What is a difference between a threat and a risk?

A threat is a sum of risks and a risk itself represents a specific danger toward the asset

A threat can be people property, or information, and risk is a probability by which these threats may bring harm to the business

A risk is a flaw or hole in security, and a threat is what is being used against that flaw

A risk is an intersection between threat and vulnerabilities, and a threat is what a security engineer is trying to protect against