The business dictionary defines risk assessment as:
"The identification, evaluation, and estimation of the levels of risks involved in a situation, their comparison against benchmarks or standards, and determination of an acceptable level of risk."
In other words, risk assessments are about discovering everything that could potentially go wrong with a particular situation such as the specific setup and configuration of a system. By discovering the flaws or vulnerabilities of that system, the possibility of something going wrong and the potential impact of the occurrence can be determined. Given that explanation, let’s look at a definition of risk. The authors of the book Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions by Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, Stephen Hilt, give the most complete description of risk I have encountered:
“Risk is the likelihood that a threat source will cause a threat event, by means...