Which term refers to measures taken to protect IT assets from being susceptible to attack?

The term that refers to measures taken to protect IT assets from being susceptible to attack is risk management. This concept involves identifying, assessing, and prioritizing risks, as well as implementing strategies to mitigate or eliminate those risks to ensure that IT assets remain secure against potential threats.

Risk management encompasses various strategies, including the implementation of security measures, regular audits, and continuous monitoring to maintain the integrity and confidentiality of information systems. By proactively managing risks, organizations can effectively reduce vulnerabilities that attackers might exploit, thereby safeguarding their IT infrastructure.

Other options, such as security policy, incident response, and disaster recovery, represent different aspects of security management. A security policy defines the rules and practices that govern how an organization protects its information assets. Incident response pertains to the procedures followed when a security breach occurs, focusing on addressing and mitigating the aftermath of an attack. Disaster recovery involves strategies for restoring systems and operations after a catastrophic event, ensuring business continuity. While all these areas are interconnected and contribute to overall security, they do not specifically refer to the proactive measures aimed at reducing vulnerabilities, which is the essence of risk management.