RORI is a cost-sensitive metric that can be used in automated tools for the selection of security countermeasures against cyber attacks. It combines both stateteless and stateful evaluation of events, as well as a multidimensional geometrical model, in order to guide attack graph-based tools to rank and select security countermeasures against complex cyber attacks. It may also be used for evaluating the impact of such attacks and the selected countermeasures on a given system.