What is the risk posture for each particular system as it contributes to the overall risk posture of the organization?
2. 2. How does each attack surface – its protections if any, in the presence (or absence) of active threat agents and their capabilities, methods, and goals through each situation—add up to a system’s particular risk posture?
3. 3. In addition, how do all the systems’ risks sum up to an organization’s computer security risk posture?