How does this affect security policies?
