Risk Assessment (RA) is the process of identifying threat, and vulnerability, determine the probability of a threat exploiting a vulnerability and quantify or qualify the loss if exploitation occurs
Threat is any circumstance or event that has the potential to compromise confidentiality, integrity or availability.
Natural-Floods, Earthquakes, Tornadoes
Human Threats– Unintentional acts, malicious software upload
Environmental Threats-Long term power failure, Pollution, Chemicals, Liquid leakage
Common Threats To Information Systems
Vulnerability is a weakness. It can be a weakness in the hardware, software, the configuration, or users operating the system (Example: No badge reader at the entrance of Data Center, Laptops and desktops have an outdated antivirus software).
Probability: Likelihood a vulnerability will be exploited-High, Low or Moderate