Abstract
This article focuses on risks to information technology (IT) systems. Technically speaking, risk to an IT system is a function of the likelihood that some threat will attack, or exploit, some vulnerability in the system and a calculation of the potential impact resulting from these attacks or exploitations.