Match each term with the correct statement below.

A. Weaknesses, where threats are known to exist
B. Likelihood that an identified weakness will be exploited by a known threat
C. Specific steps taken to decrease the impact of a given threat
D. A collection of knowledge elements all related to the same purpose and which describe the practices for accomplishing a well-defined goal or doing a specific type of work
E. The executive who is responsible for ensuring the compliance of all aspects of the organization involved in information processing, or cybersecurity with laws, regulations, or directives
F. Specific practices to ensure that the organization complies with all applicable laws, regulations, directives, and standards
G. A description of a specific behavior, or set of behaviors, that a person should be able to carry out in order to be considered "competent"
H. The highest-level position in the information processing function; typically sets policy for the overall operation
I. An organization-wide directive on a given issue, which applies to all employees of the organization for a significant period of time

A. Vulnerabilities
B. Risk
C. Mitigation
D. Body of knowledge
E. Security compliance officer
F. Legal and regulatory compliance
G. Competency
H. Chief information officer
I. Policy