Any CISSP will tell you that the way to calculate risk is by taking the likelihood and multiplying it by the impact...