RISK is the possibility of a threat exploiting a vulnerability resulting in a loss.
A THREAT is any circumstance or event that has the potentialto compromise confidentiality, integrity or availability.
VULNERABILITY is a weakness. It can be a weakness in the hardware, software, the configuration, or users operating the system.
RISK MITIGATION reduces risk by reducing the chances that a threat will exploit vulnerability.
CONTROLS are actions taken to reduce risks. Examples include access controls (starting with authentication), businesscontinuity plans and antivirus software.