Vulnerability

From CIPedia
Jump to navigation Jump to search

Contents

Definitions

European Definitions

NIS 2

‘vulnerability’ means a weakness, susceptibility or flaw of an asset, system, process or control that can be exploited by a cyber threat. [1]


COM(2006)787

A characteristic of an element of the CI’s design, implementation, or operation that renders it susceptible to disruption or destruction by a threat and includes dependencies on other types of infrastructure. [2]


ENISA

Vulnerability (ICT) is The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the computer system, network, application, or protocol involved. [3]


CLIMATE-ADAPT

Vulnerability is the degree to which a system is susceptible to, and unable to cope with, adverse effects of climate change, including climate variability and extremes. [4]

Vulnerability is a function of the character, magnitude, and rate of climate change and variation to which a system is exposed, its sensitivity, and its adaptive capacity.
There are different ways in which vulnerability can be framed; an inventory has been made by the Dutch Climate Changes Spatial Planning research programme.

European Project Definitions

CIPRNet project

The CIPRNet project [5] uses the following definition:

Vulnerability is intrinsic properties of something resulting in susceptibility to a risk source that can lead to an event with a consequence.


Other International Definitions

CARICOM

Vulnerability is defined as the characteristics and circumstances of a community, system or asset that make it susceptible to the damaging effects of a hazard. [6]


IAEA

Vulnerability is:
(1) a physical feature or operational attribute that renders an entity, asset, system, network, facility, activity or geographic area open to exploitation or susceptible to a given threat.
(2) a weakness of an asset or control that can be exploited by a threat. [7]


IPCC

The propensity or predisposition to be adversely affected. [8]


ITU-T

Any weakness that could be exploited to violate a system or the information it contains. [9]


Vulnérabilité: Toute faiblesse qui pourrait être exploitée pour violer un système ou les informations qu'il contient. [10]


Vulnerabilidad: Cualquier debilidad que podría explotarse con el fin de violar un sistema o la información que contiene. [11]


NATO CEP / EAPC

A characteristic of an element of the critical infrastructure’s design, implementation, or operation that renders it susceptible to destruction or incapacitation by a threat. [12]


UNDRR

The characteristics and circumstances of a community, system or asset that make it susceptible to the damaging effects of a hazard. [13]

There are many aspects of vulnerability, arising from various physical, social, economic, and environmental factors. Examples may include poor design and construction of buildings, inadequate protection of assets, lack of public information and awareness, limited official recognition of risks and preparedness measures, and disregard for wise environmental management.

Vulnerability varies significantly within a community and over time. This definition identifies vulnerability as a characteristic of the element of interest (community, system or asset) which is independent of its exposure. However, in common use the word is often used more broadly to include the element’s exposure.

Vulnérabilité: Les caractéristiques et les circonstances d’une communauté ou d’un système qui le rendent susceptible de subir les effets d’un danger. [14]


Уязвимость: Характеристики и условия, присущие общине, системе или имуществу, повышающие их восприимчивость к разрушительному воздействию угрозы. [15]


Vulnerabilidad: Las características y las circunstancias de una comunidad, sistema o bien que los hacen susceptibles a los efectos dañinos de una amenaza. [16]


قابلية التضرر : سمات وظروف المجتمع أو المنظومة أو الممتلكات التي تجعلها سهلة التأثر بالأخطار. [17]


Kerentanan: Karakteristik dan kondisi sebuah komunitas, sistem atau aset yang membuatnya cenderung terkena dampak merusak yang diakibatkan ancaman bahaya. [18]


Kerentanan: Keadaan dan ciri-ciri sesebuah komuniti, sistem atau aset yang menyebabkannya mudah terkena bahaya dan mengakibatkan kesan buruk. [19]


Bulnerabilidad/ Kahinaan: Mga katangian at kalagayan ng isang komunidad, sistema o pag-aari na lumilikha ditong mahina’t madaling kapitan ng mapaminsalang epekto ng isang peligro. [20]


脆弱性 - 实体、社会、经济和环境因素或过程所决定、使个人、社区、资产或系统更容 易受到危害影响的状况。 [21]


[22]آسيب پذيري
ويژگي و وضعيت هاي يك جامعه، نظام يا دارايي كه آن را مستعد آسيب ديدن از يك مخاطره مي كند.



UNDHA

Vulnerability is the degree of loss (from 0% to 100%) resulting from a potentially damaging phenomenon. [23]


Vulnerabilidad: grado de pérdida (de 0% a 100%) como resultado de un fénomeno potencialmente dañino. [23]


Vulnérabilité: degré de perte (de 0% à 100% ) résultant d'un phénomène susceptible d'engendrer des victimes et des dommages matériels. [23]



WHO

Vulnerability: the degree to which a socio-economic system is either susceptible or resilient to the impact of natural hazards and related technological and environmental disasters. [24]

The degree of vulnerability is determined by a combination of several factors including hazard awareness, the condition of human settlements and infrastructure, public policy and administration, and organized abilities in all fields of disaster management. Poverty is also one of the main causes of vulnerability in most parts of the world.

National Definitions

Argentina

Vulnerabilidad: Una debilidad de un activo o grupo de activos que puede ser aprovechada por una amenaza. [25]


Vulnerabilidad: característica intrínseca a ser afectado o de ser susceptible a sufrir un daño. [26]



Australia

Vulnerability (in reference to risk management): The degree of susceptibility and resilience of an agency to hazards. [27]


Vulnerability is the degree of susceptibility and resilience of the community and environment to hazards. [28]


Vulnerability is the degree of loss to a given element at risk or set of such elements resulting from the occurrence of a phenomenon of a given magnitude and expressed on a scale of 0 (no damage) to 1 (total loss). [28]


Vulnerability: The degree to which a system is susceptible to, or unable to cope with, adverse effects of climate change, including climate variability and extremes. [29]

Vulnerability is a function of the character, magnitude, and rate of climate variation to which a system is exposed, its sensitivity, and its adaptive capacity.

Vulnerability – The extent to which a natural system or human society is unable to cope with the negative impacts of climate change, variability and extremes. [30]

It depends on changes in climate as well as the sensitivity and adaptive capacity of the system or society.

Vulnerability: a weakness (that may be an unintended consequence of design or configuration) that can be exploited by attackers to compromise or otherwise adversely affect a computer system. [31]
New South Wales
Vulnerability: The mechanism by which critical infrastructure can be affected by threats and hazards. [32]



Belgium

Kwetsbaarheid is de zwakke schakel van een bezitting of een groep bezittingen die door een of meerdere dreigende gevaren kan worden uitgebuit (ontwikkelingsfout, verkeerde installatie). [33]



Bosnia and Herzegovina

Ugroženost: Karakteristike i okolnosti zajednice, sistema ili sredstva koje ih čine podložnim štetnim efektima opasnosti. (UNISDR, 2009). [34]

U vjerovatnosnim/kvantitativnim procjenama rizika termin ugroženost izražava dio ili procenat izloženosti koji će vjerovatno biti izgubljen zbog određene opasnosti.


Brazil

Vulnerabilidade: propriedade intrínseca de algo resultando em suscetibilidade a uma fonte de risco que pode levar a um evento com uma conseqüência. [35]

Vulnerability is the intrinsic property of something resulting in susceptibility to a source of risk that can lead to an event with a result.


Vulnerabilidade:
1. Condição intrínseca ao corpo ou sistema receptor que, em interação com a magnitude do evento ou acidente, caracteriza os efeitos adversos, medidos em termos de intensidade dos danos prováveis.
2. Relação existente entre a magnitude da ameaça, caso ela se concretize, e a intensidade do dano conseqüente.
3. Probabilidade de uma determinada comunidade ou área geográfica ser afetada por uma ameaça ou risco potencial de desastre, estabelecida a partir de estudos técnicos.
4. Corresponde ao nível de insegurança intrínseca de um cenário de desastre a um evento adverso determinado.
Vulnerabilidade é o inverso da segurança. [36]

Vulnerability:
1. Intrinsic condition to the receiving body or system which, in interaction with the magnitude of the event or accident, characterizes the adverse effects, measured in terms of the intensity of the probable damage. 2. Relation between the magnitude of the threat, case It materializes, and the intensity of the consequent damage.
3. Likelihood of a particular community or geographical area being affected by a potential threat or risk of disaster, established from technical studies.
4. It corresponds to the level of intrinsic insecurity of a disaster scenario to a particular adverse event.
Vulnerability is the inverse of security.



Burkina-Faso

Vulnérabilité ou faille: Faiblesse d’un bien ou d’un groupe de biens pouvant faire l’objet d’une menace (from: ISO/IEC 27002:2005). [37]



Cameroon (Cameroun)

Vulnérabilité: défaut de sécurité se traduisant soit intentionnellement, soit accidentellement par une violation de la politique de sécurité, dans l’architecture d’un réseau de communications électroniques, dans la conception d’un système d’information. [38]



Canada

Vulnerability is the conditions determined by physical, social, economic and environmental factors or processes, which increase the susceptibility of a community to the impact of hazards.

Condition ou ensemble de conditions résultant de facteurs ou de processus physiques, sociaux, économiques et environnementaux qui prédispose une collectivité à subir les effets néfastes des aléas. [39] [40]

It is a measure of how well prepared and equipped a community is to minimize the impact of or cope with hazards.

Cape Verde

Vulnerabilidade: Características e circunstâncias de uma comunidade, sistema ou activo que os tornam susceptíveis aos efeitos nocivos do perigo. [41]

Há muitos aspectos de vulnerabilidade, decorrentes de vários factores físicos, sociais, económicos e ambientais. Os exemplos podem incluir má concepção e construção de edifícios, protecção inadequada dos activos, falta de informação e de sensibilização do público, reduzido reconhecimento oficial de riscos e de medidas de preparação, e desrespeito pela gestão ambiental. A vulnerabilidade varia significativamente dentro de uma comunidade e ao longo do tempo. Esta definição identifica vulnerabilidade como uma característica do elemento em questão (comunidade, sistema, ou activo), que é independente da sua exposição.

Chile

Vulnerabilidad: Es el grado de pérdida de un elemento o grupo de elementos bajo riesgo resultado de la probable ocurrencia de un suceso desastroso, expresada en una escala desde 0 a 1 o pérdida total. [42]



Colombia

Vulnerabilidad: Es una debilidad, atributo o falta de control que permitiría o facilitaría la actuación de una amenaza contra información clasificada, los servicios y recursos que la soportan. [43]



Cuba

Vulnerabilidad: Debilidad de un activo o control que puede ser explotada por una o más amenazas. [44]



Czech Republic

Zranitelnost: Slabé místo aktiva nebo řízení, které může být využito hrozbou. [45]

Vulnerability is a weak spot of an asset or control which can be made use of by a threat. [46]



Dominican Republic

Vulnerabilidad: grado en que un sistema es susceptible o incapaz de hacer frente a los efectos adversos del cambio climático, incluyendo la variabilidad climática y los extremos del clima. [47]

La vulnerabilidad es una función del carácter, magnitud y tasa de variación (rapidez del cambio) climática a que está expuesto un sistema, su sensibilidad y su capacidad de adaptación.

El Salvador

Vulnerabilidad: Es cualquier debilidad en un sistema informático que puede ser utilizada por una o más amenazas de ciberseguridad y comprometer la seguridad de este. [48]


Vulnerabilidad: Factor de riesgo interno de un elemento o grupo de elementos expuestos a una amenaza, correspondiente a su predisposición intrínseca a ser afectado, de ser susceptible a sufrir un daño, y de encontrar dificultades en recuperarse posteriormente. Corresponde a la predisposición o susceptibilidad física, económica, política o social que tiene una comunidad de ser afectada o de sufrir efectos adversos en caso de que un fenómeno peligroso de origen natural o causado por el hombre se manifieste. [49]

Las diferencias de vulnerabilidad del contexto social y material expuesto ante un fenómeno peligroso determinan el carácter selectivo de la severidad de sus efectos.

Eswatini

Vulnerability: Bugs in software programs that have the potential to be exploited by malicious cyber attackers. [50]


France

Vulnérabilité: propension d’un milieu, d’un bien ou d’une personne à subir des conséquences dommageables à la suite d’un événement. Elle ne produit pas nécessairement de dommage par elle-même. [51]

Unofficial translation: propensity of an environment, a good or a person to suffer from adverse consequences as a result of an event. It does not necessarily produce damage itself.

Vulnérabilité: Mesure dans laquelle un système est sensible – ou incapable de faire face – aux effets défavorables des changements climatiques, y compris la variabilité du climat et les phénomènes extrêmes. [52]

La vulnérabilité est fonction de la nature, de l’ampleur et du rythme de la variation du climat à laquelle le système considéré est exposé, de la sensibilité de ce système et de sa capacité d’adaptation (GIEC, 2007).

Vulnérabilité: Faute, par malveillance ou maladresse, dans les spécifications, la conception, la réalisation, l’installation ou la configuration d’un système, ou dans la façon de l’utiliser. [53]

Remarques : Une vulnérabilité peut être utilisée par un code d’exploitation et conduire à une intrusion dans le système.

Vulnérabilité: erreur de conception ou failblesse dans un équipement informatique suspectible de permesttre à un attaquant de conduire une action malveillante à son encontre. [54]


Vulnérabilité: Caractéristique d’un bien support qui peut constituer une faiblesse ou une faille au regard de la sécurité des systèmes d’information. [55]

Vulnerability: Characteristic of a supporting asset that can constitute a weakness or flaw concerning information system security. [56]



Gambia

Vulnerability: A weakness of an ICT asset or control that can be exploited by one or more threats. [57]



Germany

Verwundbarkeit, Verletzlichkeit, Vulnerabilität: Das Ausmaß, zu welchem ein System anfällig ist gegenüber nachteiligen Auswirkungen des Klimawandels, einschließlich der Klimavariabilität und der Extrema oder unfähig ist, diese zu bewältigen. [58]

Die Verwundbarkeit ist abhängig von der Art, dem Ausmaß und der Geschwindigkeit der Klimaänderung sowie der Schwankung, welcher das System ausgesetzt ist, seiner Empfindlichkeit und seiner Anpassungskapazität.

The extent to which a system is susceptible to damage caused by climate change. [59]

Vulnerability depends on a variety of factors. External factors are the nature, scale and speed of climate change and their variations. Internal factors are the sensitivity and adaptive capacity of the system in question.

Vulnerabilität: Maß für die anzunehmende Schadensanfälligkeit eines Schutzgutes in Bezug auf ein bestimmtes Ereignis. [60]


Vulnerabilität ist ein Maß für die anzunehmende Schadensanfälligkeit eines Schutzgutes in Bezug auf ein bestimmtes Ereignis. [61]



Guatemala

Vulnerabilidad: Condiciones de exposición al daño vinculadas a deficiencias, debilidades o limitaciones en las capacidades y medios necesarios suficientes para enfrentar amenazas que pongan en riesgo la Seguridad de la Nación. [62]



Hong Kong

保安漏洞 : 系統的缺點或弱點,讓入侵者有機可乘加以破壞,違反保安政 策。

Vulnerability: A flaw or weakness in a system that could be exploited by intruders to violate the security policy. [63]



India

A vulnerability is a weakness that could be exploited to cause damage to the system or the assets it contains. [64]


Vulnerable, vulnerability: ேசதமைட, / தா�க"ப2 த�ைம [65]


Vulnerability: The characteristics and circumstances of a community, system or asset that make it susceptible to the damaging effects of a hazard. [66]



Ireland

(climate change) Vulnerability can be defined as the degree to which a system is susceptible to, and unable to cope with, adverse effects of climate change, including climate variability and extremes. [67]

Vulnerability is a function of the character, magnitude and rate of climate change and variation to which a system is exposed, its sensitivity and its adaptive capacity.

Israel

נקודת תורפה במערכת ממוחשבת או ברכיב שלה או בנוהל הקשור אליה אשר ניתן לנצלה כדי לחולל אירוע סייבר. [68]



Italy

La Vulnerabilità di un elemento (persone, edifici, infrastrutture, attività economiche) è la propensione a subire danneggiamenti in conseguenza delle sollecitazioni indotte da un evento di una certa intensità. [69]


Vulnerabilità: Attitudine di una determinata componente ambientale – popolazione umana, edifici, servizi, infrastrutture, ecc. – a sopportare gli effetti di un evento, in funzione dell’intensità dello stesso. [70]

La vulnerabilità esprime il grado di perdite di un dato elemento o di una serie di elementi causato da un fenomeno di una data forza. È espressa in una scala da zero a uno, dove zero indica che non ci sono stati danni, mentre uno corrisponde alla distruzione totale.

Vulnerabilita'delle infrastrutture ctitiche: predisposizione del sistema complessivo in oggetto ad essere attaccato e danneggiato in relazione anche alla capacità di mantenere una funzionalità più o meno limitata in situazioni di emergenza. Concetto legato alla interdipendenza tra infrastrutture che può indurre vulnerabilità per effetto domino. [71]


Vulnerabilità (V): Grado di perdita prodotto su un certo elemento o gruppo di elementi esposti a rischio risultante dal verificarsi di un fenomeno di una data intensità. [72]

E' espressa in scala da 0 (nessuna perdita) a 1 (perdita totale) ed è in funzione dell'intensità del fenomeno e della tipologia di elemento a rischio: V = V (I;E).

Jamaica

Vulnerability (from IPCC 2007): The degree to which a system is susceptible to, or unable to cope with, adverse effects of climate change, including climate variability and extremes. [73]

Vulnerability is a function of the character, magnitude, and rate of climate variation to which a system is exposed, its sensitivity, and its adaptive capacity.

Japan

脆弱性: システムのセキュリティポリシーを侵害するように攻略される可能性がある、システムの設計/実装/運用管理における欠陥もしくは弱点.

(Cyber) Vulnerability is a flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. [74]



(States of) Jersey

Vulnerability: the degree to which a system is susceptible to, and unable to cope with, adverse effects of climate change, including climate variability and extremes. [75]

Vulnerability is a function of the character, magnitude, and rate of climate change and variation to which a system is exposed, its sensitivity, and its adaptive capacity.

Jordan

Vulnerability is the propensity or predisposition (of a system) to be adversely affected (by climate change impacts). [76]



Kingdom of Saudi Arabia

A vulnerability is a defect or weakness in system security procedure, design, implementation, or internal control that an attacker can exploit. [77]


Vulnerability is the susceptibility of individuals or a community, services or infrastructure to damage or harm arising from an emergency or other incident. [78]


Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. (NISTIR 7298r2 Glossary of Key Information Security Terms) [79]



Kiribati

Te kai rotaki: E uakoraa ana konabwai te botannaomata ni kaaitarai korakoran aananga ni kabuanibwai ake a riki man bibitakin kanoan te bong. [80]

Vulnerability: The extent to which an ecosystem or organization can cope with the negative impacts of climate change, variability and extremes.



Kuwait

Vulnerability: Any weakness that could be exploited to violate a system or the information it contains. [81]



Lebanon

Vulnerability(ies): The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the computer system, network, application, or protocol involved. [82]


Luxembourg

Vulnérabilité: Faute, par malveillance ou maladresse, dans les spécifications, la conception, la réalisation, l’installation ou la configuration d’un système, ou dans la façon de l’utiliser. [83]


Vulnérabilité: Faille dans un actif ou dans une mesure de sécurité qui peut être exploitée par une ou plusieurs menaces. [84]



Madagascar

Vulnérabilité: Une série de circonstances prédominantes ou consecutives composes de facteurs physiques, socio-économiques, et/ou politiques, qui affectent les aptitudes à faire face aux catastrophes. [85]

Les vulnérabilités peuvent être d’ordre physique, social ou comportemental et de nature principale ou secondaire. Les strategies qui réduisent la vulnérabilité, diminuent également les risques.

Mexico

Vulnerabilidades: ​Las debilidades identificadas en la ciberseguridad dentro de las dependencias o entidades de la APF, los Poderes Legislativo y Judicial, los órganos constitucionales autónomos, las empresas productivas del Estado, los Gobiernos Estatales, Municipales y Delegacionales, así como los particulares que potencialmente permiten que una amenaza afecte los activos de TIC, a la Infraestructura Información Esencial, así como a los​ ​Activos​ ​de​ ​Información.  [86]


Vulnerabilidad: Estimación de lo que pasará cuando los efectos de un accidente (radiación térmica, onda de choque, evolución de la concentración de una sustancia, entre otros.) actúan sobre las personas, el medio, sobre edificios, equipo, entre otros. Esta estimación puede realizarse mediante una serie de datos tabulados, gráficos y por los modelos de vulnerabilidad. [87]


Vulnerabilidad: Nivel al que un sistema es susceptible, o no es capaz de soportar, los efectos adversos del cambio climático, incluida la variabilidad climática y los fenómenos extremos. [88]

La vulnerabilidad está en función del carácter, magnitud y velocidad de la variación climática al que se encuentra expuesto un sistema, su sensibilidad, y su capacidad de adaptación.

Vulnerabilidad: Factor de riesgo interno de un elemento o grupo de elementos expuestos a una amenaza. [89]

Corresponde a la predisposición o susceptibilidad física, económica, política o social que tiene una comunidad de ser afectada o de sufrir efectos adversos en caso de que se manifieste un fenómeno peligroso de origen natural, socio natural o antropogénico. Representa también las condiciones que imposibilitan o dificultan la recuperación autónoma posterior. Las diferencias de vulnerabilidad del contexto social y material expuesto ante un fenómeno peligroso determinan el carácter selectivo de la severidad de sus efectos. Sistema de condiciones y procesos resultantes de factores físicos, sociales, económicos y medioambientales que aumentan la susceptibilidad de una comunidad al impacto de los peligros.

Morocco

Vulnérabilité: Faille de sécurité dans un programme ou sur un système informatique. [90]

Vulnerability: Security flaw in a program or on a computer system.



Mozambique

Vulnerabilidade: Propriedade intrínseca de algo resultando em suscetibilidade a uma fonte de risco que pode levar a um evento com uma consequência. Conjunto de factores internos ou causa potencial de um incidente indesejado, que podem resultar em risco para um sistema ou organização, os quais podem ser evitados por uma acção interna de segurança da informação. [91]



Nepal

Vulnerability: The degree to which a system is susceptible to, or unable to cope with, adverse effects of climate change, including climate variability and extremes. [92]

Vulnerability is a function of the character, magnitude, and rate of climate variation to which a system is exposed, its sensitivity, and its adaptive capacity.

Netherlands

Kwetsbaarheid: Een kwetsbaarheid is een eigenschap die een aanvaller de mogelijkheid biedt een cyberaanval uit te voeren of een eigenschap die kan leiden tot uitval. Dit kan zich voordoen in een digitale dienst, proces of systeem, maar ook in de samenleving als geheel of in een specifieke organisatie. [93]


Een kwetsbaarheid is een eigenschap van een samenleving, organisatie of informatiesysteem (of een onderdeel daarvan) die een kwaadwillende partij de kans geeft om de legitieme toegang tot informatie of functionaliteit te verhinderen en te beïnvloeden, of om die ongeautoriseerd te benaderen. [94] [95]


Kwetsbaarheid (vulnerability): Een kwetsbaarheid is een zwakke plek in een proces, object, software of hardware dat kan worden misbruikt door één of meerdere dreigingen. [96]



Nigeria

Vulnerability is the structural weaknesses of the nation’s information systems and critical information infrastructure ranging from technical flaws, porous measures, to human negligence. [97]


Vulnerability: A weakness which allows an attacker to reduce a system's information assurance. [98]



Norway

Sårbarhet: (1) Et uttrykk for de problemer et system vil få med å fungere når det utsettes for en uønsket hendelse, og de problemer systemet får med å gjenoppta sin virksomhet etter at hendelsen har inntruffet. (2) Sårbarheten til et system er et uttrykk for de svakheter og mangler som finnes i systemet og spesielle omstendigheter som øker sannsynligheten for at trusler vil materialisere seg i en sikkerhetshendelse. [99]

Vulnerability: (1) The challenges a system will have to face to function when subjected to an adverse event, and challenges related to resuming normal system operation after the event has occurred. (2) The vulnerability of a system is an expression of its weaknesses and flaws and special circumstances that would increase the likelihood that threats will materialise into a security incident. [100]

A system’s vulnerability is reduced by increasing the system’s robustness. Examples of special circumstances can include size, complexity, that many stakeholders are involved, geographical distribution, frequent changes, and exposed location.

Sårbarhet er et utrykk for de problemer et system får med å fungere når det utsettes for en uønsket hendelse, samt de problemer systemet får med å gjenoppta sin virksomhet etter at hendelsen har inntruffet. [101]

Vulnerability is a way to express the problems a system will have in functioning when it is exposed to an adverse event, as well as the problems the system will experience in resuming operations after the event has occurred. [102]



Oman

Vulnerability is a flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. [103]



Peru

Vulnerabilidad: Grado de resistencia y/o exposición de un elemento o conjunto de elementos frente a la ocurrencia de un peligro. Puede ser: física, social, económica, cultural, institucional y otros. [104]



Philippines

Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. Is a weakness in a system, application, or network that is subject to exploitation or misuse. [105]


Vulnerability: A flaw or weaknesses that can leave it open to attack. T [106]

his could be a technical, procedural or physical vulnerability that can leave systems, devices, data, information, physical infrastructure or personnel exposed to a threat.

Poland

Podatność – właściwość systemu informacyjnego, która może być wykorzystana przez zagrożenie cyberbezpieczeństwa. [107]


Portugal

[Definição] Vulnerabilidade: (1) Insuficiência, seja de que natureza for, que possa ser explorada por uma ou mais ameaças. A vulnerabilidade pode consistir numa omissão ou estar relacionada com uma insuficiência dos controlos no que se refere ao rigor, coerência ou exaustividade destes últimos, podendo ser de natureza técnica, processual, material, organizativa ou operacional; (2) Fraqueza de um sistema informático, revelada por um exame à sua segurança (por exemplo, devido a falhas na análise, conceção, implementação ou operação), que se traduz por uma incapacidade de fazer frente às ameaças informáticas que pesam sobre ele. [108]


Vulnerabilidade: Fraqueza de um ativo ou de um controlo que pode ser explorada por uma ameaça. [109]



Republic of Trinidad & Tobago

The characteristics and circumstances of a community, system or asset that make it susceptible to the damaging effects of a hazard. [110]



Romania

Vulnerabilitate: Caracteristică a unui sistem de a suferi pierderea sau reducerea capabilităţii de a-şi îndeplini misiunea destinată, ca rezultat al supunerii sale la un anumit nivel de efect (definit), cauzat de acţiunea unui mediu (creat) artificial, ostil etc. [111]



Rwanda

Vulnerability The degree to which a system is susceptible to, and unable to cope with, adverse effects of climate change, including climate variability and extremes. [112]

Vulnerability is a function of the character, magnitude, and rate of climate change and variation to which a system is exposed, its sensitivity, and its adaptive capacity (Parry et al, 2007) (GIZ).

Saint Lucia

Vulnerability: The conditions determined by physical, social, economic, and environmental factors or processes, which increase the susceptibility of a community to the impact of hazards (from: ISDR). [113]


Vulnerability: The extent to which a community, structure, service, or geographic area is likely to be damaged or disrupted by the impact of a particular hazard. [114]



Senegal

Vulnérabilité : une faiblesse dans un système informatique permettant à un attaquant de porter atteinte à l'intégrité de ce système, c'est-à-dire à son fonctionnement normal, à la confidentialité ou à l'intégrité des données qu'il contient. [115]



Slovakia

Zraniteľnosť: Komplexná vlastnosť odrážajúca slabé miesta systému, jeho zníženú odolnosť proti možnému narušeniu jeho funkcie, poškodeniu alebo zničeniu. [116]

Vyjadruje mieru poškodenia systému v prípade vzniku nebezpečného javu.

South Africa

Vulnerability can be seen as, the ability a person or community has, to predict, cope with, or avoid and recover from, the consequences of a hazard or disaster. [117]

Marginalised, poorer and over-populated communities are more vulnerable and less able to cope with disasters.

Spain

Vulnerabilidad (Vulnerability): (OTAN) Una debilidad, atributo o falta de control que permitiría o facilitaría la actuación de una amenaza contra información clasificada OTAN o los servicios y recursos que la soportan. [118]


Vulnerabilidad: Una debilidad que puede ser aprovechada por una amenaza. [119]



Switzerland

A loophole or bug in hardware or software through which attackers can access a system. [120]

(CIIP/ICT-based definition)



Tanzania

Vulnerability: refers to social and material conditions derived from characteristics of individuals and groups that make them susceptible to harm and loss from environmental hazards and that constrain their ability to cope with the adversities of disasters. [121]



Tonga

Vulnerability: The degree of sensitivity to the impact of hazards. [122]




United Arab Emirates

Vulnerability: The susceptibility of a target to be effected by a threat. [123]



United Kingdom (UK)

(cyber) Vulnerability is bugs in software programs that have the potential to be exploited by attackers. [124]


Vulnerability is the degree to which an individual or a system is susceptible to adverse effects. In this context, the adverse effects of climate change, including extreme events. [125]

Vulnerability is influenced by the system’s sensitivity and its adaptive capacity, as well as the magnitude of the change.

Vulnerability is susceptibility of individuals or community, services or infrastructure to damage or harm arising from an emergency or other incident. [126]


Vulnerability: refers to the magnitude of harm that would result from a particular hazardous event. [127]

The concept recognises, for example, that different sub-types of a receptor may differ in their sensitivity to a particular level of hazard.

Vulnerability: A weakness (for example, systematic, procedural, physical or technical) of an asset, or group of assets, that can be exploited by one or more threats. [128]
Bermuda
Vulnerability: bugs in software programmes that have the potential to be exploited by attackers. [129]



United States

DHS
A physical feature or operational attribute that renders an entity open to exploitation or susceptible to a given hazard. [130]
NIST
A vulnerability is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [131]

The document provides several definitions.

DoD
Vulnerability:
1. The susceptibility of a nation or military force to any action by any means through which its war potential or combat effectiveness may be reduced or its will to fight diminished. (JP 3-01)
2. The characteristics of a system that cause it to suffer a definite degradation (incapability to perform the designated mission) as a result of having been subjected to a certain level of effects in an unnatural (man-made) hostile environment. (JP 3-60)
3. In information operations, a weakness in information system security design, procedures, implementation, or internal controls that could be exploited to gain unauthorized access to information or an information system (source: JP 3-13). [132]


US-CERT
Vulnerability: A characteristic of design, location, security posture, operation, or any combination thereof that renders an asset, system, network, or entity susceptible to disruption, destruction, or exploitation. [133]



Vietnam

Khả năng bị tổn thương – Vulnerability: Là mức độ mà một hệ thống (tự nhiên, xã hội, kinh tế) có thể bị tổn thương do biến đổi khí hậu hoặc không óc khả năng thích ứng với những tác động bất lợi của BDKH. [134]



Other Definitions

EM-DAT

Vulnerability is the degree of loss (from 0% to 100%) resulting from a potential damaging phenomenon. [135]



Ontario (Canada)

Vulnerability is the susceptibility of a community, system or asset to the damaging effects of a hazard. [136]

Vulnérabilité: susceptibilité d’une collectivité, d’un système ou d’un bien à subir les effets dommageables d’un danger. [136]


Scotland

Vulnerability is the degree to which a system is susceptible to, and unable to cope with, adverse effects of climate change, including climate variability and extremes. [137]

Vulnerability is a function of the character, magnitude, and rate of climate change and variation to which a system is exposed, its sensitivity, and its adaptive capacity.

Academic

Vulnerability –The degree to which an individual, group or system is susceptible to harm due to exposure to a hazard or stress, and the (in)ability to cope, recover, or fundamentally adapt (become a new system or become extinct). [138]



Standard Definition

IETF

A flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. [139]


ISO 22300:2012(en)

Intrinsic properties of something resulting in susceptibility to a risk source that can lead to an event with a consequence. [140]


ISO/IEC 27000:2014

Weakness of an asset or control that can be exploited by one or more threats. [141]


ISO/IEC 29147:2014

Weakness of software, hardware, or online service that can be exploited. [142]


Dictionary

Kwetsbaarheid: Fout in een digitaal systeem waardoor een aanvaller in het systeem kan komen. De aanvaller kan vervolgens bij informatie of toepassingen in het systeem komen, terwijl hij dat niet mag. Of de aanvaller zorgt ervoor dat de gebruiker niet meer bij deze informatie kan komen. Of de toepassing niet meer kan gebruiken. [143]



See also

Notes

References

  1. Directive 2022/2555 Measures for a high common level of security of network and information systems across the Union, repealing Directive (EU) 2016/1148
  2. EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
  3. ENISA Risk Glossary
  4. European Climate Adaptation Platform (CLIMATE-ADAPT) Glossary
  5. http://www.ciprnet.eu/
  6. Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
  7. IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
  8. IPCC
  9. ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T X-800.
  10. Sécurité dans les télécommunications et les technologies de l’information: Aperçu des problèmes et présentation des Recommandations UIT-T existantes sur la sécurité dans les télécommunications, ITU-T, Geneva (2012) - ITU-T X.800.
  11. Seguridad de las telecomunicaciones y las tecnologías de la información: Exposición general de asuntos relacionados con la seguridad de las telecomunicaciones y la aplicación de las Recomendaciones vigentes del UIT-T, ITU-T, Geneva (2012) - ITU-T X.800.
  12. NATO EAPC(SCEPC) lexicon 2003.
  13. 2009 UNISDR Terminology on Disaster Risk Reduction - English Glossary
  14. UNISDR glossary in French
  15. UNISDR glossary in Russian
  16. UNISDR glossary in Spanish
  17. UNISDR glossary in Arab
  18. UNISDR glossary in Bahasa
  19. UNISDR glossary in Malay
  20. UNISDR glossary in Tagalog
  21. UNDRR Terminology on Disaster Risk Reduction in Chinese
  22. Internationally agreed glossary of basic terms related to Disaster Management in Farsi
  23. 23.0 23.1 23.2 Internationally agreed glossary of basic terms related to Disaster Management
  24. WHO: Glossary of Humanitarian Terms
  25. Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
  26. Glosario Comites Emergencia Argentina
  27. Protective Security Policy Framework - Glossary Oct 2017
  28. 28.0 28.1 Australian Emergency Management Glossary, Emergency Management Australia (1998)
  29. Health impacts of climate change: Adaptation strategies for western Australia (2008)
  30. ADAPTATION TO CLIMATE CHANGE: KEY TERMS, E. Levina and D. Terpak, OECD (2006) - derived from (Australian Greenhouse Office. 2003)
  31. on-line glossary Stay Safe On-line
  32. NSW Critical Infrastructure Resilience Strategy Partner, Prepare, Provide (2018)
  33. [https://www.gegevensbeschermingsautoriteit.be/sites/privacycommission/files/documents/nota_beveiliging_van_persoonsgegevens.pdf Gegevensbeschermingsautoriteit]
  34. RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama
  35. GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ ABNT NBR ISO 31000:2009: Gestão de riscos - Princípios e diretrizes. Rio de Janeiro (2009)
  36. GLOSSÁRIO DE DEFESA CIVIL ESTUDOS DE RISCOS E MEDICINA DE DESASTRES, Ministério da Integração Nacional, Brazil
  37. CIRT-BF Glossary
  38. LOI N°2010/012 DU 21 DECEMBRE 2010 RELATIVE A LA CYBERSECURITE ET LA CYBERCRIMINALITE AU CAMEROUN
  39. An Emergency Management Framework for Canada (Second Edition)
  40. Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
  41. Avaliação das Necessidades Pós- Desastre (PDNA) ERUPÇÃO VULCÂNICA NO FOGO 2014-2015, Cape Verde
  42. GUÍA ANÁLISIS DE RIESGOS NATURALES PARA EL ORDENAMIENTO TERRITORIAL Subsecretaría de Desarrollo Regional y Administrativo (SUBDERE) Primera Edición, Junio 2011
  43. Conpes 3854 POLÍTICA NACIONAL DE SEGURIDAD DIGITAL (2016)
  44. Glossary of Cyber terms/Glosario de términos, Centro de Seguridad del Ciberespacio
  45. Výkladový slovník kybernetické bezpečnosti (2013)
  46. Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
  47. NATIONAL COUNCIL FOR CLIMATE CHANGE AND THE CLEAN DEVELOPMENT MECHANISM -CNCCMDL, Dominican Republic
  48. (Draft) Ley de ciberseguridad
  49. Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador
  50. ESWATINI NATIONAL CYBERSECURITY STRATEGY 2020 - 2025 (2020)
  51. INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
  52. Changement climatique: glossaire des définitions
  53. ANSSI Glossaire
  54. Revue stratégique de cyberdéfense 12 février 2018
  55. Méthode de classification et mesures principales, ANSSI (2014)
  56. Classification Method and Key Measures, ANSSI (2014)
  57. THE GAMBIA NATIONAL CYBERSECURITY STRATEGY (2019)
  58. Deutsche Anpassungsstrategie an den Klimawandel, Bundeskabinett, 17. Dezember 2008
  59. Combating Climate Change: The German Adaptation Strategy
  60. Methode für die Risikoanalyse im Bevölkerungsschutz
  61. Glossar, Das Bundesamt für Bevölkerungsschutz und Katastrophenhilfe (BBK)
  62. Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala
  63. Glossary for Information Security Terms/資訊保安詞彙表
  64. India's DGQA Cyber Security Policy (2015)
  65. Glossary of Meteorological Terms in Tamil
  66. National Disaster Management Plan (NDMP)- (2016)
  67. Building Resilience to Climate Change, Department of the Environment,Community and Local Government (2012)
  68. CERT.IL Glossary
  69. Dipartimento della Protezione Civile Glossario
  70. Dipartimento della Protezione Civile Glossario
  71. PROTEZIONE DELLE INFRASTRUTTURE CRITICHE INFORMATIZZATE La realtà Italiana (2004)
  72. GLOSSARIO DI PROTEZIONE CIVILE Regione Sicilia
  73. Climate Change Policy Framework for Jamaica (2015)
  74. RFC2828 (Japanese translation)
  75. States of Jersey Future-proofing Jersey: Building Resilience for the 21st Century (2015)
  76. The National Climate Change Policy of the Hashemite Kingdom of Jordan 2013-2020
  77. Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
  78. Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
  79. Cyber Security Framework Saudi Arabian Monetary Authority Version 1.0 May 2017
  80. Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008
  81. Glossary Communication and Information Technology Regulatory
  82. Lebanon Cyber Security Strategy v2
  83. From French Glossary
  84. Glossaire
  85. Stratégie Nationale de Gestion des Risques et des Catastrophes – Madagascar (2014)
  86. Estragia Nacional de Ciberseguridad (November 2017)
  87. GUÍA PARA LA PRESENTACIÓN DEL ESTUDIO DE RIESGO MODALIDAD ANALISIS DE RIESGO, Mexico
  88. Glosario IPCC, Mexico
  89. El Glosario Centro Nacional de prevencion de desastres (CENAPRED)
  90. STRATEGIE NATIONALE EN MATIERE DE CYBERSECURITE, Morocco, 2011
  91. Estratégia Nacional de Segurança Cibernética de Moçambique (2021-2024)
  92. Climate Change and Community Based Adaptation Planning Training Manual, Government of Nepal (2015)
  93. Cyber Security Beeld Nederland 2020
  94. Cyber Security Beeld Nederland 2018
  95. Cybersecuritybeeld Nederland 2016 NCSC, Cyber Security Beeld Nederland 5 (2015)
  96. Handreiking Cybercrime (2012)
  97. National Cyber Security Strategy Nigeria (2014)
  98. DRAFT ACTION PLAN FOR IMPLEMENTATION OF THE NATIONAL CYBERSECURITY STRATEGY 2019
  99. Nasjonal strategi for informasjonssikkerhet (2012)
  100. Cyber Security Strategy for Norway (2012)
  101. DSB, National Risikobild 2014
  102. DSB, National Risk Analysis 2014
  103. Oman CERT Glossary
  104. Glosario de Términos para la Formulación de Proyectos Ambientales, Peru, 2012 / Fuente: Guía de ERA – MINAM
  105. DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
  106. NHS Cyber security glossary
  107. U S TAWA z dnia o krajowym systemie cyberbezpieczeństwa / Polish (draft) law on the national cybersecurity system (2018)
  108. Glossário Centro National de Cibersegurança Portugal
  109. Quadro Nacional de Referência para a Cibersegurança
  110. Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
  111. GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
  112. BASELINE CLIMATE CHANGE VULNERABILITY INDEX FOR RWANDA 2015
  113. Disaster Risk Reduction Country Profile for Saint Lucia: August 2012
  114. Government of Saint Lucia Disaster Management Policy Framework for Saint Lucia, 2004
  115. STRATÉGIE NATIONALE DE CYBERSÉCURITÉ DU SÉNÉGAL (SNC2022)
  116. BEZPEČNOSTNÁ RADA SLOVENSKEJ REPUBLIKY
  117. Disaster Management Definitions Western Cape Government
  118. CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)
  119. CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)
  120. Melani Glossary (n.d.)
  121. United Republic of Tanzania Guidelines for Management of Environmental Emergencies 2014
  122. Tonga climate change ministry glossary
  123. Abu Dhabi Safety and Security Planning Manual
  124. National Cyber Security Strategy 2016, HM Government
  125. Cabinet Office, Lexicon of UK Civil Protection Terminology, Version 2.1.1, February 2013
  126. UK Civil Protection Lexicon 2013
  127. ADAPTATION TO CLIMATE CHANGE: KEY TERMS, E. Levina and D. Terpak, OECD (2006) - derived from (UKCIP, 2003).
  128. Code of Practice Cyber Security for Ships, DSTL (2017)
  129. National Cyber Security Strategy 2018-2022
  130. DHS Risk Lexicon 2010 Edition, September 2010
  131. NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
  132. Joint Publication 1-02: Department of Defense Dictionary of Military and Associated Terms (2016)
  133. Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
  134. Văn phòng thuộc Ban chỉ đạo Ứng phó biến đổi khí hậu và nước biển dâng thành phố Đà Nẵng/Các khái niệm, thuật ngữ về biến đổi khí hậu
  135. EM-DAT disaster database glossary
  136. 136.0 136.1 Province of Ontario’s Emergency Management Glossary of Terms
  137. Preparing for a Changing Climate: Second Consultation to Inform Scotland's Climate Change Adaptation Framework
  138. ADAPTATION TO CLIMATE CHANGE: KEY TERMS, E. Levina and D. Terpak, OECD (2006) - derived from (Tompkins, E., 2005)
  139. IETF RFC449 Internet Security Glossary 2
  140. ISO 22300:2012(en) Societal security — Terminology
  141. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  142. ISO/IEC 29147:2014, Information technology -- Security techniques -- Vulnerability disclosure
  143. Cybersecurity Woordenboek 2021

|