Match each item with a statement below.

A. A specific and identifiable instance of a general threat
B. A detailed statement of what must be done to comply with policy
C. A person who bypasses legitimate controls on an information system to gain access illegally
D. Something that looks like a desirable program or tool, but that is in fact a malicious entity
E. The probability that a specific vulnerability within an organization will be successfully attacked
F. The risk that remains to an information asset even after an existing control has been applied
G. A means to target a specific vulnerability
H. The process used to identify and then control risks to an organization's information assets
I. A segment of code that performs malicious actions

---

A. Threat agent
B. Standard
C. Hacker
D. Trojan horse
E. Likelihood
F. Residual risk
G. Exploit
H. Risk management
I. Virus