Risk

Risk-

Risk is the likelihood that something bad will happen. In order for  us to  have a risk in  a particular environment, we need  to have  both a threat and  a vulnerability that  the  specific  threat can  exploit. For example, if we  have  a structure that  is made from  wood and  we set it on fire, we have  both a threat (the  fire) and  a vulnerability that  matches it (the  wood structure). In this  case, we  most definitely have a risk .Likewise, if we have  the  same  threat of fire, but  our  structure is made of concrete, we no longer have a credible risk, because our  threat does  not have  a vulnerability to exploit. We can argue that a sufficiently hot flame could damage the concrete, but this is a much less likely event. We will often have similar discussions regarding potential risk in computing environments, and potential, but unlikely, attacks that could happen. In such cases, the best strategy is to spend our time mitigating the most likely attacks. If we sink  our  resources into  trying  to  plan  for  every  possible attack,  however unlikely,  we will spread ourselves thin and  will be lacking in  protection where we actually need  it the most.