The IT Law Wiki
The IT Law Wiki

Definitions[]

Exposure is

  1. a measure of the potential risk to an IT system from both external and internal threats.
  2. "[a] type of threat action whereby sensitive data is directly released to an unauthorized entity.[1]
  3. "[a] form of possible loss or harm, such as erroneous recordkeeping, unmaintainable applications, or business interruptions that affect the profitability of the going concern.[2]
  4. "[t]he condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.[3]

References[]

  1. IETF Network Working Group, Internet Security Glossary, Ver. 2 (RFC 4949) (Aug. 2007) (full-text).
  2. Auditing and Financial Management: Glossary of EDP Terminology, at 7.
  3. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).

See also[]