Suppose P(o|e) = 1. Is this bad? When might this be bad? When might this be not bad? Explain.
What impact does a security policy have on the form of an event tree you create? Refer to the Wikipedia article on Security Policy to jog your memory.
Finally... do some Internet sleuthing to learn about the following two concepts: (i) Reason’s Swiss Cheese Model, and (ii) Defense in Depth. Explain each in terms of its relevance to security risk management.