Defining Risk

The simple definition of risk is the probability or likelihood of a threat exploiting a vulnerability and resulting in a loss. A threat is any activity that can be a possible danger. A vulnerability is a weakness, and a loss represents a negative event for an organization. Figure 7-1 shows the basic components of risk.


Figure 7-1 Components of risk

A common formula used to represent risk is:

Risk = Threat * Vulnerability

When the threat and the vulnerability are combined (a threat exploits a vulnerability), it results in a loss. More significant threats or vulnerabilities can easily result in higher losses from the risks. In other ...

Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.