□ [ISO/IEC 27002:2000]

Assessment of threats to, impacts on and vulnerabilities of information and information processing facilities and the likelihood of their occurrence.

对信息和信息处理设施的危害、影响和薄弱点及三者发生的可能性的评估。

□ [ISO Guide 73:2002]

Overall process of risk analysis and risk evaluation.

风险分析和风险评价的整个过程。