Risk Terminology and Elements of Risk

Risk management includes vast amount of terminology. However, there are 9 main ones that should be clearly understood to be able to understand the context.

  1. Asset: An asset is anything that should be protected. It can be a computer file, a hardware, a software, a process, a product, a furniture, a person…
  2. Asset Valuation: This is the monetary value of an asset assigned to it. This can include cost of development, maintenance, repair…
  3. Threats: Any potential occurrence that might cause damage, unwanted alteration or any unwanted outcome to an asset.
  4. Vulnerability: The weakness of an asset or safeguard or a countermeasure is called a vulnerability.
  5. Exposure: Being susceptible to asset loss or damage because of a threat. Exploitation of a vulnerability that can cause damage to the asset.
  6. Risk: The possibility or chance of a threat exploiting a vulnerability to cause damage to an asset.  (Risk = threat x vulnerability) Reducing either threat or vulnerability reduces the risk as well.
  7. Safeguards: Any countermeasure or security control that removes or reduces a vulnerability or protects from threats.
  8. Attack: Any attempt to cause damage to assets by exploitation of a vulnerability by a threat agent.
  9. Breach: Occurrence of security measures being bypassed. A breach combined with an attack means a penetration

Leave a Reply

Your email address will not be published. Required fields are marked *