1. In the qualitative evaluation stage, the security threats are analyzed and evaluated mainly based on experience and professional knowledge, and the evaluation results are expressed in the form of probability, which is divided into three levels: low, medium and high.
2. In the quantitative evaluation stage, mainly based on the mathematical model, defining the risk indicators, establishing the mathematical model, collecting data, calculating the risk probability and evaluating the risk level usually require the support of professionals and certain technologies and tools.