It is isn’t uncommon to hear the two terms ‘calculated’ and ‘risk’ combined as Calculated risk. To be honest, I have heard the term in a number of instances but never research an official definition. According to the Cambridge business department, a calculated risk is a risk taken because the reward of successful implementation outweighs the impact of failing (Cambridge, 2011). Furthermore, Serbian professors Božo Nikolić and Ljiljana Ružić-Dimitrijević offer the calculation:
R = P * F * H * N
As the true definition of a calculated risk (it’s calculated cause there is mathematics involved)(2009). (P) is possibility, (F) is exposure to hazard, (H) possible harm, and (N) is the number of people exposed. What this calculation shows an analyst is an actual rating of the risk involved with a given risk or opportunity.
In the discussion of vulnerability, exploits, and threats the term risk is often intermingled with the definitions of each of these terms. It is easy to see how one can determine the true ‘value’ of the risks related to any system deficiencies.
Whether one uses the final risk calculation or not, the investigation into each of the factors of risk can illuminate clearer elements, issues, concerns and gaps that may go otherwise unrealized.
Cambridge University Press. (2011). Calculated risk. Cambridge Dictionary Online. Retrieved from, http://dictionary.cambridge.org/dictionary/business-english/calculated-risk
Božo Nikolić and Ljiljana Ružić-Dimitrijević (2009). Risk assessment of information technology systems. The Higher Education Technical School of Professional Studies. Retrieved from, http://iisit.org/Vol6/IISITv6p595-615Nikolic673.pdf