Are you an EPFL student looking for a semester project?
Work with us on data science and visualisation projects, and deploy your project as an app on top of Graph Search.
Concept
IT risk
Summary
Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.
Assessing the probability or likelihood of various types of event/incident with their predicted impacts or consequences, should they occur, is a common way to assess and measure IT risks. Alternative methods of measuring IT risk typically involve assessing other contributory factors such as the threats, vulnerabilities, exposures, and asset values.
IT risk: the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization. It is measured in terms of a combination of the probability of occurrence of an event and its consequence.
The Committee on National Security Systems of United States of America defined risk in different documents:
From CNSS Instruction No. 4009 dated 26 April 2010 the basic and more technical focused definition:
Risk – Possibility that a particular threat will adversely impact an IS by exploiting a particular vulnerability.
National Security Telecommunications and Information Systems Security Instruction (NSTISSI) No. 1000, introduces a probability aspect, quite similar to NIST SP 800-30 one:
Risk – A combination of the likelihood that a threat will occur, the likelihood that a threat occurrence will result in an adverse impact, and the severity of the resulting impact
National Information Assurance Training and Education Center defines risk in the IT field as:
The loss potential that exists as the result of threat-vulnerability pairs.
Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.
Ontological neighbourhood
Related courses (9)
CIVIL-438: Risk analysis and management
Le cours vise à donner les outils permettant d'appréhender de manière fondée et scientifique la question de l'analyse et de la gestion des risques technologiques et naturels, avec une attention partic
ENG-430: Risk management
This course offers students the opportunity to acquire the methods and tools needed for modern risk management from an engineering perspective. It focuses on actors, resources and objectives, while en
HUM-125(a): Global issues: health A
Le cours présente l'enjeu mondial de la santé. Il aborde les défis posés par l'innovation biomédicale, les maladies infectieuses et neuropsychiatriques. L'approche interdisciplinaire intègre les SHS e
Related lectures (33)
Security Testing and Spoofing
Covers security testing techniques, spoofing vulnerabilities, encryption bans, and network security properties.
Gait Analysis: Aging Application
Explores the analysis of gait in aging, emphasizing risk factors for falls and the decline of gait automatism with age.
Emerging Risks: Contributing Factors
Delves into factors contributing to emerging risks and their management.
Related publications (59)
Related people (7)
Related concepts (13)
Threat (computer)
In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application. A threat can be either a negative "intentional" event (i.e. hacking: an individual cracker or a criminal organization) or an "accidental" negative event (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster event such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
Factor analysis of information risk
Factor Analysis of Information Risk (FAIR) is a taxonomy of the factors that contribute to risk and how they affect each other. It is primarily concerned with establishing accurate probabilities for the frequency and magnitude of data loss events. It is not a methodology for performing an enterprise (or individual) risk assessment. FAIR is also a risk management framework developed by Jack A. Jones, and it can help organizations understand, analyze, and measure information risk according to .
Asset (computer security)
In information security, computer security and network security, an asset is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware (e.g. servers and switches), software (e.g. mission critical applications and support systems) and confidential information. Assets should be protected from illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization.