ABSTRACT
Risk is the possible outcome that may cause a negative impact on an organization, impeding its ability to accomplish its mission or goals. A negative impact can be as simple as the theft of materials or as complex as a scheme involving industrial espionage. There is a difference between risk assessment and managing risk; risk assessments are conducted by security professionals, and risk is managed by senior management. It is the job of the security professional to evaluate all potential risks.
