Which one of the following risk analysis terms characterizes the absence or weakness of a risk
reducing safegaurd?

A.
Threat
B.
Probability
C.
Vulnerability
D.
Loss expectancy
Explanation:
A weakness in system security procedures, system design, implementation, internal
controls, and so on that could be exploited to violate system security policy. -Ronald Krutz The CISSP
PREP Guide (gold edition) pg 927