Common Risk Definitions
Confidentiality
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Impact Level
The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.
Inherent Risk
Portion of risk without security measures applied.
Integrity
Improper information modification or destruction and includes ensuring information non-repudiation and authenticity.
Likelihood of Occurrence
The probability that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities.
Residual Risk
Portion of risk remaining after security measures have been applied.
Risk Appetite
The amount of risk an organization is willing to accept.
Threat
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service.
Threat Event Assessment
Process of formally evaluating the degree of threat to an information system or enterprise and describing the nature of the threat.
IT Risk Classification
Contact NU ITS Security
Need assistance or have questions related to IT Security? Email the NU ITS Security team at security@nebraska.edu for support.