The risk equation is composed of three components: threat, vulnerability, and cost.

Risk = Threat x Vulnerability x Cost

In brief, Cost is the damage measured in currency, as experienced in the loss of hardware or software. The cost also includes consulting hours or quantifiable staff time spent in remediating the damages caused. While cost is a key factor in the risk formula, it falls outside the scope of this book. Please refer to sites such as http://www.isaca.org for further information on risk and risk management.

The Threat component of the risk equation is measured in frequency or rate. For example, the threat of a user deleting a file will be greatly reduced if a user only has read permission on the file. By the same token, ...