Acceptable level of risk

An acceptable level of risk is the level of risk that is tolerable in a given situation. It is determined from: an analysis of threats and vulnerabilities, the sensitivity of data and applications, a cost/benefit analysis, and a study of the technical and operational feasibility of available controls.