Which term refers to the level of risk identified before any measures have been applied to mitigate it?

The term that refers to the level of risk identified before any measures have been applied to mitigate it is inherent risk. Inherent risk represents the natural level of risk associated with an activity or business process in the absence of any controls or mitigations. It helps organizations understand the potential vulnerabilities and threats they might face before implementing security or risk management strategies.

Understanding inherent risk is crucial for developing a risk management framework, as it establishes a baseline from which organizations can assess the effectiveness of their mitigation strategies. By assessing inherent risk, organizations can prioritize their risk management efforts and allocate resources effectively to areas that may require enhanced protections.