Risk is
A) A quantified measure of the potential damage caused by a specified threat
B) Capabilities, intentions and attack methods of adversaries to cause harm to assets
C) Resource or information that is to be protected
D) Weaknesses in an information system that can lead to a compromise of an asset

Question

Quizplus · Accepted Answer

Risk is the quantified measure of the potential damage caused by a specified threat. It is the likelihood or probability of a security threat occurring and the impact or consequence of that threat if it does occur. Risk assessment involves identifying, analyzing, and evaluating potential risks to an organization's assets, and then taking steps to manage or mitigate those risks.

B, C, and D are all related to security threats and vulnerabilities but do not provide a specific definition of risk. B describes the capabilities and intentions of adversaries, C refers to the resources or information that needs protection, and D defines weaknesses in an information system.

Risk Is