threats that can have adverse effects on organizational operations and assets, individuals, in organizations

organizations5 in the public and private sectors depend on information technology6 and
information systems7 to successfully carry out their missions and business functions.
Information systems can include very diverse entities ranging from office networks,
financial and personnel systems to very specialized systems (e.g., industrial/process control
systems, weapons systems, telecommunications systems, and environmental control systems).
Information systems are subject to serious threats that can have adverse effects on organizational
operations and assets, individuals, other organizations, and the Nation by exploiting both known
and unknown vulnerabilities to compromise the confidentiality, integrity, or availability of the
information being processed, stored, or transmitted by those systems. Threats to information
systems can include purposeful attacks, environmental disruptions, human/machine errors, and
structural failures, and can result in harm to the national and economic security interests of the
United States. Therefore, it is imperative that leaders and managers at all levels understand their
responsibilities and are held accountable for managing information security risk—that is, the risk
associated with the operation and use of information systems that support the missions and
business functions of their organizations