Extent to which an organization and/or stakeholder is subject to a risk.
Source(s):
NIST SP 800-161r1
from
ISO Guide 73 - adapted
The combination of likelihood and impact levels for a risk.
Source(s):
NISTIR 8286