Differentiation should include
- defining asset as it relates to a secure environment (e.g., servers, data, sensitive information)
- explaining the types of threats (e.g., cyber, terrorism, pandemics, extreme weather, accidents, technical failures)
- defining vulnerability
- explaining
- how a vulnerability can result in a threat
- how eliminating vulnerabilities can eliminate a threat
- what exploits are
- how to calculate risk.