Fandom

The IT Law Wiki

Risk analysis

32,198pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definitions Edit

Risk analysis is

[t]he process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. [It is p]art of risk management and synonymous with risk assessment.[1]
[a]n analysis of threats and loss potential for an ADP facility leading to an estimate of annual loss and selection of remedial measures.[2]
[t]he evaluation of risks and risk interactions to assess the range of possible project outcomes. The determination of which risk events warrant response.[3]
[a] method by which individual vulnerabilities are compared to perceived or actual security threat scenarios in order to determine the likelihood of compromise of critical information.[4]

Risk analysis is the "systematic examination of the components and characteristics of risk."[5]

Overview Edit

"In practice, risk analysis is generally conducted to produce a risk assessment. Risk analysis can also involve aggregation of the results of risk assessments to produce a valuation of risks for the purpose of informing decisions. In addition, risk analysis can be done on proposed alternative risk management strategies to determine the likely impact of the strategies on the overall risk."[6]

References Edit

  1. NIST Special Publication 800-33, at 21.
  2. NIST, FIPS 31.
  3. California Office of Systems Integration, Definitions (full-text).
  4. Glossary of Security Terms, Definitions, and Acronyms, at 209.
  5. DHS Risk Lexicon, at 27.
  6. Id.

Also on Fandom

Random Wiki