Assessment: The action of evaluating, estimating, or judging against defined criteria. Different types of assessment (qualitative, quantitative, and semi-quantitative) are used to assess risk. Some types of assessment yield measures.
Assessment Result(s): Output or outcome of an assessment.
Qualitative Assessment: Uses of a set of methods, principles, or rules for assessing risk based on nonnumerical categories or levels. [Source: SP 800-30]
Quantitative Assessment: Uses a set of methods, principles, or rules for assessing risks based on the use of numbers where the meanings and proportionality of values are maintained inside and outside the context of the assessment. [Source: SP 800-30]
Semi-Quantitative Assessment: Uses of a set of methods, principles, or rules for assessing risk based on bins, scales, or representative numbers whose values and meanings are not maintained in other contexts. [Source: SP 800-30]
Measurement: The process of obtaining quantitative values using quantitative assessment.
Measures: Quantifiable and objective values resulting from measurement.
Metrics: Measures and assessment results designed to track progress, facilitate decision-making and improve performance with respect to a set target.
Security and Privacy: risk management, security measurement