Jump to content

IT risk

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Wingfamily (talk | contribs) at 22:55, 22 February 2008 (Created page with 'IT Risk is a relatively new discipline that has evolved from Information Security due to an increasing awareness that IT Security is simply one facet of a multitude...'). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

IT Risk is a relatively new discipline that has evolved from Information Security due to an increasing awareness that IT Security is simply one facet of a multitude of risks that are relevant to Information Technology and the real world processes it supports.

3 definitions of IT Risk are presented below, two of them because they come from highly influential standardization organizations and the third one because it is concise and practical for risk assessments.

ISO definition

IT Risk: The potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization. It is measured in terms of a combination of the probability of an event and its consequence [ISO/IEC 13335-1:2005]

NIST definition

IT-Related Risk: The net mission impact considering (1) the probability that a particular threat-source will exercise (accidentally trigger or intentionally exploit) a particular information system vulnerability and (2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission loss due to—

  1. Unauthorized (malicious or accidental) disclosure, modification, or destruction of information
  2. Unintentional errors and omissions
  3. IT disruptions due to natural or man-made disasters
  4. Failure to exercise due care and diligence in the implementation and operation of the IT system. [NIST 800-53 rev2]

FAIR definition

Risk = The probable frequency and probable magnitude of future loss.


References