Relation between Vulnerability, Threat and Risk
Threat – Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset.
Vulnerability – Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset.
Risk – The potential for loss, damage or destruction of an Asset's security as a result of a threat exploiting a vulnerability.
Risk is the intersection of assets, threats, and vulnerabilities.
Risk = Asset x Vulnerability x Threat x Possibility