Today I came up with an analogy to explain the concept of an Attack Surface, Vulnerability, Threat, Threat Actor, Exploit and Risk to non-tech/cybersecurity people.
I call this explanation the “**Glass Window Analogy**” and it goes like this:
>Suppose you have a glass window in your workspace with a small crack in the corner.
* The whole surface of the glass panel exposed to the outside world is an **ATTACK SURFACE**.
* The small crack in the corner is a **VULNERABILITY** that can cause the panel to shatter.
* If you bring a small stone in this scenario, then that stone is a ‘threat’ to the window as it can **EXPLOIT** that ‘crack vulnerability’ to shatter your glass pane if it hits the panel near the crack.
* The person, who will throw that stone is the **THREAT ACTOR.**
* The **RISK** is the possibility of your or someone else’s action causing damage to your window, for example- “playing with a bouncy ball near a cracked glass panel” is a *High-Risk* implementation, while “Flying a paper aeroplane near a cracked glass window” is a *Low-Risk* job.
Of course, this is not perfect, feel free to suggest modifications or enhance this in the comments :)