Risk Criteria

Definition

1. “Terms of reference against which the significance of a risk is evaluated, such as organizational objectives, internal/external context, and mandatory requirements (e.g., standards, laws, policies).” [1]

Discussion

Risk criteria generally include definitions of impact and likelihood. Impact is defined as the severity of the consequence. Likelihood is defined as the probability of the consequence (event) occurring.

<img src=“/assets/standard-risk-matrix.jpg” style=“max-width: 400px;” />

References

1. NIST definition of risk criteria.)
2. University of Cambridge’s System Safety Assessment (SSA) page on risk criteria
3. MIT Professor Nancy Leveson’s Lecture Slides on Improving the Risk Matrix