Framework for Quantifying Cyber Security Risks