what is risk

convocourses.com
Join Our Community

what is risk

what is risk

The formal definition of “risk” is:  Exposure of someone (or some object) to harm, damage or loss.  In Information Assurance, information security and IT, risk has a pseudo equation to put value on the risk.

Risk = ((Vulnerability * Threat) / Countermeasure) * Asset Value at Risk IT Risk

Risk is the likelihood that a threat will exploit the vulnerability of an assets value.

what is risk diarmf
what is risk diarmf (courtesy of Lee Gass – sculptor/educator)

So in IT, the question what is risk?  is defined with a “threat”, a “vulnerability” and a “asset”.  If any one of these factor is missing, you cannot define or quantify the risk at all.

Leave a Comment

Your email address will not be published. Required fields are marked *

Join the ConvoCourses Community for insights, offers, and exclusive learning updates!

Join the ConvoCourses Community

Shop GRC, Cyber, and IT books, audio, and merch!

Shop Now

Create your personalized GRC RoadMap and take control of your learning and career growth.

Start TODAY!

Check out Bruce’s Cyber GRC books on Amazon and elevate your governance, risk, and compliance skills.

Shop Now
Scroll to Top