what is risk

By /

what is risk

The formal definition of “risk” is:  Exposure of someone (or some object) to harm, damage or loss.  In Information Assurance, information security and IT, risk has a pseudo equation to put value on the risk.

Risk = ((Vulnerability * Threat) / Countermeasure) * Asset Value at Risk IT Risk

Risk is the likelihood that a threat will exploit the vulnerability of an assets value.

what is risk diarmf
what is risk diarmf (courtesy of Lee Gass – sculptor/educator)

So in IT, the question what is risk?  is defined with a “threat”, a “vulnerability” and a “asset”.  If any one of these factor is missing, you cannot define or quantify the risk at all.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top