A Risk Analysis is a structured study of existing and anticipated threats and vulnerabilities that face information infrastructure. A hazard appears at that point where a threat and vulnerability intersect. Without an understanding of both the software and hardware weaknesses, it is impossible to mitigate against the danger. A comprehensive review of threats, vulnerabilities and information assets, the ability to take corrective action is, otherwise, impossible.
Its Relevance: Performing a comprehensive review of the danger faced by an information infrastructure is vital; otherwise an organization is behaving in an irresponsible and negligent manner. Infrastructure owners might very well find themselves facing what a security company, White Wolf, calls "down stream liability". An organization failing to outline its security posture may be failing to comply with its own fiduciary responsibilities.
Return from "Risk Analysis" to Words [P - R]