IT risk

From Wikipedia, the free encyclopedia

Information technology risk, or IT risk, IT-related risk, is a risk related to information technology. This relatively new term due to an increasing awareness that information security is simply one facet of a multitude of risks that are relevant to IT and the real world processes it supports.

Three definitions of IT risk are:

Contents

[edit] ISO definition

IT risk: the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization. It is measured in terms of a combination of the probability of an event and its consequence.[1][2]

[edit] NIST definition

IT-related risk: The net mission impact considering (1) the probability that a particular threat-source will exercise (accidentally trigger or intentionally exploit) a particular information system vulnerability and (2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission loss due to—

  1. Unauthorized (malicious or accidental) disclosure, modification, or destruction of information
  2. Unintentional errors and omissions
  3. IT disruptions due to natural or man-made disasters
  4. Failure to exercise due care and diligence in the implementation and operation of the IT system. [3]

[edit] FAIR definition

IT risk is the probable frequency and probable magnitude of future loss.[4]

[edit] References

  1. ^ ISO/IEC 13335-1:2005
  2. ^ Definition of IT Risk
  3. ^ Risk Management Guide for Information Technology Systems from NIST 800-53 rev2
  4. ^ FAIR: Factor Analysis for Information Risks
 This computer-related article is a stub. You can help Wikipedia by expanding it.