U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

risk analysis

Abbreviation(s) and Synonym(s):

Definition(s):

  Process to comprehend the nature of risk and to determine the level of risk.
Source(s):
NIST SP 800-160 Vol. 1 from ISO Guide 73
NIST SP 800-160 Vol. 2 from ISO Guide 73

  Overall process of risk identification, risk analysis, and risk evaluation.
Source(s):
NIST SP 800-160 Vol. 1 under risk assessment from ISO Guide 73
NIST SP 800-160 Vol. 2 under risk assessment from ISO Guide 73

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system.
Source(s):
NIST SP 800-171 Rev. 2 under risk assessment from NIST SP 800-30
NIST SP 800-37 Rev. 2 under risk assessment
NIST SP 800-53 Rev. 5 under risk assessment from NIST SP 800-39
NIST SP 800-172 under risk assessment from NIST SP 800-30 Rev. 1
NIST SP 800-171 Rev. 1 [Superseded] under risk assessment

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
CNSSI 4009-2015 under risk assessment from NIST SP 800-39

  The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment.
Source(s):
NIST SP 1800-21C under Risk Analysis
NIST SP 800-33 [Withdrawn]

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.
Source(s):
NIST SP 800-160 Vol. 2 under risk assessment from NIST SP 800-39 - Adapted

  Risk management includes threat and vulnerability analyses as well as analyses of adverse effects on individuals arising from information processing and considers mitigations provided by security and privacy controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-53 Rev. 5 under risk assessment from NISTIR 8062 - Adapted

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses and analyses of privacy problems arising from information processing and considers mitigations provided by security and privacy controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-53B under risk assessment from NIST SP 800-39

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.
Source(s):
NIST SP 1800-11B under risk assessment from NIST SP 800-30 Rev. 1

  The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. Risk analysis is part of risk management.
Source(s):
NISTIR 4734 under Risk Analysis

  The process of identifying the risks to system security and determining the likelihood of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment.
Source(s):
NIST SP 800-27 Rev. A [Withdrawn]

  See risk analysis.
Source(s):
NIST SP 800-27 Rev. A [Withdrawn] under risk assessment

  See risk analysis
Source(s):
NIST SP 800-33 [Withdrawn] under risk assessment