The above description leaves a great deal to be desired from the standpoint of performing quantitative analysis. The fundamental problems are the determination of probabilities of attacks and the expected damage due to attacks. Neither can be determined from the data available at this time, and for every expert opinion, there are several expert counter opinions. We can get a handle on the decision making process by examining the nature of the failure modes and associating less than accurate estimates of impact. If we determine that a particular failure mode is recurrent high risk, and if a defense can be found at an affordable cost, it will almost certainly be cost effective, regardless of the details of quantitative analysis. Mathematical analyses based on fuzzy sets have been explored as a method for making judgments about protection systems in the face of uncertainty [Maiers85] , and this appears to be a promising area for further work.