... "the predicted or projected frequency and magnitude of future loss if a threat exploits an exposed vulnerability to cause an adverse business and/or personal impact" [source: SecAware glossary]
... "a relative term, implying degrees or levels of risk, or absolute value if the frequency and magnitude are calculated credibly, with some precision"
[source: SecAware glossary]
... "a measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of the adverse impacts that would arise if the circumstance or event occurs, and the likelihood of occurrence"
[source: NIST Cybersecurity Framework]
... "any reasonably identifiable circumstance or event having a potential adverse effect on the security of network and information systems" [source: ENISA]
... "effect of uncertainty on objectives ..." [source: ISO Guide 73]
... when threat exploits vulnerability causing impact
... tough to measure, express and control
... the product of probability and impact
... the gap between theory and practice
... the root of pessimism and optimism
... the once-in-a-hundred-years event
... known and unknown unknowns
... needing seatbelts and airbags
... a hair's breadth from disaster
... the possibility of exploitation
... mitigated but not eliminated
... inevitable in the Real World
... what keeps us up at night
... not going entirely to plan
... surprisingly complicated
... rarely good, usually bad
... rarely bad, usually good
... outcome =/= prediction
... looking down the barrel
... necessary to get ahead
... expectation <> reality
... stepping into the dark
... walking the tightrope
... imperfect knowledge
... inherent uncertainty
... exciting (to a point)
... white-water rafting
... being on the brink
... tricky to manage
... adventure sports
... skipping a check
... bungee jumping
... poking the tiger
... about causation
... taking chances
... unseen danger
... chances blown
... what might be
... warning signs
... unanticipated
... best avoided
... a card game
... being brave
... de-masking
... opportunity
... lion taming
... life lessons
... hazardous
... possibility
... ambiguity
... investing
... gambling
... black ice
... no limits
... complex
... dynamic
... thrilling
... thin ice
... relative
... danger
... doubt
... I.C.E.
... luck
... fun!
... life
...
Why stop there?
- Accountability is ...
- Assurance is ...
- Audit is ...
- Authorisation is ...
- Control is ...
- Cyber is ...
- Fragility is ...
- Governance is ...
- Impact is ...
- Information is ...
- ISO27k is ...
- Oversight is ...
- Resilience is ...
- Responsibility is ...
- Security is ...
- System is ...
- Threat is ...
- Trust is ...
- Vulnerability is ...
Prompted? Puzzled? Provoked? What have I missed, misrepresented or misunderstood? What other infosec-related terms are worth defining?
Click the pencil below to have your say.
No comments:
Post a Comment
The floor is yours ...