Assessment of cyber security is a long-standing and great challenge since multifarious factors and their reciprocal effects have to be considered in the meanwhile for the assessment. Due to its complexity, assessment of cyber security should be performed with multiple aspects. This dissertation presents the quantitative assessments from the perspectives of both external and internal attacks. Regarding assessing cyber security in terms of external attacks, we propose a wireless risk assessment method which consists of a risk model and an assessment measure. The risk model is in charge of modeling wireless network risk, and the assessment measure is an algorithm of determining the risk value per the risk model. As for internal attacks, we introduce a novel framework to evaluate software robustness in terms of control-flow obfuscating transformations. On the basis of this framework, we propose new metrics for quantifying the protection effect yielded by a control-flow obfuscating transformation. Moreover, we conduct the case studies to validate the proposed assessment methods. We believe that our methods are helpful for a system administrator to evaluate and manage the cyber security in a more effective way.