Risk

Risk is the intersection of a threat, a vulnerability it can exploit, and an asset of value — informally, Likelihood × Impact. Quantitative analysis puts dollars on it: SLE (single loss expectancy) = asset value × exposure factor, and ALE (annualized loss expectancy) = SLE × ARO (annual rate of occurrence), which justifies control spending. Once measured, every risk is treated one of four ways: mitigate, transfer, avoid, or accept.