Definition: The word "Risk" (in the context of information security) refers to the convergence of a threat with a vulnerability. All information systems function now function in an asymmetric threat environment. The risk can and does come from just about any source. Conditions are likely to be different for every situation and every organization. How the security challenges evolve is directly related to the organization’s infrastructure, reality and settings. Preparing for the unexpected is key to providing for assurance.
An individual can study and assess the possible risks that they face by conducting a risk analysis.
Its Relevance: A business or an organization, to be prepared, must conduct a threat assessment and vulnerability assessment to better understand what type of security challenges it faces. Outside forces, such as laws, regulations and standards, can dictate what must be done. All prudent organizations must address how potential challenges to their information resources are to be handled. An infrastructure owner and operator strives to assure their information assets.