Risk management includes vast amount of terminology. However, there are 9 main ones that should be clearly understood to be able to understand the context.
- Asset: An asset is anything that should be protected. It can be a computer file, a hardware, a software, a process, a product, a furniture, a person…
- Asset Valuation: This is the monetary value of an asset assigned to it. This can include cost of development, maintenance, repair…
- Threats: Any potential occurrence that might cause damage, unwanted alteration or any unwanted outcome to an asset.
- Vulnerability: The weakness of an asset or safeguard or a countermeasure is called a vulnerability.
- Exposure: Being susceptible to asset loss or damage because of a threat. Exploitation of a vulnerability that can cause damage to the asset.
- Risk: The possibility or chance of a threat exploiting a vulnerability to cause damage to an asset. (Risk = threat x vulnerability) Reducing either threat or vulnerability reduces the risk as well.
- Safeguards: Any countermeasure or security control that removes or reduces a vulnerability or protects from threats.
- Attack: Any attempt to cause damage to assets by exploitation of a vulnerability by a threat agent.
- Breach: Occurrence of security measures being bypassed. A breach combined with an attack means a penetration