This document discusses risk analysis and management principles. It defines key terms like threat, vulnerability, risk, and safeguards. It explains how to calculate risk by multiplying threat by vulnerability. It also provides examples of how to calculate annualized loss expectancy and total cost of ownership for safeguards. Finally, it discusses how to determine return on investment and choose between risk acceptance, mitigation, transfer, or avoidance options.