The assessment and verification of an organization’s systems and controls by an independent, third-party agency.

A threat is a potential event that could take advantage of your protected asset’s flaws and result in the loss of your security’s confidentiality, integrity, and/or availability (C-I-A). Threats result in non-desirable performance of critical assets. There’s always a potential flaw that could be exposed, and when a threat is identified, think about the way it could affect the pillars of security: integrity, availability, and confidentiality.

The scope of your audit refers to the boundaries for the assessment. It requires organizations to identify the people, locations, policies and procedures, and technologies that interact with, or could otherwise impact, the security of the information being protected.

The process of identifying, assessing, mitigating, and controlling threats to an organization. These threats could stem from financial uncertainty, legal liabilities, management, accidents, or natural disasters.

A process for identifying, analyzing, and mitigating potential risks to an organization’s systems, processes, and procedures.