CIS RAM is an interesting method at many levels. It conforms and supplements standards like ISO 27005, NIST Special Publications 800–30, or RISK IT. It also bridges two different risk analysis methods: the well known method found is U.S. regulations and InfoSec standards: Risk = impact + likelyhood, and the less known “Calculus of Negligence” or “Learned Hand Rule” and as such incorporates principles and practices from Duty of Care Risk Analysis.