Identification and explanation of the risk related to IS/IT:
The first risk is the pure risk. It has been leading into loss only. The second one is the speculative risk. Here both gain and loss is possible. The next one is the dynamic risk. Here it turns the scenario or the technology having the influence of both probability of loss and gain. Then there has been the static risk. There has been no alteration in the technology or the environment here. This indicates that there has been only loss here. There has been the subjective risk present. This is associated with the psychological uncertainty (Citebm.business.illinois.edu, 2017). Moreover there is the objective risk. It has been measurable and observable. There has been the particular risk that has been exposed to the loss from particular individual events. Then there might be the fundamental risk taking place. This has been the exposure towards the loss to involve huge team of people from the generic phenomena like the inflation, earthquake and so on. There has been a financial risk also that is the probable loss inherent within the financial methods. Lastly there is the possibility of the non-financial risks. This is the probable loss on the basis of the factors other than the methods of financial lending.
Examining the key risk factors of the Risk Model and relating them to the IS/IT environment:
They first key risk factor is the threat source that has been initiating another risk factor the Threat event. From there the vulnerability is exploited. The vulnerability has been causing the adverse impact. It has been producing the organizational risks (Ross, 2017).
Identification and brief discussion on every key risk factors:
The threat source has comprised of the properties like the Internet, capacity and the targeting by the adverse threats. The threat event has been associated with the sequence of scenarios, activities and the actions. The vulnerability has been with severity in the context of the predisposing conditions with the pervasiveness and effectiveness with security controls. The Adverse impact has been with the risk as the assimilation of the likelihood and the impact (Gobble 2014). Lastly the organizational risk has been associated with the organizational operations including the image, mission functions and the reputations. This also includes the individuals, organizational assets, other organizations and even the country as a whole.
Citebm.business.illinois.edu. (2017). CITEBM-cases. [online] Available at: [Accessed 20 Aug. 2017].
Gobble, M.M., 2014. Charting the innovation ecosystem. Research-Technology Management, 57(4), pp.55-59.
Ross, R. (2017). Guide for Conducting Risk Assessments. [online] NIST. Available at: [Accessed 20 Aug. 2017].