Essential Terminology

• Threat – An action or event that might prejudice security. A threat is a potential violation of security.
• Vulnerability – Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system.
• Target of Evaluation – An IT system, product, or component that is identified/subjected as requiring security evaluation.
• Attack – An assault on system security that derives from an intelligent threat. An attack is any action that violates security.
• Exploit – A defined way to breach the security of an IT system through vulnerability.