We've spent a lot of time in the last few chapters talking about threats and vulnerabilities, and their potential to impact our systems and information. How we address these threats is through the application of handling risk.

Risk = Probability x Impact:

• Probability = How likely is it that this vulnerability will be exploited?
• Impact = How much is it going to hurt?