A hardware, firmware, or software flaw that leaves an information system open to potential exploitation; a weakness in automated system security procedures, administrative controls, physical layout, internal controls, etc., that could be exploited to gain unauthorized access to information or to disrupt critical processing.
Retrieved from FFIEC IT Handbook Infobase Glossary. (2018). http://ithandbook.ffiec.gov/glossary.aspx