Definition: A Risk Analysis is a structured study of existing and anticipated threats and vulnerabilities that face information infrastructure. A risk appears at that point where a threat and vulnerability intersect. Without an understanding of both the software and hardware weaknesses, it is impossible to mitigate against the danger (vulnerabilities). A comprehensive review of threats (usually malicious crackers and hackers), vulnerabilities and information assets, the ability to take corrective action is, otherwise, impossible.
Its Relevance: Performing a comprehensive review of the danger faced by an information infrastructure is vital; otherwise an organization is behaving in an irresponsible and negligent manner. Sometimes this awareness level is referred to as "due diligence". Infrastructure owners might very well find themselves facing what a security company, White Wolf, calls "down stream liability". An organization failing to outline its security posture may be failing to comply with its own fiduciary responsibilities.