The security of data and computing systems is important to most businesses. To control and understand their vulnerabilities, companies may perform a risk analysis of its data and systems. Typical risk analysis for data and computing systems, however, is inadequate and may result in vulnerabilities being overlooked.