# Risk Terminology Backlink: [[Domain 1 - Index]] **Definition:** Common terms describing uncertainty and potential loss that drive consistent risk discussions. ## Key Facts - Asset: item of value (data, systems, reputation). - Threat: potential cause of an unwanted incident. - Vulnerability: weakness exploitable by threats. - Likelihood vs. Impact: chance vs. magnitude. - Exposure Factor (EF), SLE, ARO, ALE for quantification. - Inherent vs. Residual risk distinctions. - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Interpreting risk statements and calculations - Mapping controls to reduce likelihood vs. impact >[!note] **Mnemonic** - “A Threat Values L/I.” ### Example Q: If inherent risk is high but residual is low, what worked? A: Effective controls. ## Revision Checklist - [ ] Define threat vs. vulnerability - [ ] Calculate SLE and ALE - [ ] Differentiate inherent vs. residual - [ ] Assign risk vs. control ownership ## Related [[Quantitative Risk Assessment]] · [[Qualitative Risk Assessment]] · [[Risk Management Process]] · [[Risk Response Strategies]] · [[Security Control Types]] #cisSP #domain-1 #concept