Question 105
Main Page
Which of the following best defines "threat" in the context of risk management?
A. An unpatched vulnerability
B. An external compliance obligation
C. A potential event that could exploit a vulnerability and cause harm
D. An outdated control procedure
Answer: C. A potential event that could exploit a vulnerability and cause harm
A threat is the cause of an unwanted incident, which can exploit a vulnerability to harm assets or disrupt operations.