Sign In
Register
The IT Law Wiki
Explore
Main Page
All Pages
Community
Interactive Maps
Random page
TopContent
Most Visited Pages
Radio frequency spectrum
Cybercrime
Global positioning system
Information quality
RFID tag
Cloud computing
Fair Information Practice Principles
Newly Changed Pages
Search engine marketing
Internet traffic management
Reputation management
Online identity management
Online reputation
Generative AI pornography
NMS
Most Popular Pages
community
Community portal
forum
Sign In
Don't have an account?
Register
Sign In
Menu
Explore
More
History
Advertisement
Skip to content
The IT Law Wiki
34,539
pages
Explore
Main Page
All Pages
Community
Interactive Maps
Random page
TopContent
Most Visited Pages
Radio frequency spectrum
Cybercrime
Global positioning system
Information quality
RFID tag
Cloud computing
Fair Information Practice Principles
Newly Changed Pages
Search engine marketing
Internet traffic management
Reputation management
Online identity management
Online reputation
Generative AI pornography
NMS
Most Popular Pages
community
Community portal
forum
in:
Security
,
Definition
,
Military
Acceptable level of risk
Sign in to edit
History
Purge
Talk (0)
Contents
1
Definitions
1.1
General
1.2
Military
2
References
3
See also
Definitions
[
]
General
[
]
An
acceptable level of risk
is
“
the level of
risk
that is tolerable in a given situation. It is determined from: an analysis of
threats
and
vulnerabilities
, the
sensitivity
of
data
and
applications
, a
cost/benefit analysis
, and a study of the technical and operational
feasibility
of available controls.
”
Military
[
]
An
acceptable level of risk
is
“
[a]n authority's determination of the level of potential harm to an operation, program, or activity due to the loss of
information
that the authority is willing to accept.
[
1
]
”
“
a judicious and carefully considered
assessment
by the appropriate
Designated Approving Authority
(
DAA
) that an
automatic data processing
(
ADP
) activity or
network
meets the minimum requirements of applicable
security
directives. The
assessment
should take into account the value of
ADP
assets
,
threats
and
vulnerabilities
,
countermeasures
and their
efficiency
in compensating for
vulnerabilities
, and operational requirements.
[
2
]
”
References
[
]
↑
Secretary of the Air Force, Operations Security (OPSEC) (Air Force Instruction 10-701), at 36 (June 8, 2011) (
full-text
).
↑
OPNAVINST 5239.1A; Draft Comprehensive Information Assurance Dictionary 6 (1995) (
full-text
).
See also
[
]
Acceptable risk
Risk
Advertisement