CISSP Terms and Definitions

Some definitions of Risk Management and Security Management that you need to know to CISSP exam:

Value of information
Cost to acquire + value to owners + what others are willing to pay

Asset
Something of value (resource, product, data)

Probability or Exposure
The chance or likelihood that an event (threat) will occur

Risk
The potential for harm or loss.
Total risk = asset value * vulnerabilities * threats

Safeguard (Control or Countermeasure)
Risk reducing measure (reducing both impact and likelihood) and must allow for auditability and accountability.

Safeguard Effectiveness (%)
Effective mitigation a vulnerability.

Threat
Defines an unfortunate event, undesirable impact on the well being of an asset.

Uncertainty (%)
Typically measured inversely with respect to confidence.

Exposure
Instance of being exposed to losses from specific threat.

Vulnerability
Absence or weakness of a safeguard (potential to allow a threat).