1. A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s integrity or security policy.
(Source: RFC 2828)
2. A flaw or weakness in the design or implementation of an information system (including the security procedures and security controls associated with the system) that could be intentionally or unintentionally exploited to adversely effect an organization’s operations or assets through a loss of confidentiality, integrity, or availability.
(Source: NIST SP 800-53)
3. A weakness of an asset or group of assets that can be exploited by one or more threats
(Source: ISO/IEC 13335-1:2004) |