Quick Tips

  • A vulnerability is the absence of a safeguard (in other words, it is a weakness) that can be exploited.

  • A threat is the possibility that someone or something would exploit a vulnerability, intentionally or accidentally, and cause harm to an asset.

  • A risk is the probability of a threat agent exploiting a vulnerability and the loss potential from that action.

  • Reducing vulnerabilities and/or threats reduces risk.

  • An exposure is an instance of being exposed to losses from a threat.

  • A countermeasure, also called a safeguard, mitigates the risk.

  • A countermeasure can be an application, software configuration, hardware, or procedure.

  • If someone is practicing due care, they are acting responsibly and will have a lower probability of being found negligent ...

Get CISSP Certification All-in-One Exam Guide, Fourth Edition, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.