Towards unambiguous IT risk definition

Abstract

The paper addresses the fundamental methodological problem of risk analysis and control in information technology (IT) -- the definition of risk as a subject of interest. Based on analysis of many risk concepts, we provide a consistent definition that describes the phenomenon. The proposed terminology is sound in terms of system analysis principles and applicable to practical use in risk assessment and control. Implication to risk assessment methods were summarized.