Information security threats and vulnerabilities go together.
The difference between ‘threats’ and ‘vulnerabilities’ is not always immediately clear to people new to the subject. It is very important to differentiate clearly between these two attributes of a risk because the existence of the risk itself is dependent on the coexistence of a threat and a vulnerability.
The simple difference is this:
• vulnerabilities are flaws or weaknesses in an asset, whereas
• threats can accidentally trigger or intentionally exploit a vulnerability to compromise some aspect of the asset.
There are very many threats that have absolutely no relevance to many organizations. A simplistic example would be an organization ...