Risk is commonly expressed as a function of the
A.
Systems vulnerabilities and the cost to mitigate.
B.
Types of countermeasures needed and the system’s vulnerabilities.
C.
Likelihood that the harm will occur and its potential impact.
D.
Computer system-related assets and their costs.
Explanation:
The likelihood of a threat agent taking advantage of a vulnerability. A risk is the loss
potential, or probability, that a threat will exploit a vulnerability. – Shon Harris All-in-one CISSP
Certification Guide pg 937