What's the difference between a threat, vulnerability and a risk?

This is what i used to say to remember the difference between them:

"Close that door to avoid bees and if those bees got in, we are in the risk of being exposed to stings"

 

Vulnerability: Opened door

Threat: Bees

Risk: Stings

Hello, A vulnerability is a software, hardware, procedural, or human weakness that may provide an attacker the open door he is looking for to enter a computer or network and have unauthorized access to resources within the environment.
A vulnerability characterizes the absence or weakness of a safeguard that could be exploited.
This vulnerability may be a service running on a server, unpatched applications or operating system software, unrestricted modem dial-in access, an open port on a firewall, lax physical security that allows anyone to enter a server room, or unenforced password management on servers and workstations.
A threat is any potential danger to information or systems.
The threat is that someone, or something, will identify a specific vulnerability and use it against the company or individual.
The entity that takes advantage of a vulnerability is referred to as a threat agent.
A threat agent could be an intruder accessing the network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity.
A risk is the likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact.
If a firewall has several ports open, there is a higher likelihood that an intruder will use one to access the network in an unauthorized method.
If users are not educated on processes and procedures, there is a higher likelihood that an employee will make an intentional or unintentional mistake that may destroy data.
If an intrusion detection system (IDS) is not implemented on a network, there is a higher likelihood an attack will go unnoticed until it is too late.
Risk ties the vulnerability, threat, and likelihood of exploitation to the resulting business impact.

Threat: A threat is what we’re trying to protect against A vulnerability is a weakness or gap in our protection efforts.
Asset + Threat + Vulnerability = Risk.

Threat: Any harm or damage caused to the target by attacker (Internal/ External).
For example :( Virus, worm, spyware and malware) Vulnerability: A weakness that makes a threat possible.
Risk: When the harm/ damage occurs and caused loss because of Vulnerability that makes Threat possible.