Enabling Enterprise Resilience through Security Automation ...

Term Definitions■ NIST IR 7622– ICT Supply Chain Risk■ Risks that arise from the loss of confidentiality, integrity, or availability of information or informationsystems and reflect the potential adverse impacts to organizational operations (including mission,functions, image, or reputation), organizational assets, individuals, other organizations, and theNation. NIST SP 800-53 Rev 3: FIPS 200, adapted– ICT Supply Chain Risk Management■ The process of identifying, assessing, and mitigating the risks associated with the global anddistributed nature of ICT product and service supply chains.■ CNSS Instruction 4009– Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event and istypically a function of 1) the adverse impacts that would arise if that circumstance or event occurs, and 2) thelikelihood of its occurrence– Vulnerability is a weakness that could be exploited by a threat source– Threat is any circumstance or event with the potential to adversely impact organizational operations, assets,individuals, other organizations, or the Nation– Impact is the magnitude of harm that can be expected| 23 |