Threat

Related terms

Vulnerability

A weakness in an asset or in a control protecting that asset, which a threat could exploit to cause harm. Examples: an...

Asset inventory (asset register)

A structured record listing every information asset in scope, together with its owner, custodian, physical or logical location, classification level, criticality rating,...

Asset owner

The person or role accountable for ensuring an asset is appropriately classified, protected, and reviewed. The owner is typically a business manager...

Availability

The property that systems and data are accessible to authorised users when needed. Protected by redundancy, backup, failover, and incident response capabilities....

Classification tier

A label assigned to an asset or data type indicating its sensitivity and the handling rules that apply. Common tiers are Public,...

Confidentiality

The property that information is not disclosed to unauthorised individuals, processes, or devices. Protected by access controls, encryption, and need-to-know policies. Breached...

Information asset

Anything that has value to the organisation by virtue of the information it contains or the information function it performs. Includes data,...

Integrity

The property that information is accurate, complete, and has not been modified without authorisation. Protected by cryptographic hashing, digital signatures, and change...

Non-repudiation

The property that a party cannot deny having performed an action. Provided by digital signatures, timestamped audit logs, and certified delivery receipts....

Explained in these topics

• The CIA Triad and Security FundamentalsAny potential event, actor, or circumstance that could cause harm to an information asset. Examples include ransomware groups, insider misuse, power failures,...
• Risk Identification and Asset ClassificationA potential cause of an unwanted incident that could harm an asset. Threats may be natural (flood, fire), environmental (power failure), human accidental (misc...