Posts - Integrating the
Model in the Real

1/13/09: Audit & Risk - Seeing the Forest from the Trees

9/4/08: Security ROI

6/28/08: Boise: A
Terrorist Target?

5/10/01: FFIEC Business
Continuity Planning

4/3/08: SOX 404 Audits

What's in a Word?

Before we continue with the discussion on calculating risk, a word about words.

At this point in the evolution of operational risk models there is little agreement in the community on the formal terms to be used. On the prior page we saw the use of the term "Criticality". Other risk models use terms such as "Impact", "Significance" and "Importance" for the same concept. "Probability" is interchangeable with "Likelihood".

There is no intention on this site to force the use any single word or term to represent a risk function. Feel free to interchange the words, as this site does, with any other term with which you are comfortable. That's the beauty of operational risk. The risk functions are rules, they work no matter what you call them.

Note, the one term you should be careful with is "Threat", for it is often confused with Vulnerability.