IT-related risk

IT-related risk definition in Computer Security terms:

Acronym(s): None

Definition(s): The net mission/business impact considering (1) the likelihood that a particular threat source will exploit, or trigger, a particular information system vulnerability and (2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission/business loss due to, but not limited to:
1. Unauthorized (malicious, non-malicious, or accidental) disclosure, modification, or destruction of information.
2. Non-malicious errors and omissions.
3. IT disruptions due to natural or man-made disasters.
4. Failure to exercise due care and diligence in the implementation and operation of the IT.
Source(s): NIST SP 800-27 Rev. A

The net mission/business impact (probability of occurrence combined with impact) from a particular threat source exploiting, or triggering, a particular information technology vulnerability. IT related-risks arise from legal liability or mission/business loss due to:
1. Unauthorized (malicious, non-malicious, or accidental) disclosure, modification, or destruction of information.
2. Non-malicious errors and omissions.
3. IT disruptions due to natural or man-made disasters.
4. Failure to exercise due care and diligence in the implementation and operation of the IT.
Source(s): NIST SP 800-33

Synonym(s): None

 

reference: CSRC Glossary