1. Probability and severity of loss linked to threats or hazards and vulnerabilities. (DoDD 3020.40, Critical Infrastructure, 14 Jan 2010).

2. A measure of consequence of peril, hazard or loss, which is incurred from a capable aggressor or the environment (the presence of a threat and unmitigated vulnerability). (DoD 5200.08-R, Physical Security Program, 9 Apr 2007).

3. A measure of the potential degree to which protected information is subject to loss through adversary exploitation. (DoD 5205.02-M, DoD OPSEC Program Manual, 3 Nov 2008).

Source: Terms & Definitions of Interest for DoD Counterintelligence Professionals, Office of the National Counterintelligence, https://www.dni.gov/files/NCSC/documents/ci/CI_Glossary.pdf