In GRC operations, words have specific meanings. The concept of inheritance vs reciprocity is a common "word crimes" incident.

• Threat. A person or thing likely to cause damage or danger (noun) or to indicate impending damage or danger (verb). 
• Risk. A situation where someone or something valued is exposed to danger, harm or loss (noun) or to expose someone or something valued to danger, harm or loss (verb).
• Vulnerability. A weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
• Control. The safeguards or countermeasures prescribed for an information system or an organization to protect the confidentiality, integrity, and availability of the system and its information. 
• Compensating Control. The security controls employed in lieu of the recommended control(s) that provide equivalent or comparable protection for an information system or organization.
• Procedure. A set of instructions used to describe a process or procedure that performs an explicit operation or explicit reaction to a given event. The design and implementation of a procedure must be reasonable and appropriate to address the control.
• Reasonable. Appropriate or fair level of care. This forms the basis of the legal concepts of "due diligence" and "due care" that pertain to negligence. 
• Mitigate. To make less severe or painful or to cause to become less harsh or hostile.

Understanding The Interaction Between Threats, Vulnerabilities, Risks, Controls, Incidents and more!