risk assessment

nounid 3906·updated May 12, 2026

candidate

GlossaryL1 — what DictionaryL2 — how used ThesaurusL3 — relations Universaleverything

The process of identifying, prioritizing, and estimating risks. This includes determining the extent to which adverse circumstances or events could impact an enterprise. Uses the results of threat and vulnerability assessments to identify risk to organizational operations and evaluates those risks in terms of likelihood of occurrence and impacts if they occur. The product of a risk assessment is a list of estimated potential impacts and unmitigated vulnerabilities. Risk assessment is part of risk management and is conducted throughout the Risk Management Framework (RMF).

polysemousMWE

Classifications

per-axis with provenance

Entity Type

Process0%rule-basedmulti_axis_classifier_low_confidence.v1

Sensitivity

Regulated80%llm-generatedllm:claude-haiku-4-5

Information Class

—90%llm-generatedllm:claude-haiku-4-5

Variants

4 surface forms

synonym: assessment of the impact of the envisaged processing operations on the protection of personal data
plural: risk assessments
possessive: risk assessment's
pluralpossessive: risk assessments'

Framework definitions

13 senses across 12 frameworks

SANS Glossary of Security Terms1 senseview framework →

§1: A Risk Assessment is the process by which risks are identified and the impact of those risks determined.

National Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Lexicon1 senseview framework →

§1 · extended_definition_available: The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.

ISACA Cybersecurity Glossary1 senseview framework →

§1: A process used to identify and evaluate risk and its potential effects Scope Note: Risk assessments are used to identify those items or areas that present the highest risk, vulnerability or exposure to the enterprise for inclusion in the IS annual audit plan. Risk assessments are also used to manage the project delivery and project benefit risk.

FFIEC Cybersecurity Assessment Tool, Baseline, May 20171 senseview framework →

§1: A prioritization of potential business disruptions based on severity and likelihood of occurrence. The risk assessment includes an analysis of threats based on the impact to the institution, its customers, and financial markets, rather than the nature of the threat.

FFIEC IT Examination Handbook - Audit, April 20121 senseview framework →

§1: The purpose of this task is to support the identification, prioritization, and estimation of risks to organizational operations, organizational assets, individuals, other organizations, and the Nation through the operation of an information system and assign a value to assets, threat frequency, and consequences.

NY DFS Part 500 (NYCRR Title 23, Chapter 1, Part 500)1 senseview framework →

§1: The purpose of this task is to support the identification, prioritization, and estimation of risks to organizational operations, organizational assets, individuals, other organizations, and the Nation through the operation of an information system and assign a value to assets, threat frequency, and consequences.

Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook Infobase, Glossary1 senseview framework →

§1: A prioritization of potential business disruptions based on severity and likelihood of occurrence. The risk assessment includes an analysis of threats based on the impact to the institution, its customers, and financial markets, rather than the nature of the threat.

NISTIR 7298: Glossary of Key Information Security Terms, Revision 22 sensesview framework →

§1: The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
§2 · sense_2_pending_review: The process of identifying, prioritizing, and estimating risks. This includes determining the extent to which adverse circumstances or events could impact an enterprise. Uses the results of threat and vulnerability assessments to identify risk to organizational operations and evaluates those risks in terms of likelihood of occurrence and impacts if they occur. The product of a risk assessment is a list of estimated potential impacts and unmitigated vulnerabilities. Risk assessment is part of risk management and is conducted throughout the Risk Management Framework (RMF).

CNSSI-4009 (Glossary of Information Assurance Terms)1 senseview framework →

§1: The process of identifying, prioritizing, and estimating risks. This includes determining the extent to which adverse circumstances or events could impact an enterprise. Uses the results of threat and vulnerability assessments to identify risk to organizational operations and evaluates those risks in terms of likelihood of occurrence and impacts if they occur. The product of a risk assessment is a list of estimated potential impacts and unmitigated vulnerabilities. Risk assessment is part of risk management and is conducted throughout the Risk Management Framework (RMF).

NIST SP 800-531 senseview framework →

§1: The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.

NIST SP 800-53A1 senseview framework →

§1: The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.

NIST SP 800-371 senseview framework →

§1: The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.

Outgoing relationships

term as subject — 0 triples

No outgoing triples

This term is not the subject of any RDF-style relationship yet.

Incoming relationships

term as object — 1 triple

related: ←risk analysisnoun