The level of residual risk that has been determined to be a reasonable level of potential loss/disruption for a specific IT System.
Source: NIST 800-16
A level of residual risk to the organization’s operations, assets, or individuals that falls within the defined risk appetite and risk tolerance by the organization.
Source: NIST 800-16lrl
The level of potential losses that a society or community considers acceptable given existing social, economic, political, cultural, technical and environmental conditions. UNISDR Editor’s Note: In engineering terms, acceptable risk is also used to assess and define the structural and non-structural measures that are needed in order to reduce possible harm to people, property, services and systems to a chosen tolerated level, according to codes or “accepted practice” which are based on known probabilities of hazards and other factors.