- a measure of the potential risk to an IT system from both external and internal threats.
- "[a] type of threat action whereby sensitive data is directly released to an unauthorized entity.
- "[a] form of possible loss or harm, such as erroneous recordkeeping, unmaintainable applications, or business interruptions that affect the profitability of the going concern.
- "[t]he condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.
- ↑ IETF Network Working Group, Internet Security Glossary, Ver. 2 (RFC 4949) (Aug. 2007) (full-text).
- ↑ Auditing and Financial Management: Glossary of EDP Terminology, at 7.
- ↑ NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).