O'Reilly logo
  • Jennifer Kassar thinks this is interesting:

Risks are the combination of vulnerabilities that may be exploited by threats together with the potential impact on the asset. In information assurance, risks exist when the result of the previous relationship is positive. Risk management refers to the application of a method that consists of policies, procedures, and practices used to identify these risk events. The objective is to identify, analyze, treat, evaluate, and continue to improve the way the organization manages its risk profile. In short, risk management is a means to identify, manage, and control risk.