Definition should include weaknesses or gaps in a security program that could be exploited to gain unauthorized access to an asset.

Process/Skill Questions: