Term 541
Risk
Risk is the possibility that an event or action will negatively affect an organization's ability to achieve its goals, often measured in terms of likelihood and impact.
Acronym study
Terms 541–570 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 541
Risk is the possibility that an event or action will negatively affect an organization's ability to achieve its goals, often measured in terms of likelihood and impact.
Term 542
Risk acceptance is a risk management strategy where an organization acknowledges a potential risk but decides to tolerate it without taking active measures to reduce or eliminate it.
Term 543
Risk appetite is the amount of risk an organization is willing to accept in pursuit of its objectives, defining the boundaries for decision-making.
Term 544
Risk assessment is the process of identifying, analyzing, and evaluating potential threats to an organization's assets to determine the likelihood and impact of those threats, and to decide on appropriate treatment measures.
Term 545
Risk avoidance is a risk management strategy that involves eliminating any activity, process, or technology that introduces a specific risk, rather than trying to reduce or accept it.
Term 546
Risk management is the process of identifying, assessing, and controlling threats to an organization's capital, earnings, and operations, including IT systems and data.
Term 547
Risk mitigation is the process of reducing the likelihood or impact of a potential security threat to an acceptable level through specific controls and actions.
Term 548
A risk register is a formal document that lists and tracks all identified risks to an IT project, system, or organization, including their assessed impact, probability, and planned responses.
Term 549
A risk score is a numerical value that represents the level of risk associated with a given asset, threat, or vulnerability in a security context.
Term 550
Risk tolerance is the amount of risk an organization or individual is willing to accept in pursuit of its objectives, defining the boundary between acceptable and unacceptable losses.
Term 551
Risk transfer is the practice of shifting the financial burden of a potential loss to another party, typically through insurance or contracts.
Term 552
Risk treatment is the process of selecting and implementing measures to modify risk, which can include avoiding, accepting, mitigating, or transferring the risk.
Term 553
Risk-based access is a security model that dynamically adjusts access permissions based on the assessed risk of each access request, rather than granting a static level of access to all users.
Term 554
A Rogue Access Point is an unauthorized wireless access point connected to a network without the network administrator's permission, creating a serious security vulnerability.
Term 555
A role is a named set of permissions that can be assigned to users or groups to control access to resources in an IT environment.
Term 556
Role assignment is the process of granting a specific set of permissions to a user, group, or service principal so they can perform certain actions within a system.
Term 557
Root cause analysis is a systematic process used to identify the fundamental underlying cause of a problem, rather than just treating its symptoms.
Term 558
The root user is the superuser on Linux and Unix-like systems with unrestricted permissions to execute any command and access any file on the system.
Term 559
A rootkit is a type of malware that hides its presence and the presence of other malicious software on a computer, often by modifying the operating system itself.
Term 560
Route 53 is Amazon Web Services’ cloud-based Domain Name System (DNS) web service that translates human-readable domain names into IP addresses and routes end-user requests to internet applications.
Term 561
A route table is a set of rules, called routes, that determine where network traffic from a subnet or virtual network is directed.
Term 562
Recovery Point Objective (RPO) is the maximum acceptable amount of data loss measured in time, defining how recent data must be to resume operations after a disruption.
Term 563
Recovery Time Objective is the maximum acceptable time to restore a system or data after a disaster, defining how quickly normal operations must resume.
Term 564
A runbook is a documented set of step-by-step procedures that IT teams use to handle routine operations, incidents, and maintenance tasks consistently and efficiently.
Term 565
Safe Attachments is a Microsoft Defender for Office 365 feature that opens email attachments in a virtual sandbox to detect and block malicious content before they reach your inbox.
Term 566
Safe Links is a Microsoft Defender for Office 365 feature that scans URLs in emails and documents in real time to protect users from malicious websites.
Term 567
A safeguard is a control, measure, or action designed to protect an organization's assets from threats, vulnerabilities, and risks.
Term 568
Sandbox analysis is a security technique where suspicious files or code are executed in an isolated, controlled environment to observe their behavior without risking harm to the live network.
Term 569
Static Application Security Testing is a white-box method of analyzing source code, bytecode, or compiled binaries for security vulnerabilities without executing the program.
Term 570
A flexible pricing model from cloud providers that gives you discounted rates on compute usage in exchange for a commitment to a consistent amount of spending over a one- or three-year term.