Sybex Question Help - What is risk?

Nabsh07

I have a Sybex question and need some help

Q) What is risk?

A) Any Potential Occurrence that could cause undesirable or unwanted outcome
The likelihood that any specific threat will exploit a specific vulnerability to cause harm to an asset.

I think both A and B are correct, but A is more general so I choose A. However the correct answer according to the book is B. Can anyone help me understand why is B and not A.

dhay13

to me A is more of a threat where B is the risk. if you look at it A is asking for an event and B is asking for the likelihood of the event. i don't think either are very good definitions but if given only that info that would be my answer

dinhtq

Q) What is risk?

A) Any Potential Occurrence that could cause undesirable or unwanted outcome
The likelihood that any specific threat will exploit a specific vulnerability to cause harm to an asset.

Follow me :
A : Threat
B : Risk

Jinuyr

The definition for Risk can be found in Chapter 2. I found the statement after the definition to help in identifying it against other terms. "It is an assessment of probability, possibility, or chance. The more likely it is that a threat event will occur, the greater the risk. Every instance of exposure is a risk."

Stewart , James M.; Chapple, Mike; Gibson, Darril (2015-09-11). CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide (Kindle Location 2715). Wiley. Kindle Edition.

TechGuru80

Risk is literally the probability of a threat exploiting a vulnerability.

Nabsh07

Thank you everyone