Measuring IT Risk
It is useful to introduce related terms, to properly measure IT risk.
Information security event
An identified occurrence of a system, service or network state indicating a
Possible breach of information security policy or failure of safeguards, or a
Previously unknown situation that may be security relevant.
Occurrence of a particular set of circumstances The event can be certain or uncertain.
The event can be a single occurrence or a series of occurrences.
Information security incident It is indicated by a single or a series of unwanted information security events that have a significant probability of compromising business operations and
Threatening information security. An event that has been assessed as having an actual or potentially adverse effect on the security or performance of a system.
