Security is one of the key concerns in the domain of Information Technology systems. Maintaining the confidentiality, integrity and availability of such systems, mandates a rigorous prior analysis of the security risks that confront these systems. In order to analyze, mitigate and recover from these risks a metrics based methodology is essential in devising the response strategies to these risks. In addition to that the enterprise objectives must be focally integrated in the definition, impact calculation and prioritization stages of this analysis to come up with results that are useful both for the technical and managerial communities within the organization. Within this book, an attack tree based information security risk evaluation method named TEOREM (Tree based Enterprise Objectives Risk Evaluation Method) will be outlined. TEOREM aims to integrate the enterprise objectives with the information asset vulnerability analysis within an organization.