Risk

Get Certified Get Ahead

 The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.

See the following for more information:

FIPS 200 under RISK.

NIST SP 1800-25B under Risk from FIPS 200.

NIST SP 1800-26B under Risk from FIPS 200.

A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of:

(i) the adverse impacts that would arise if the circumstance or event occurs; and

(ii) the likelihood of occurrence. See Information System-Related Security Risk.

See NIST SP 800-30 Rev. 1 under Risk from CNSSI 4009 for more information.

A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of:

(i) the adverse impacts that would arise if the circumstance or event occurs; and

(ii) the likelihood of occurrence. [Note: Information system-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation. Adverse impacts to the Nation include, for example, compromises to information systems that support critical infrastructure applications or are paramount to government continuity of operations as defined by the Department of Homeland Security.]

See the following for more information:

NIST SP 800-137 under Risk from FIPS 200 – Adapted

NIST SP 800-53A Rev. 4 under Risk from CNSSI 4009

NIST SP 800-37 Rev. 1 [Superseded] under Risk from FIPS 200 – Adapted

A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of:

(i) the adverse impacts that would arise if the circumstance or event occurs; and

(ii) the likelihood of occurrence.

See the following for more information:

NIST SP 1800-11B from NIST SP 800-30 Rev. 1

NIST SP 1800-21B under Risk from NIST SP 800-30 Rev. 1

NISTIR 7621 Rev. 1 under Risk from NIST SP 800-53 Rev. 4

NIST Cybersecurity Framework Version 1.1 under Risk

NIST Privacy Framework Version 1.0 under Risk from NIST SP 800-30 Rev. 1

NISTIR 8323 under Risk from NIST SP 800-37 Rev. 2

NIST SP 800-171 Rev. 1 [Superseded] from FIPS 200 – Adapted

Effect of uncertainty on objectives. Note: Risk can be positive or negative, where positive risk may also be referred to as an opportunity.

See NIST SP 800-160 Vol. 1 from ISO Guide 73 for more information.

Share this Post