Threats are described as anything that would negatively contribute to the Confidentiality, Integrity or Availability of an informational asset, vulnerabilities describe how the threat could be realised.
All organisations are exposed to numerous Threats and Vulnerabilities, only a few know where they are susceptible
As part of any successful cyber risk assessment, threats and vulnerabilities must be identified and assessed.
This assessment must include determining the threat actor’s capabilities, motivation, and resources. Only with this identification can effective controls be applied.