In this context, the term "risk" will be used to refer to the danger of a deviation from the user's objectives. Potential objectives are the criteria of "Multilateral Security" (M ller & Rannenberg, 1999) which are based on the underlying evaluation criteria ITSEC (UK ITSEC) and Common Criteria (CC). The necessity to consider further criteria of functional and economic efficiency is discussed in Reichenbach (2001), introducing a catalog of 79 detailed criteria. An advantage of this definition is also the taking into account of qualitative, non-quantifiable aspects, such as the right to informational self-determination. That means the user's right to release data in a self-determined way or in other words to avoid data, wherever possible.
The risks associated with a transaction have to be assessed with regard to the user's requirements. Hence this risk should be seen as a subjective and situation-dependent dimension. After all, the risks users become aware of are denoted "remaining risks."