1. Capabilities, intentions, and attack methods of adversaries to exploit, or any circumstance or event with the potential to cause harm to, information or an information system. 2. Any circumstance or event with the potential to harm an information system (IS) through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. 3. The likelihood of an attack being mounted against a computer system. See also: Risk, Vulnerability. 4. A potential violation of security. 5. An action or event that might prejudice security.