(Information security: insist on confidentiality, integrity and availability of information. Risk assessment: An assessment of the threat, impact and failure of information and information management equipment, as well as the likelihood of a threat occurring. Risk Management: The process of identifying, controlling, mitigating or eliminating risks that may affect the security of information systems at an acceptable cost. Threat: A risk posed by a person, thing, event, or concept to the confidentiality, integrity, availability, or legitimate use of a resource.)