The effect a threat acting upon a vulnerability has on the confidentiality, integrity, and/or availability of the organization’s operations, assets, or individuals.
Sources:
NIST SP 800-161r1