* The relationship can be summarized as: A threat exploits an exposed vulnerability to damage an asset, which results in a risk to the organization.
* A risk can be seen as a theoretical threat scenario. If a risk "materializes," an anticipated or potential threat has actually taken place, exploiting a vulnerability and affecting an asset, which results in actual harm or loss. 
* The relationship between assets, vulnerabilities, and threats is often called the Operations Security Triple.

[Assets](Assets.md)
[Vulnerability](../💡Drafts%20and%20Ideas/Vulnerability.md)
[Threat](../📚️%20Literature%20notes/Threat.md)
[Risks](Risks.md)

See also: [](../Attachments/Certified%20Ethical%20Hacker%20Exam%20Guide%202021.pdf)