IT-related risk is
|| the net mission/business impact considering
- the likelihood that a particular threat source will exploit, or trigger, a particular information system vulnerability, and
- the resulting impact if this should occur. IT-related risks arise from legal liability or mission/business loss due to, but not limited to:
- Unauthorized (malicious, non-malicious, or accidental) disclosure, modification, or destruction of information.
- Non-malicious errors and omissions.
- IT disruptions due to natural or man-made disasters.
- Failure to exercise due care and diligence in the implementation and operation of the IT.
- ↑ NIST Special Publication 800-27A, at A-2.
Community content is available under CC-BY-SA
unless otherwise noted.