Vulnerability assessments Definitions

  • A

    Altman Z-score

    The Altman Z-score is a statistic that is useful for evaluating the financial health of a publicly traded manufacturing company. 

  • C

    Center for Internet Security (CIS)

    The Center for Internet Security (CIS) is a nonprofit organization focused on improving public- and private-sector cybersecurity readiness and response.

  • compliance risk

    Compliance risk is exposure to legal penalties, financial forfeiture and material loss an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices.

  • COMSEC (communications security)

    Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic, or to any information that is transmitted or transferred.

  • I

    information assurance

    Information assurance (IA) is the practice of protecting against and managing risk related to the use, storage and transmission of data and information systems.

  • inherent risk

    Inherent risk is a category of threat that describes potential losses or pitfalls that exist before internal security controls or mitigating factors are implemented.

  • internal control

    An internal control is a business practice, policy or procedure that is established within an organization to create value or minimize risk.

  • intrusion detection system (IDS)

    An intrusion detection system (IDS) is a device or software application that alerts an administrator of a security breach, policy violation or other compromise that may adversely affect the administrator's information technology (IT) network. 

  • ISO 27002 (International Organization for Standardization 27002)

    The ISO 27002 standard is a collection of information security guidelines that are intended to help an organization implement, maintain, and improve its information security management.

  • O

    OPSEC (operational security)

    OPSEC (operational security) is an analytical process that identifies assets such as sensitive corporate information or trade secrets, and determines the controls required to protect these assets.

  • P

    pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if it occurs: loss.

  • R

    risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • risk exposure

    Risk exposure is a quantified loss potential of business actions, and is usually calculated based on the probability of the incident occurring multiplied by its potential losses.

  • risk intelligence (RQ)

    Risk intelligence (RQ) is a term used to describe predictions made around uncertainties and future threat probabilities.

  • risk management

    Risk management is a company's process for identifying and controlling threats to its assets, including proprietary corporate data, customers' PII and intellectual property.

-ADS BY GOOGLE

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close