ISO27001 has specific definitions6 for key terms, and these are relevant to those involved in carrying out risk assessments.
Asset: anything that has value to the organization.
Availability: the property of being accessible and usable upon demand by an authorized entity.
Confidentiality: the property that information is not made available or disclosed to unauthorized individuals, entities or processes.
Control: means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of an administrative, technical, management or legal nature. Control is also used as a synonym for safeguard or countermeasure.
Information processing facilities: any information processing ...