Frequently Asked Questions



A THREAT can be defined as any indication, circumstance, or event with the likelihood to cause loss of, or damage, to an asset. It can also be defined as the a situation when any individual, organization or entity, has the intent, capability and opportunity to cause loss or damage to an asset. Threats cannot always be controlled, only a vulnerability can.



THREAT MANAGEMENT is an integrated approach to security which proactively identifies threats and vulnerabilities, and applies tailored mitigation strategies, designed to reduce or eliminate the level of harm to organization or individual. Successful threat management strategies frequently adjust according to the level of severity a threat poses.


An INSIDER is any individual with authorized access to your facilities, offices, equipment, information, networks, systems and resources. This includes, but is not limited to employees, contractors and third-party vendors.


An INSIDER THREAT exists when an INSIDER utilizes their authorized access, intentionally or maliciously, to do harm to you, your company or organization.


An INSIDER RISK exists when an INSIDER utilizes their authorized access, unintentionally or unknowingly, to do harm to you, your company or organization.


RISK is the potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability (unwanted outcome). Risk is the probability of a threat crossing or touching a vulnerability (probability of loss).


RISK MANAGEMENT is the process of identifying, assessing and controlling risks arising from business or operational factors, and making decisions that balance risk with the cost of business.


RISK ACCEPTANCE is the explicit or implicit decision not to take an action that would affect all or part of a particular risk.



An ASSET is anything of value related to a resource, product, service or contract, of which, the loss, compromise or damage of, may adversely affect an individual, company or organization. An asset can be any person, structure, facility, information, material, or process that has value.




A VULNERABILITY is any weakness that can be exploited by threats to gain unauthorized access to an asset. A vulnerability is also any situation or condition, which if left unchanged or unaddressed, could reasonably be exploited and result in loss or damage.


IMPACT is the degree of loss or damage expected from the successful exploitation of a vulnerability, measured in terms of money, time, lives and operational effectiveness.

A COMPROMISE is the exposure of assets, company sensitive (intellectual and proprietary) information, personally identifiable information (PII), or material to an unauthorized entity.


A COUNTERMEASURE is any action, measure, procedure or device that reduces or eliminates an identified risk.