Term
|
Definition
| The probability (likelihood) that a given threat source will exercise a particular vulnerability and the resulting impact should that occur |
|
|
Term
|
Definition
| An event or situation that if it occurred, would prevent the organization from operating in its normal manner |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Chance something might happen |
|
|
Term
|
Definition
| What a threat will cost (quantitative/qualitative) |
|
|
Term
|
Definition
| Bad actor looking to do harm |
|
|
Term
|
Definition
| Mechanism applied to minimize risk |
|
|
Term
|
Definition
| Remaining risk(s) after all countermeasures/controls have been applied |
|
|
Term
|
Definition
| Process of identifying, estimating, and prioritizing risks to organizational operations, organizational assets, individuals & other organizations, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. |
|
|
Term
|
Definition
| Level of risk or degree of uncertainty that is acceptable to organizations. (Can be influenced by legal or regulatory requirements) |
|
|
Term
|
Definition
| Process of managing risks to organizational operations, organizational assets, individuals, & other organizations, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security and privacy state of the information system. |
|
|
