It's common for friends to tell me how they feel frustrated when they are studying the concept of risk on the CISSP journey. The following is my two cents and I hope it helps.
Risk is the effect of uncertainty on objectives.Source: ISO 31000
Wentz’s Information Risk Model
I like these better:
They lay out the relationships between the various terms.
But the best one is from the introduction to the Common Criteria:
Thanks for sharing.
Would you pls advise the source for further study?