Predictive models for estimating the occurrence of cyber attacks are desperately needed to counteract the growing threat of cyber terrorism. Unfortunately, except to a limited degree, there is no genuine database of attacks, vulnerabilities, consequences, and risks to employ for model development and validation. However, it is still useful to provide definitions, equations, plots, and analyses to answer the “what if” questions concerning potentials attacks. We do this by reasoning about the elements of predictive models and their relationships, which are needed to mirror objects and events in the real world of cyberspace. The application of these models is to provide the user with a vehicle for testing hypotheses about how to respond to a cyber attack before it occurs, using risk, vulnerabilities, time between attacks, and intrusion (number and duration) concepts.