The author proposed one methodology as an example of how risk can be understood and rated fairly easily.
However, there are other methodologies, would you use the proposed methodology at your organization and explain why in comparison to other methodologies