IT-related risk

The net mission/business impact considering the probability that a particular threat source will exploit, or trigger, a particular information system vulnerability, and the resulting impact if this should occur. ITrelated risks arise from legal liability or mission/business loss due to, but not limited to, (1) unauthorized (malicious, nonmalicious, or accidental) disclosure, modification, or destruction of information; (2) nonmalicious errors and omissions; (3) IT disruptions due to normal or manmade disasters; (4) failure to exercise due care and diligence in the implementation and operation of the IT.