• Vulnerability – a system, network or device weakness
• Threat – potential danger posed by a vulnerability
• Threat agent – the entity that indentifies a vulnerability
and uses it to attack the victim
• Risk – likelihood of a threat agent taking advantage of
a vulnerability and the corresponding business impact
• Exposure – potential to experience losses from a threat
agent
• Countermeasure – put into place to mitigate the
potential risk