What is the risk posture for each particular system as it contributes to the overall risk posture of the organization?

What is the risk posture for each particular system as it contributes to the overall risk posture of the organization?

2.    2.  How does each attack surface – its protections if any, in the presence (or absence) of active threat agents and their capabilities, methods, and goals through each situation—add up to a system’s particular risk posture?

3.    3.  In addition, how do all the systems’ risks sum up to an organization’s computer security risk posture?