This chapter introduces us to some of the basic concepts that help people to better understand risk. It deals with prediction, probability versus possibility, precision versus accuracy, and subjectivity versus objectivity. Since there are many objections to measuring risk and managing it quantitatively, the authors take some common sense approaches to understanding these arguments and dispatching them. The risk management stack provides a foundational argument for building risk management programs and better aligning risk analysis activities with better management of security and risk programs overall. An in-depth discussion of how to express quantitative risk values as measures of annual risk and as single-event ...