6 ◾ The Security Risk Assessment Handbook
© 2011 by Taylor & Francis Group, LLC
ere is no shortage of denitions for a security risk assessment (and many
other closely associated names). Many of these denitions are overly complex or
may be specically geared to an industry segment such as the federal government.
For example, the National Institute of Standards and Technology provides two
alternative denitions for the term security risk assessment. One denition, found
in the NIST “Risk Management Guide” (2002), states that security risk assess-
ment is “the process of identifying the risks to system security and determining
the probability of occurrence, the resulting impact, and additional safeguards that
would mitigate this impact.”