Word Family Cluster / Glossary Category

Risk Concepts Glossary

This category establishes the conceptual bridge between insider threat activity and insider risk exposure management. It should support executive and risk-owner search intent.

Use this category page to introduce the term family, list individual glossary entries, explain how the terms relate to insider risk exposure, and route readers to Foundations, Use Cases, Procedures, Tools, Standards, Metrics, Personas, and relevant IRCF™ pages.

Terms in this Category (7)

Exposure

Exposure is the condition of being open to potential insider-related harm because of access, assets, control gaps, business context, or behaviors.

Insider Incident

An insider incident is an event involving trusted access that results in suspected or confirmed harm, misuse, policy violation, loss, exposure, or business disruption.

/insider-incident/Read full definition

Insider Risk

Insider risk is the likelihood and potential impact of harm, misuse, loss, or exposure arising from trusted access to organizational assets.

/insider-risk/Read full definition

Insider Threat

An insider threat is a person, account, relationship, or trusted entity that may cause harm to an organization through authorized or misused access.

/insider-threat/Read full definition

Residual Risk

Residual risk is the insider-risk exposure that remains after controls, mitigations, decisions, or process changes have been applied.

/residual-risk/Read full definition

Risk Appetite

Risk appetite is the amount and type of insider-risk exposure an organization is willing to accept in pursuit of its objectives.

/risk-appetite/Read full definition

Risk Tolerance

Risk tolerance is the acceptable variation around an organization defined risk appetite for a specific context, asset, process, or business decision.

/risk-tolerance/Read full definition
Educational Reference NoteThis glossary category is part of the ITMG® Insider Risk Body of Knowledge™ and is designed to establish a common, non-stigmatizing vocabulary. For program implementation frameworks, quantitative assessments, or enterprise metrics, readers are encouraged to consult the Insider Risk Capability Framework™ (IRCF™) or request a Guided Exposure Assessment.