Risk Assessment is the determination of quantitative or qualitative estimate of risk related to a concrete situation and a recognized threat (also called hazard).

Quantitative risk assessment requires calculations of two components of risk (R):

  • the magnitude of the potential loss (L) (We have also seen the term Impact)
  • the probability (p) that the loss will occur (We have also seen the term Likelihood)

Acceptable risk is a risk that is understood and tolerated usually because the cost or difficulty of implementing an effective countermeasure for the associated vulnerability exceeds the expectation of loss.[1] "Health risk assessment" includes variations, such as risk as the type and severity of response, with or without a probabilistic context.

Within the context of Information Security there are two types of risk that companies face:

Of course these may overlap and any given risk may be both a Real Risk and a Regulatory Risk

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 04-May-2016 13:22 by jim