Term:Acceptable Risk

From FISMApedia

Jump to: navigation, search

NIST SP 800-16

Acceptable Risk - the level of Residual Risk that has been determined to be a reasonable level of potential loss/disruption for a specific IT system. (See Total Risk, Residual Risk, and Minimum Level of Protection.)

NIST SP 800-26

Acceptable Risk - Acceptable Risk is a concern that is acceptable to responsible management, due to the cost and magnitude of implementing controls.

Retrieved from "http://fismapedia.org/index.php?title=Term:Acceptable_Risk"
Personal tools