PRA is a mathematical procedure for assessing actual and potential risks in order to assist decision making. Risks are normally defined in terms of scenarios, likelihood, and consequences. Analysis of foreseeable scenarios assists in identifying possible adverse events; the risks of these events are first calculated as the product of their probability and then prioritized in order of severity. The article presents three main objections to the use of PRA for security decision making: (1) There is uncertainty as to whether the inherent “rationality” of PRA might effectively help in predicting human “irrationality” in security matters; (2) There is a degree of misunderstanding between those who write about security and those who live it; and (3) Those who have formulated problems and doubts concerning the probabilistic aspects of PRA have not been offered the full spectrum of possible tools. Notes, references