IT risk


IT risk

Information technology risk, or IT risk, IT-related risk, is a risk related to information technology. This relatively new term due to an increasing awareness that information security is simply one facet of a multitude of risks that are relevant to IT and the real world processes it supports.

Three definitions of IT risk are:

ISO definition

IT risk: the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization. It is measured in terms of a combination of the probability of an event and its consequence. [ISO/IEC 13335-1:2005] [ [http://www.opensecurityarchitecture.org/cms/foundations/definitions/it-risk Definition of IT Risk] ]

NIST definition

IT-related risk: The net mission impact considering (1) the probability that a particular threat-source will exercise (accidentally trigger or intentionally exploit) a particular information system vulnerability and (2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission loss due to—

1. Unauthorized (malicious or accidental) disclosure, modification, or destruction of information 2. Unintentional errors and omissions 3. IT disruptions due to natural or man-made disasters 4. Failure to exercise due care and diligence in the implementation and operation of the IT system. [ [http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf Risk Management Guide for Information Technology Systems] from NIST 800-53 rev2]

FAIR definition

IT risk is the probable frequency and probable magnitude of future loss. [ [http://www.riskmanagementinsight.com/media/docs/FAIR_introduction.pdf FAIR: Factor Analysis for Information Risks] ]

References


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Risk — takers redirects here. For the Canadian television program, see Risk Takers. For other uses, see Risk (disambiguation). Risk is the potential that a chosen action or activity (including the choice of inaction) will lead to a loss (an undesirable… …   Wikipedia

  • Risk aversion — is a concept in psychology, economics, and finance, based on the behavior of humans (especially consumers and investors) while exposed to uncertainty. Risk aversion is the reluctance of a person to accept a bargain with an uncertain payoff rather …   Wikipedia

  • Risk assessment — is a common first step in a risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat. Quantitative risk assessment requires calculations of… …   Wikipedia

  • Risk — Saltar a navegación, búsqueda Para otros usos de este término, véase Risk (desambiguación). Risk Partida de Risk en curso. Autor: Albert Lamorisse Editor …   Wikipedia Español

  • Risk factors for breast cancer — Risk factors of breast cancer may be divided into preventable and non preventable. Their study belongs in the field of epidemiology. Breast cancer, like other forms of cancer, is considered to result from multiple environmental and hereditary… …   Wikipedia

  • risk — n 1 a: possibility of loss or injury b: liability for loss or injury if it occurs the risk of loss passes to the buyer when the goods are duly delivered to the carrier Uniform Commercial Code the risk of personal injury and property damage should …   Law dictionary

  • Risk Management Programme — Risk Management is a research programme set up by the Geneva Association, also known as the International Association for the Study of Insurance Economics. The focus of this programme is manifold and address the following issues: fostering the… …   Wikipedia

  • Risk equalization — is a way of equalizing the risk profiles of insurance members in order to reduce premium differences to some predetermined extent.In competitive markets for individual health insurance, risk rated premiums are observed to differ across subgroups… …   Wikipedia

  • Risk! — Risk Pour les articles homonymes, voir Risk (homonymie). Risk jeu de société [[Fichier:|280px]] Une partie de …   Wikipédia en Français

  • Risk perception — is the subjective judgment that people make about the characteristics and severity of a risk. The phrase is most commonly used in reference to natural hazards and threats to the environment or health, such as nuclear power. Several theories have… …   Wikipedia

  • Risk adjusted return on capital — (RAROC) is a risk based profitability measurement framework for analysing risk adjusted financial performance and providing a consistent view of profitability across businesses. The concept was developed by Bankers Trust in the late 1970s. Note,… …   Wikipedia


Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.