Glossary

A

Asset Any component (system, data, service, capability) that has value and requires protection.

Attack Vector Path or method used by a threat source to exploit a vulnerability.

---

C

Control A technical, organizational, or procedural measure implemented to reduce risk.

Critical Asset Asset whose compromise has severe impact on confidentiality, integrity, or availability.

---

H

Heaven External VPS environment hosting internet-facing services (documentation, Git, ERP).

---

I

Impact Severity of consequences if a risk materializes.

Identity System Infrastructure responsible for authentication and authorization (e.g. LDAP/AD).

---

L

Likelihood Estimated probability of a threat scenario occurring.

---

R

Risk Combination of likelihood and impact associated with a threat scenario affecting an asset.

Risk Register Canonical list of all identified risks in the system, uniquely identified (R-001 → R-010).

---

S

Scenario (Threat Scenario) Structured description of how a threat source could exploit vulnerabilities to impact an asset.

---

T

Trust Boundary Logical or network separation where trust level changes between systems or environments.

---

V

Vulnerability Weakness in a system that can be exploited by a threat source.

---

W

Wazuh Security monitoring and SIEM platform used for log aggregation and detection in the lab.