CISSP考试指南笔记：1.2安全定义

A vulnerability is a weakness in a system that allows a threat source to compromise its security.

漏洞是系统中允许威胁源危及其安全的弱点。

A threat is any potential danger that is associated with the exploitation of a vulnerability.

威胁是与漏洞利用相关的任何潜在危险。

the entity that takes advantage of a vulnerability is referred to as a threat agent.

利用漏洞的实体称为威胁代理。

A risk is the likelihood of a threat source exploiting a vulnerability and the corresponding business impact.

风险是威胁源利用漏洞及其相应业务影响的可能性。

An exposure is an instance of being exposed to losses.

暴露就是遭受损失的一个实例。

A control, or countermeasure or safeguard, is put into place to mitigate (reduce) the potential risk.

控制措施、对策或保障措施，是用于减轻(降低)潜在风险。

剩余内容请到公众号debugeeker，链接为CISSP考试指南笔记：1.2安全定义