Definitions

Vulnerability: Any characteristic of a computer system that allows an individual to keep it from correctly operating, or that will allow unauthorized users take control of the system. A design, administrative, or implementation weakness or flaw in hardware, firmware, or software. If exploited, a vulnerability could lead to an unacceptable impact in the form of unauthorized access to information or disruption of critical processing.

Attack: 1) A discrete malicious action of debilitating intent inflicted by one entity upon another. A threat might attack a critical infrastructure to destroy or incapacitate it. 2) Intentional attempt to bypass the physical or information security measures and controls protecting an IS.