Risk (Information Security)
A risk is the potential that a given threat will exploit the vulnerabilities of an asset or group of assets, thus causing harm to the organisation (for example a virus deleting a file). It is measured in terms of a combination of the probability of an event and its consequences.
A risk is characterised by two factors: the probability that an incident will occur and the gravity of the potential direct consequences and the indirect impact.
A risk can also depend on time: the situation can become worse after an incident if remedial measures are not taken in time (for instance a software glitch infecting a database, spyware retrieving passwords, encrypted codes or pin numbers). As a result, an innocent incident can have disastrous consequences.
There is currently no content classified with this term.