The IT Law Wiki

Acceptable level of risk

32,060pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

General Edit

An acceptable level of risk is

the level of risk that is tolerable in a given situation. It is determined from: an analysis of threats and vulnerabilities, the sensitivity of data and applications, a cost/benefit analysis, and a study of the technical and operational feasibility of available controls.

Military Edit

An acceptable level of risk is

[a]n authority's determination of the level of potential harm to an operation, program, or activity due to the loss of information that the authority is willing to accept.[1]
a judicious and carefully considered assessment by the appropriate Designated Approving Authority (DAA) that an automatic data processing (ADP) activity or network meets the minimum requirements of applicable security directives. The assessment should take into account the value of ADP assets, threats and vulnerabilities, countermeasures and their efficiency in compensating for vulnerabilities, and operational requirements.[2]

References Edit

  1. Secretary of the Air Force, Operations Security (OPSEC) (Air Force Instruction 10-701), at 36 (June 8, 2011) (full-text).
  2. OPNAVINST 5239.1A; Draft Comprehensive Information Assurance Dictionary 6 (1995) (full-text).

See also Edit

Also on Fandom

Random Wiki