Security risk assessment

Definition
A security risk assessment consists of

"[p]rocess and associated techniques to identify: (i) threats to the operations, information, systems, assets, and individuals of the organization; (ii) vulnerabilities associated with the operations, information, systems, assets, and individuals associated with the organization; (iii) consequences/impact to the mission/business should a threat successfully exploit a vulnerability; and (iv) the likelihood that a specific vulnerability will be exploited and a threat will be realized."