Skip to Main Content
Idaho State University

Glossary

Filter:
# A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
R
R&D
RAC
RAM
RAT
RC4
RD
RED
REL
RF
RFC
RFE
RFP
RKV
RL
RMR
RO
ROM
RPM
RQT
RSA
Rsh
RSN
RTI
RTM
RTS
Run
RWX
Risk Assessment
  • A study of the vulnerabilities, threats, likelihood, loss or impact, and theoretical effectiveness of security measures. Managers use the results of a risk assessment to develop security requirements and specifications. (AFR 205-16)
  • The process of evaluating threats and vulnerabilities, known and postulated, to determine expected loss and establish the degree of acceptability to system operations. (AR 380-380)
  • An identification of a specific ADP facility's assets, the threats to these assets, and the ADP facility's vulnerability to those threats. (DOE 5637. 1)
  • An analysis of system assets and vulnerabilities to establish an expected loss from certain events based on estimated probabilities of the occurrence of those events. The purpose of a risk assessment is to determine if countermeasures are adequate to reduce the probability of loss or the impact of loss to an acceptable level. (OPNAVINST 5239. 1 A)
  • A management tool which provides a systematic approach for determining the relative value and sensitivity of computer installation assets, assessing vulnerabilities, assessing loss expectancy or perceived risk exposure levels, assessing existing protection features and additional protection alternatives or acceptance of risks and documenting management decisions. Decisions for implementing additional protection features are normally based on the existence of a reasonable ratio between cost/benefit of the safeguard and sensitivity/value of the assets to be protected. Risk assessments may vary from an informal review of a small scale microcomputer installation to a more formal and fully documented analysis (i. e. , risk analysis) of a large scale computer installation. Risk assessment methodologies may vary from qualitative or quantitative approaches to any combination of these two approaches. (DOE 1360. 2A)