A report that shows an organization's vulnerabilities and the estimated cost of recovery in the event of damage. It also summarizes defensive measures and associated costs based on the amount of risk the organization is willing to accept (the risk tolerance).
A "risk analysis" is the process of arriving at a risk assessment, also called a "threat and risk assessment." A "threat" is a harmful act such as the deployment of a virus or illegal network penetration. A "risk" is the expectation that a threat may succeed and the potential damage that can occur. See
risk management and
risk mitigation.