A vulnerability is the absence of a safeguard (in other words, it is a weakness) that can be exploited.
A threat is the possibility that someone or something would exploit a vulnerability, intentionally or accidentally, and cause harm to an asset.
A risk is the probability of a threat agent exploiting a vulnerability and the loss potential from that action.
Reducing vulnerabilities and/or threats reduces risk.
An exposure is an instance of being exposed to losses from a threat.
A countermeasure, also called a safeguard, mitigates the risk.
A countermeasure can be an application, software configuration, hardware, or procedure.
If someone is practicing due care, they are acting responsibly and will have a lower probability of being found negligent ...