Glossary

Acceptable risk is the level of risk a company is willing to tolerate based on the likelihood of exploitation, the value of the asset or data, and the strength of existing security controls. Acceptable risk thresholds are often tradeoffs. For example, a company may be willing to tolerate greater risk of data leakage if it’s too costly to implement additional security measures and the data at risk poses little harm to the organization if exposed.