1.
Ensuring that information is accessible only to those authorized to have access.
2.
Guaranteeing the accuracy and completeness of data.
3.
Ensuring that authorized users have access to information and systems when needed.
4.
Preventing parties from denying their actions or commitments.
5.
Verifying the identity of a user, device, or system.
6.
Granting access to resources based on identity and permissions.
7.
Mechanisms that restrict access to systems and data.
8.
Identifying, assessing, and prioritizing risks followed by coordinated efforts to minimize or control their impact.
9.
A potential cause of an unwanted incident that may result in harm.
10.
A weakness in a system that can be exploited to cause harm.
11.
A method or code that takes advantage of a vulnerability.
12.
The sum of all the points in a system that are exposed to an attacker.
