The simple definition of risk is the probability or likelihood of a threat exploiting a vulnerability and resulting in a loss. A threat is any activity that can be a possible danger. A vulnerability is a weakness, and a loss represents a negative event for an organization. Figure 7-1 shows the basic components of risk.
Figure 7-1 Components of risk
A common formula used to represent risk is:
Risk = Threat * Vulnerability
When the threat and the vulnerability are combined (a threat exploits a vulnerability), it results in a loss. More significant threats or vulnerabilities can easily result in higher losses from the risks. In other ...