Definition: A Risk Analysis is a structured study of existing and anticipated threats and vulnerabilities that face information infrastructure. A risk appears at that point where a threat and vulnerability intersect. Without an understanding of both the software and hardware weaknesses, it is impossible to mitigate against the danger (vulnerabilities). A comprehensive review of threats (usually malicious crackers and hackers), vulnerabilities and information assets, the ability to take corrective action is, otherwise, impossible.
Its Relevance: Performing a comprehensive review of the danger faced by an information infrastructure is vital; otherwise an organization is behaving in an irresponsible and negligent manner. Sometimes this awareness level is referred to as "due diligence". Infrastructure owners might very well find themselves facing what a security company, White Wolf, calls "down stream liability". An organization failing to outline its security posture may be failing to comply with its own fiduciary responsibilities.
Return from "Risk Analysis" to Words [P - R]