measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of:
- the adverse impacts that would arise if the circumstance or event occurs and
- the likelihood of occurrence.
System-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or systems. Such risks reflect the potential adverse impacts to organizational operations, organizational assets, individuals, other organizations, and the Nation.
Source: FIPS 200 (adapted)