Multiplying the values assigned to each of the three factors — threat, consequence, and vulnerability — provides quantification of total risk.
This quantification helps prioritize which protective measures should be adopted, given limited resources, to achieve a desired level of protection.