Risk Concepts Glossary
This category establishes the conceptual bridge between insider threat activity and insider risk exposure management. It should support executive and risk-owner search intent.
Use this category page to introduce the term family, list individual glossary entries, explain how the terms relate to insider risk exposure, and route readers to Foundations, Use Cases, Procedures, Tools, Standards, Metrics, Personas, and relevant IRCF™ pages.
Terms in this Category (7)
Exposure
Exposure is the condition of being open to potential insider-related harm because of access, assets, control gaps, business context, or behaviors.
Insider Incident
An insider incident is an event involving trusted access that results in suspected or confirmed harm, misuse, policy violation, loss, exposure, or business disruption.
Insider Risk
Insider risk is the likelihood and potential impact of harm, misuse, loss, or exposure arising from trusted access to organizational assets.
Insider Threat
An insider threat is a person, account, relationship, or trusted entity that may cause harm to an organization through authorized or misused access.
Residual Risk
Residual risk is the insider-risk exposure that remains after controls, mitigations, decisions, or process changes have been applied.
Risk Appetite
Risk appetite is the amount and type of insider-risk exposure an organization is willing to accept in pursuit of its objectives.
Risk Tolerance
Risk tolerance is the acceptable variation around an organization defined risk appetite for a specific context, asset, process, or business decision.