Risk (Information Security)

Risk (Information Security)

A risk is the potential that a given threat will exploit the vulnerabilities of an asset or group of assets, thus causing harm to the organisation (for example a virus deleting a file). It is measured in terms of a combination of the probability of an event and its consequences.

A risk is characterised by two factors: the probability that an incident will occur and the gravity of the potential direct consequences and the indirect impact.

A risk can also depend on time: the situation can become worse after an incident if remedial measures are not taken in time (for instance a software glitch infecting a database, spyware retrieving passwords, encrypted codes or pin numbers). As a result, an innocent incident can have disastrous consequences.

There is currently no content classified with this term.

Subscribe to RSS - Risk (Information Security)