Citations

Existing Citations

  • authenticity (p. B-2): The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. (†721)
  • qualitative risk assessment (s.v. "qualitative assessment", p. B-8): Use of a set of methods, principles, or rules for assessing risk based on nonnumerical categories or levels. (†722)
  • quantitative risk assessment (s.v. "quantitative assessment", p. B-8): Use of a set of methods, principles, or rules for assessing risks based on the use of numbers where the meanings and proportionality of values are maintained inside and outside the context of the assessment. (†723)
  • risk (p. B-9): A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. (†720)
  • risk assessment (p. B-9): The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. (†719)
  • risk management (p. B-10): The program and supporting processes to manage information security risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, and includes: (i) establishing the context for risk-related activities; (ii) assessing risk; (iii) responding to risk once determined; and (iv) monitoring risk over time. (†725)
  • threat (p. B-13): Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service (†726)
  • vulnerability (p. B-13): Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source (†727)