Home > Tooltips > English > Risk

Risk

Risk – effect of uncertainty on objectives. An effect is a deviation from the expected — positive or negative.

Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.

Risk is often characterized by reference to potential events and consequences, or a combination of these.

Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.

In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives.

Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets and thereby cause harm to an organization.

ISO 27000 2.68