a) In terms of software risk,an event is any situation or happening or real/virtual object that causes risk which is an expectation of loss or a potential problem that may or may not occur in the future. a threat according to information security is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm. So,when a threat is in action it becomes an event .( security breach event). b)Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization. Here the information resources are called the assets. According to Information security,an asset is any data, device, or other component of the environment that supports information-related activities. Assets generally include hardware, software and confidential information.Assets should be protected from illicit access, use, disclosure, alteration, destruction, and/or theft, resulting in loss to the organization. The goal of information security is to ensure the confidentiality, integrity and availability of assets from various threats. For example, a hacker might attack a system in order to steal credit card numbers by exploiting a vulnerability. If the assests are under risk ,the organization may be driven towards losses in terms of its business objective ( say information of customers , information regarding customer money and transactions which affects customer loyalty , damage to infrastructure whether software or hardware etc).So an asset is not only monetary. We can broadly classify assets in the following categories: 1. Information assets Every piece of information about your organization falls in this category. This information has been collected, classified, organized and stored in various forms. Example : Databases: Information about your customers, personnel, production, sales, marketing, finances. This information is critical for your business. It\'s confidentiality, integrity and availability is of utmost importance. Data files: Transactional data giving up-to-date information about each event. Operational and support procedures: These have been developed over the years and provide detailed instructions on how to perform various activities. Archived information: Old information that may be required to be maintained by law. Continuity plans, fallback arrangements: These would be developed to overcome any disaster and maintain the continuity of business. Absence of these will lead to ad-hoc decisions in a crisis. 2. Software assets These can be divided into two categories: a) Application software: Application software implements business rules of the organization. Creation of application software is a time consuming task. Integrity of application software is very important. Any flaw in t.