| Adversary |
Individuals or groups with the aim of carrying out inimical activities |
| Threat |
Any event or situation with the potential of adversely affecting information system sources |
| Risk |
Measure of probability loss resulting from an attack |
| Attack |
Threat carried out by an adversary to collect, disrupt, or damage information system sources |
| Vulnerability |
Any weakness spot within information system resources that can be exploited by an adversary |
| Security policy |
Set of guidelines to maintain the security provisions of an information system resource |
| Assets |
Entity to be protected from attacks and includes hardware, software, data, and networks |
| Countermeasures |
Approaches to mitigate or prevent attacks to secure assets |
