# Term:Risk

## Contents

- 1 CNSSI 4009
- 2 DoDI 8100.03
- 3 DoDI 8551.01
- 4 DSS Glossary
- 5 GAO-09-232G
- 6 NIST FIPS 200
- 7 NIST IR 7298
- 8 NIST IR 7328 Draft
- 9 NIST SP 800-16
- 10 NIST SP 800-18r1
- 11 NIST SP 800-26
- 12 NIST SP 800-27rA
- 13 NIST SP 800-28v2
- 14 NIST SP 800-30
- 15 NIST SP 800-32
- 16 NIST SP 800-33
- 17 NIST SP 800-37r1 Draft
- 18 NIST SP 800-37
- 19 NIST SP 800-39 Draft 2
- 20 NIST SP 800-40
- 21 NIST SP 800-47
- 22 NIST SP 800-53A
- 23 NIST SP 800-53r1
- 24 NIST SP 800-53r2
- 25 NIST SP 800-53r3
- 26 NIST SP 800-60r1V1
- 27 NIST SP 800-60r1V2
- 28 NIST SP 800-61r1
- 29 NIST SP 800-61
- 30 NIST SP 800-66
- 31 NIST SP 800-79-1
- 32 NIST SP 800-82 Final Draft
- 33 NSTISSI 1000

## CNSSI 4009

Risk - Possibility that a particular threat will adversely impact an IS by exploiting a particular vulnerability.

## DoDI 8100.03

Risk - A combination of the likelihood that a threat will occur, the likelihood that a threat occurrence will result in an adverse impact, and the severity of the resulting impact. E2.1.31.

## DoDI 8551.01

Risk - A combination of the likelihood that a threat will occur, the likelihood that a threat occurrence will result in an adverse impact, and the severity of the resulting impact ( reference (f)). E2.1.15.

## DSS Glossary

Risk - Measure of the potential degree to which protected information is subject to loss through adversary exploitation.

## GAO-09-232G

Risk - The level of impact on entity operations (including mission, functions, image, or reputation), entity assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.

## NIST FIPS 200

Risk - The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.

## NIST IR 7298

Risk - The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. SOURCE: SP 800-53; FIPS 200

## NIST IR 7328 Draft

Risk - The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [FIPS 200, Adapted]

## NIST SP 800-16

Risk - the probability that a particular security threat will exploit a system vulnerability.

## NIST SP 800-18r1

Risk - The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [NIST SP 800-30]

## NIST SP 800-26

Risk - Risk is the possibility of harm or loss to any software, information, hardware, administrative, physical, communications, or personnel resource within an automated information system or activity.

## NIST SP 800-27rA

Risk - Within this document, synonymous with "IT-related risk."

## NIST SP 800-28v2

Risk - A measure of the likelihood and the consequence of events or acts that could cause a system compromise, including the unauthorized disclosure, destruction, removal, modification, or interruption of system assets.

## NIST SP 800-30

Risk - Within this document, synonymous with IT-Related Risk.

## NIST SP 800-32

Risk - An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result.

## NIST SP 800-33

Risk - Within this document, synonymous with "IT-related risk."

## NIST SP 800-37r1 Draft

Risk - A measure of the extent to which an entity is threatened by a potential circumstance or event and typically a function of the likelihood of the circumstance or event occurring and of the resulting adverse impacts. [NIST SP 800-30, Revision 1]

## NIST SP 800-37

Risk - The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [NIST SP 800-3730]

## NIST SP 800-39 Draft 2

Risk - The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation resulting from the operation or use of an information system given the potential impact of a threat and the likelihood of that threat occurring. [FIPS 200 Adapted]

## NIST SP 800-40

Risk - The probability that a particular threat will exploit a particular vulnerability.

## NIST SP 800-47

Risk - The net mission impact considering the probability that a particular threat will exercise (accidentally trigger or intentionally exploit) a particular information system vulnerability and the resulting impact if this should occur.

## NIST SP 800-53A

Risk - The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [FIPS 200, Adapted]

## NIST SP 800-53r1

Risk - The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.

## NIST SP 800-53r2

Risk - The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [FIPS 200]

## NIST SP 800-53r3

Risk - A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.

- Information system-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation. [FIPS 200, Adapted]

## NIST SP 800-60r1V1

Risk - The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [FIPS 200, Adapted]

## NIST SP 800-60r1V2

Risk - The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [FIPS 200, Adapted]

## NIST SP 800-61r1

Risk - The probability that one or more adverse events will occur.

## NIST SP 800-61

Risk - The probability that one or more adverse events will occur.

## NIST SP 800-66

Risk - The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the probability of that threat occurring. [NIST SP 800-6630]

## NIST SP 800-79-1

Risk - The level of potential impact on an organization operations (including mission, functions, image, or reputation), organization assets, or individuals of a threat or a given likelihood of that threat occurring.

## NIST SP 800-82 Final Draft

Risk - The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system, given the potential impact of a threat and the likelihood of that threat occurring.[NIST SP 800-30, Risk Management Guide for Information Technology Systems, July 2002.]

## NSTISSI 1000

Risk - A combination of the likelihood that a threat will occur, the likelihood that a threat occurrence will result in an adverse impact, and the severity of the resulting impact.

- Term
- CNSSI 4009 Terms
- CNSS Terms
- NIACAP Terms
- DIACAP Terms
- DoDI 8100.03 Terms
- DoD Terms
- DoDI 8551.01 Terms
- DSS Glossary Terms
- DSS Terms
- GAO-09-232G Terms
- FISCAM Terms
- GAO Terms
- NIST FIPS 200 Terms
- FISMA Terms
- NIST IR 7298 Terms
- NIST IR 7328 Draft Terms
- NIST Terms
- NIST SP 800-16 Terms
- NIST SP 800-18r1 Terms
- NIST SP 800-26 Terms
- NIST SP 800-27rA Terms
- NIST SP 800-28v2 Terms
- NIST SP 800-30 Terms
- NIST SP 800-32 Terms
- NIST SP 800-33 Terms
- NIST SP 800-37r1 Draft Terms
- NIST SP 800-37 Terms
- NIST SP 800-39 Draft 2 Terms
- NIST SP 800-40 Terms
- NIST SP 800-47 Terms
- NIST SP 800-53A Terms
- NIST SP 800-53r1 Terms
- NIST SP 800-53r2 Terms
- NIST SP 800-53r3 Terms
- NIST SP 800-60r1V1 Terms
- NIST SP 800-60r1V2 Terms
- NIST SP 800-61r1 Terms
- NIST SP 800-61 Terms
- NIST SP 800-66 Terms
- HIPAA Terms
- NIST SP 800-79-1 Terms
- HSPD-12 Terms
- NIST SP 800-82 Final Draft Terms
- NSTISSI 1000 Terms
- NSTISSC Terms