Risk

CNSSI 4009

Possibility that a particular threat will adversely impact an IS by exploiting a particular vulnerability.

FIPS 200

The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.

NIST SP 800-16

The probability that a particular security threat will exploit a system vulnerability.

NIST SP 800-18r1

The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. (NIST SP 800-30)

NIST SP 800-26

Risk is the possibility of harm or loss to any software, information, hardware, administrative, physical, communications, or personnel resource within an automated information system or activity.

NIST SP 800-27rA

Within this document, synonymous with "IT-related risk."

NIST SP 800-28v2

A measure of the likelihood and the consequence of events or acts that could cause a system compromise, including the unauthorized disclosure, destruction, removal, modification, or interruption of system assets.

NIST SP 800-30

Within this document, synonymous with IT-Related Risk.

NIST SP 800-32

An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result.

NIST SP 800-33

Within this document, synonymous with "IT-related risk."

NIST SP 800-37

The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. (NIST SP 800-30)

NIST SP 800-40

The probability that a particular threat will exploit a particular vulnerability.

NIST SP 800-47

The net mission impact considering the probability that a particular threat will exercise (accidentally trigger or intentionally exploit) a particular information system vulnerability and the resulting impact if this should occur.

NIST SP 800-53AdF

The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [FIPS 200, Adapted]

NIST SP 800-53r1

The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.

NIST SP 800-53r2

The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. (FIPS 200)

NIST SP 800-61

The probability that one or more adverse events will occur.

NIST SP 800-61r1

The probability that one or more adverse events will occur.

NIST SP 800-66

The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the probability of that threat occurring. (NIST SP 800-30)