Anything that can harm your data is a threat.

  • A vulnerability is anything that allows a threat to be made.
  • A safeguard, or countermeasure, is anything that lessens the threat.
  • Residual risks are the acceptable risks that exist after all countermeasures have been applied.