1.1

Vulnerability - weakness

Threat - potential danger

Threat Actor - an adversary with malicious intent
Exploit - when a threat actor succeeds in taking advantage of that vulnerability

Control Purpose (Must do at least 1 and assure functionality [what it does] and effectiveness [how well it works])

Reduces or eliminates a vulnerability
Reduces or eliminates the likelihood that a threat actor will be able to exploit
Reduces or eliminates the impact of an exploit

Countermeasures (implemented to address a specific threat) NOT BROAD