<Li> A combination of the likelihood that a threat shall occur, the likelihood that a threat occurrence shall result in an adverse impact, and the severity of the resulting adverse impact . </Li> <Li> the probability that a particular threat will exploit a particular vulnerability of the system . </Li> <P> Many NIST publications define risk in IT context in different publications: FISMApedia term provide a list . Between them: </P> <Ul> <Li> According to NIST SP 800 - 30: <Dl> <Dd> Risk is a function of the likelihood of a given threat - source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization . </Dd> </Dl> </Li> <Li> From NIST FIPS 200 <Dl> <Dd> Risk - The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring . </Dd> </Dl> </Li> </Ul>

What are the primary initiatives implemented as aresult of the usa patriot act