Vulnerability Management 101: What's a Risk?

As financial organizations delve into the increasingly-regulated world of information security, they often confront many terms that seem indistinguishable. What is the difference between a risk, a threat, a vulnerability and an exploit? Which product or solution can be employed to address my institution's information security and compliance needs?

This paper provides some clarity on the first question - namely what kinds of risks should a financial institution be concerned with. In the process, it should help to offer an answer to the second question, one of aligning concerns with solutions.