A process whereby cost-effective security/control measures may be selected by balancing the costs of various security/control measures against the losses that would be expected if these measures were not in place.
Risk Assessment
Commonly accepted as the process of defining deficiencies or "gaps" in your current security program.
Related Terms: GAP Analysis
Risk Management
The process of assessing risk, taking steps to reduce the risk to an acceptable level and maintaining that level of risk.