Of the following, which is NOT a risk assessment system?
A.
Aggregated Countermeasures Effectiveness (ACE) Model
B.
Information Security Protection Assessment Model (ISPAM)
C.
Dollar-based OPSEC Risk Analysis (DORA)
D.
Analysis of Networked Systems Security Risks (ANSSR)