Cybersecurity Risk analysis and frameworks can be confusing and daunting.  This topic is pretty big, so I think, that for this Podcast diary entry for today, I will introduce a bit of risk analysis approaches. Share a little about qualitative, quantitative and hybrid approaches, types of modeling ideas for quantitative analysis, and share two examples of why this can get confusing. Again, this is all based on my current understanding of learning and experience which is bound to grow and develop over time with the possibility that this information could change and become more in-depth and accurate. Also bearing in mind that, standards, policies and procedures, as well as, people, processes and technologies change and adapt over time. Material observed in the podcast: BSI (Bundesamt für Sicherheit in der Informationstechnik) 2021 documentation  ISO31000  Book - Hubbard & Seiersen 2016, How to measure anything in Cybersecurity Risk.