Which one of the following risk analysis terms characterizes the absence or weakness of a riskreducing safegaurd?
A.
Threat
B.
Probability
C.
Vulnerability
D.
Loss expectancy
Explanation:
A weakness in system security procedures, system design, implementation, internal
controls, and so on that could be exploited to violate system security policy. -Ronald Krutz The
CISSP PREP Guide (gold edition) pg 927