on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.

NIST SP 800-30 defines:;IT-related risk:
:The net mission impact considering:
:# the probability that a particular threat-source will exercise (accidentally trigger or intentionally exploit) a particular information system vulnerability and
:#