A weakness in an asset or control that a threat can exploit to cause harm.
A vulnerability is a weakness that makes an asset susceptible to a threat. It might be a missing patch, a weak configuration, an untrained employee, or a gap in a process.
Risk arises from the combination of a threat and a vulnerability. Reducing vulnerabilities, through patching, hardening, and training, is one of the most direct ways to lower risk.
KaitoSec