Definition should include the potential for loss, damage, or destruction of an asset resulting from a threat exploiting a vulnerability.
Process/Skill Questions:
- What is a risk?
- Who defines risk-- the stakeholder, government, or the consumer? Is risk objective or subjective?
- How are assets lost, damaged, or destroyed as a direct result of threats?
- What formula is used to determine risk?
- What is essential to understanding risks to assets?