None of the above

Both A and B

To implement security controls to optimize protection

To determine an appropriate budget for security

A threat to organizational operations

A vulnerability in the system

An item of value to the achievement of organizational mission/business objectives

A security control measure

A safeguard for information systems

A circumstance or event that benefits the organization

A weakness in the system

Any event with the potential to impact organizational operations negatively

The magnitude of potential threat events

The measure of how much damage a threat can do

The level of force a threat agent can apply against an asset

The frequency of threat events

A safeguard for the system

A weakness that could be exploited by a threat source

The magnitude of harm from unauthorized disclosure

The frequency of threat agents acting against an asset

To analyze how information is handled to ensure privacy compliance

To estimate the cost of security breaches

To implement security controls

To determine the likelihood of a threat event

The frequency of privacy breaches

The extent to which staff understands information privacy importance

The level of security controls in place

The magnitude of harm from unauthorized disclosure