A measure of the extent to which an entity is threatened by a potential circumstance or event (such as the exploitation of a vulnerability). System-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or systems. Such risks reflect the potential adverse impacts to organizational operations, organizational assets, individuals, other organizations, and the Nation. Risk is typically expressed as a function of:
- the adverse impacts that would arise if the circumstance or event occurs; and
- the likelihood of occurrence.