Risk is a quantitative evaluation of the potential damage caused by an attack, a vulnerability, or an event impacting the set of company IT assets. A vulnerability (or weakness) is a lack of a safeguard, which may be exploited by a threat, causing harm to the information systems; specifically it can be a software flaw that permits an exogenous agent to use a computer system without authorizat…