An asset is any data, device or other component of an organisation’s systems that is valuable.

A vulnerability is a weakness that exposes an asset to possible compromise. Weaknesses can be organizational, logical, physical, or human.

A threat is any incident, be it intentional or accidental, that could negatively affect the confidentiality, integrity or availability of an asset.

A risk occurs when there's a chance of an asset being compromised, through the exposure of a vulnerability to a threat.

Adapted from source: [Vigilant Software](https://www.vigilantsoftware.co.uk/blog/risk-terminology-understanding-assets-threats-and-vulnerabilities), retrieved December 8, 2021.

[Assets](../Sparks/Assets.md)
[Vulnerability](../Drafts%20and%20Ideas/Vulnerability.md)
[Threat](Threat.md)
[Risks](../Sparks/Risks.md)