CCNA CyberOps SECFND Objective 2.2

Compare and contrast these concepts: Risk, Threat, Vulnerability, and Exploit.

Understanding Cisco Cybersecurity Fundamentals (210-250)

Risk: the possibility that something bad will happen
Threat: any potential danger to a security asset
Vulnerability: exploitable weakness in a system or design
Exploit: software or commands that take advantage of a vulnerability

Risk is the possibility of a vulnerability being exploited. Risk also takes into account the cost of a potential threat.

Vulnerabilities are potential weaknesses, where exploits are confirmed ways to take advantage of the vulnerability. Threats are potential dangers, but the vulnerability has not yet been exploited.