Definition: A threat against an information infrastructure can originate from any source. It's a hazard that puts mission critical information at risk.
Included as dangers to maintaining security would be any condition, individual, Act of God or nature, crackers, cyber-criminals or cyber-terrorists that could result in the damage or destruction of an organization's information system. Hardware failures, power failures, software or software application failures as well as honest mistakes must also be considered risks and can cause significant problems that put the information assurance process at serious risk
Its Relevance: An organization must conduct a well thought-out and realistic survey of the potential risks facing an organization. This activity must be given a high priority from the highest level of management. The organization is otherwise unprepared to cope with an onset of attempts to intrude upon the organization's information system for the purpose of doing harm.