IS-related risk

The probability that a particular threat agent will exploit, or trigger, a particular information system vulnerability and the resulting mission/business impact if this should occur. ISrelated risks arise from legal liability or mission/business loss due to (1) unauthorized (malicious, nonmalicious, or accidental) disclosure, modification, or destruction of information; (2) nonmalicious errors and omissions; (3) IS disruptions due to natural or manmade disasters; (4) failure to exercise due care and diligence in the implementation and operation of the IS.