Resilience of an information system
Capacity of an information system to keep working in case of an attack, even in a degraded or weakened state, and to recover its operational capabilities and essential functions after the attack.
Possibility that a concrete threat may exploit a vulnerability to cause a loss or damage in an information asset. Usually it is considered as a combination of the probability of an event and its consequences.
Systematic approach, based on the assessment of threats and vulnerabilities, for the determination of counter-measures necessary for the protection of information or services and resources that support it.