Fireworks,

I’ll put it here and leave it like this for now, don’t forget (well, I really should have, remember):

Risk is a factor that reflects the possible damage to an organization as a result of an information security threat: information leakage and its misuse (the risk ultimately reflects probable financial losses - direct or indirect), exploitation of vulnerabilities that affected the IT infrastructure and led to a cyber incident, compromise of the IT infrastructure, regulatory, reputational, and legal costs.

Threat is a potential event, action, process or phenomenon that can lead to a violation of the confidentiality, integrity, availability, reliability of information, as well as its unlawful replication. It is also an operational risk that affects the violation of one (or several) properties of information - integrity, confidentiality, availability, reliability of protected objects. Also the possibility of implementing unauthorized actions in relation to the information system.

#term #paper