Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability. 
See the following under Threat for more information: 

Get Certified Get Ahead

FIPS 200
NIST SP 800-150
NIST SP 800-30 Rev. 1. 
NIST SP 800-128
NIST SP 800-137
NIST SP 800-161
NIST SP 800-37 Rev. 1
NIST SP 800-39
NIST SP 800-53 Rev. 4
NIST SP 800-53A Rev. 4
NISTIR 7621 Rev. 1
NIST SP 800-18 Rev. 1
NIST SP 800-82 Rev. 2
NIST SP 800-150
NIST SP 800-30 Rev. 1
NIST SP 800-171 Rev. 1

NISTIR 7622 under Threat ( NIST SP 800-27, NIST SP 800-37, NIST SP 800-53A, NIST SP 800-60, NIST SP 800-53). 

The potential for a threat-source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability. 

See NIST SP 800-47 under Threat for more information. 

A possible danger to a computer system, which may result in the interception, alteration, obstruction, or destruction of computational resources, or other disruption to the system. 

See NIST SP 800-28 Version 2 under Threat for more information. 
The potential source of an adverse event. 
See NIST SP 800-61 Rev. 2 under Threat for more information. 
The likelihood or frequency of a harmful event occurring. 
See NISTIR 7435 under Threat for more information. 
 Potential cause of an unwanted incident, which may result in harm to a system or organization
See NISTIR 8053 (ISO/IEC 27000:2014) for more information. 

Share this Post