A threat is any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.

A vulnerability is a weakness. It can be a weakness in the hardware, software, configuration, or users operating the system.

A risk is the possibility of a threat exploiting a vulnerability and resulting in a loss.

Risk mitigation reduces risk by reducing the chances that a threat will exploit a vulnerability or by reducing the impact of the risk.

Security controls reduce risks. For example, antivirus software is a security control that reduces the risk of malware infection.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.