To provide guidelines & methodologies for assessing security threats to and security vulnerabilities in a system and for quantifying the associated risks.