Of the following, which is NOT a risk assessment system?

Of the following, which is NOT a risk assessment system?

A.
Aggregated Countermeasures Effectiveness (ACE) Model

B.
Information Security Protection Assessment Model (ISPAM)

C.
Dollar-based OPSEC Risk Analysis (DORA)

D.
Analysis of Networked Systems Security Risks (ANSSR)