Acceptable Risk - A term used to describe the minimum acceptable risk that an organization is willing to take.
Countermeasure or Safeguards - Controls, processes, procedures, or security systems that help to mitigate potential risk.
Exposure - When an asset is vulnerable to damage or losses from a threat.
Exposure Factor - A value calculated by determining the percentage of loss to a specific asset because of a specific threat.
Residual Risk - The risk that remains after security controls and security countermeasures have been implemented.
Risk Management - The process of reducing risk to assets by identifying and eliminating threats through the deployment of security controls and security countermeasures.
Risk Analysis - The process of identifying the severity of potential risks, identifying vulnerabilities, and assigning a priority to each.This may be done in preparation for the implementation of security countermeasures designed to mitigate high-priority risks.