Read section 1.3. When you are new to the information security industry, you may use the words vulnerability, threat, and risk interchangeably, though they actually have very different meanings. As you read, think about the differences between these terms and try to explain each term in the context of information security.
Threat Agent gives rise to Threat exploits Vulnerability leads to Risk can damage Assets and causes an Exposure can be counter measured by Safeguard directly effects Threat Agent.
Source: https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Information_Security_and_Risk_Management
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.