NIST Framework 2014 (†413)Framework for Improving Critical Infrastructure Cybersecurity - v. 1.0 (National Institute of Technology, 2014).
- risk (p. 38): A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. (†508)
- risk management (p. 5): Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance. (†507)