In computer security a threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.
A threat can be either "intentional" (i.e. hacking: an individual cracker or a criminal organization) or "accidental" (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
A more comprehensive definition, tied to an Information assurance point of view, can be found in "Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems" by NIST of United States of America
National Information Assurance Glossary defines threat as:
ENISA gives a similar definition:
The Open Group defines threat in as:
Factor analysis of information risk defines threat as:
National Information Assurance Training and Education Center gives a more articulated definition of threat:
The term "threat" relates to some other basic security terms as shown in the following diagram:
A resource (both physical or logical) can have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromise the confidentiality, integrity or availability properties of resources (potentially different than the vulnerable one) of the organization and others involved parties (customers, suppliers).
The so-called CIA triad is the basis of information security.