The three risk factors used to identify risk exposures are:

The three risk factors used to identify risk exposures are types of risk (what risks exist), probability of occurrence (how likely they are to happen), and loss potential (the potential impact or cost if the risk materializes). These factors form the basis for effective risk assessments and prioritization in security management.

ASIS Certified Protection Professional (CPP®) References:

Risk Management Process: The CPP manual emphasizes identifying types of risk, assessing likelihood, and evaluating potential losses as foundational elements of risk analysis (Chapter 5).

Risk Prioritization and Mitigation: CPP resources provide methods for quantifying these factors to develop actionable mitigation strategies.