Assets – People, property, and information. People may include employees and customers along with other invited persons such as vendors or guests. Property assets consist of both tangible and intangible items that can be assigned a value. Intangible assets include reputation and proprietary information. Information may include databases, software code, critical company records and many other intangible items.
Threat – Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage or destroy an asset.
Vulnerability – Weaknesses or gaps in an internal control program that can be exploited by threats to gain unauthorized access to an asset.