In an IT security context, it is the process of determining the actual likelihood or risk that an organization’s security will be breached, and what kind of material or immaterial losses will potentially result from such a security breach. Immaterial losses typically describe hard-to-measure losses such as loss of reputation. An example for such a loss would be a successful attack on a bank or financial institution in which data privacy was violated. The risk is typically expressed as a financial risk and used to budget for investments in IT security technology, personnel, and processes; it is similar to insuring against a natural disaster or a theft.
See Also: Risk.