Difference between revisions of "Threat"
(→Turkey) |
(→Turkey) |
||
(47 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
{{definition|The [[likelihood]] of occurrence of a [[hazard]] or [[event]] with a harmful [[effect]]. In contrast to [[risk]], a threat is not related to the [[impact]] it may cause. In the context of public health, a [[threat]] is defined as a substance, condition or [[event]], which by its presence has the potential to rapidly [[harm]] an exposed population, sufficiently lead to a major [[crisis]]. <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref>}} | {{definition|The [[likelihood]] of occurrence of a [[hazard]] or [[event]] with a harmful [[effect]]. In contrast to [[risk]], a threat is not related to the [[impact]] it may cause. In the context of public health, a [[threat]] is defined as a substance, condition or [[event]], which by its presence has the potential to rapidly [[harm]] an exposed population, sufficiently lead to a major [[crisis]]. <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref>}} | ||
<br /> | <br /> | ||
+ | |||
+ | {{definition|''Cyber'' threat means any potential circumstance, [[event]] or action that could damage, disrupt or otherwise adversely impact network and information systems, the users of such systems and other persons. <ref>[https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:PE_86_2018_REV_1&from=EN law and publications EUR-Lex EUR-Lex - 2017/0225 (COD) LEX 1899 - EN]</ref>}}<br/> | ||
====[[ENISA]]==== | ====[[ENISA]]==== | ||
{{definition|Threat is any circumstance or [[event]] with the potential to adversely impact an [[asset]] through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/glossary ENISA Risk Glossary]</ref>}}<br /> | {{definition|Threat is any circumstance or [[event]] with the potential to adversely impact an [[asset]] through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/glossary ENISA Risk Glossary]</ref>}}<br /> | ||
+ | |||
=== European Project Definitions === | === European Project Definitions === | ||
==== CIPRNet project ==== | ==== CIPRNet project ==== | ||
Line 38: | Line 41: | ||
==== [[Argentina]] ==== | ==== [[Argentina]] ==== | ||
{{definition|Amenaza: Una causa potencial de un [[Incident|incidente]] no deseado, el cual puede ocasionar daños a un sistema u organización. <ref>[http://servicios.infoleg.gob.ar/infolegInternet/anexos/215000-219999/219163/norma.htm Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)]</ref>}}<br/><br/> | {{definition|Amenaza: Una causa potencial de un [[Incident|incidente]] no deseado, el cual puede ocasionar daños a un sistema u organización. <ref>[http://servicios.infoleg.gob.ar/infolegInternet/anexos/215000-219999/219163/norma.htm Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)]</ref>}}<br/><br/> | ||
+ | ==== [[Australia]] ==== | ||
+ | {{definition|Threat: A source of [[harm]] that is deliberate or has intent to do harm. <ref>[https://www.protectivesecurity.gov.au/resources/Pages/PSPF-Glossary-of-terms.aspx Protective Security Policy Framework - Glossary Oct 2017]</ref>}} | ||
+ | ===== [[New South Wales]]===== | ||
+ | {{definition|Threat: A [[hazard]], usually man-made, that deliberately disrupts [[Critical Infrastructure|critical infrastructure]] service provision. <ref>[https://www.emergency.nsw.gov.au/Documents/publications/policies/NSW%20Critical%20Infrastructure%20Resilience%20Strategy%202018.pdf NSW Critical Infrastructure Resilience Strategy Partner, Prepare, Provide (2018) ]</ref>}}<br/> | ||
+ | |||
==== [[Bosnia and Herzegovina]] ==== | ==== [[Bosnia and Herzegovina]] ==== | ||
{{definition|Pretnja je potencijalni štetni fizički događaj, fenomen ili aktivnost namjernog/zlonamjernog karaktera. <ref>[http://www.msb.gov.ba/PDF/EU_SMJERNICE_ZA_PRCJENU_RIZIKA21122015.pdf RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama]</ref>}}<br/><br/> | {{definition|Pretnja je potencijalni štetni fizički događaj, fenomen ili aktivnost namjernog/zlonamjernog karaktera. <ref>[http://www.msb.gov.ba/PDF/EU_SMJERNICE_ZA_PRCJENU_RIZIKA21122015.pdf RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama]</ref>}}<br/><br/> | ||
Line 51: | Line 59: | ||
==== [[Colombia]] ==== | ==== [[Colombia]] ==== | ||
− | {{definition|Amenaza: Violación potencial de la seguridad (Potential violation of safety) <ref>[https://www.unodc.org/res/cld/lessons-learned/col/lineamientos-de-politica-para-ciberseguridad-y-ciberdefensa_html/Lineamientos_de_politica_para_ciberseguridad_y_ciberdefensa.pdf Lineamientos de política para ciberseguridad y ciberdefensa (2011)]</ref><br/><br/>Amenaza informática: La aparición de una situación potencial o actual donde un agente tiene la capacidad de generar una agresión cibernética contra la población, el territorio y la organización política del Estado (Ministerio de Defensa de Colombia)}} | + | {{definition|Amenaza: Violación potencial de la seguridad (Potential violation of safety) <ref>[https://www.unodc.org/res/cld/lessons-learned/col/lineamientos-de-politica-para-ciberseguridad-y-ciberdefensa_html/Lineamientos_de_politica_para_ciberseguridad_y_ciberdefensa.pdf Lineamientos de política para ciberseguridad y ciberdefensa (2011)]</ref><br/><br/>Amenaza informática: La aparición de una situación potencial o actual donde un agente tiene la capacidad de generar una agresión cibernética contra la población, el territorio y la organización política del Estado (Ministerio de Defensa de Colombia)<br/><br/>Translation: A threat generally is a circumstance or event through which harm can occur. }}The harm refers to a specific value such as financial assets, knowledge, items, or health.<br/><br/> |
− | <br /><br/> | ||
====[[Czech Republic]]==== | ====[[Czech Republic]]==== | ||
− | {{definition|Potenciální příčina nechtěného incidentu, jehož výsledkem může být poškození systému nebo organizace. <ref>[http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)]</ref> <br/><br/>Potential cause of an unwanted incident which may result in damage to a system or organization. <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}} | + | {{definition|Hrozba: Potenciální příčina nechtěného incidentu, jehož výsledkem může být poškození systému nebo organizace. <ref>[http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)]</ref> <br/><br/>Threat: Potential cause of an unwanted incident which may result in damage to a system or organization. <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}} |
<br /><br/> | <br /><br/> | ||
+ | |||
====[[Egypt]] ==== | ====[[Egypt]] ==== | ||
{{definition|Threat: Capabilities, intentions, and attack methods of adversaries to exploit, or any circumstance or [[event]] with the potential to cause harm to, information or an information system. <ref name=Egypt>[http://old.tra.gov.eg/glossary/t.pdf Glossary of the National Telecom Authority (NTA), Egypt]</ref>}}<br /><br/> | {{definition|Threat: Capabilities, intentions, and attack methods of adversaries to exploit, or any circumstance or [[event]] with the potential to cause harm to, information or an information system. <ref name=Egypt>[http://old.tra.gov.eg/glossary/t.pdf Glossary of the National Telecom Authority (NTA), Egypt]</ref>}}<br /><br/> | ||
==== [[El Salvador]] ==== | ==== [[El Salvador]] ==== | ||
+ | {{definition|Amenaza: Cualquier cosa, persona, hecho o acontecimiento que constituye una posible causa de riesgo o perjuicio para alguien o algo. <ref>[https://consulta.innovacion.gob.sv/legislation/processes/13/draft_versions/31 (Draft) Ley de ciberseguridad]</ref>}}<br/> | ||
{{definition|Amenaza (Hazard): Peligro latente que representa la posible manifestación dentro de un período de tiempo y en un territorio particular de un fenómeno de origen natural, socio-natural o antropogénico, que puede producir efectos adversos en las personas, la producción, la infraestructura, los bienes y servicios y el ambiente. <ref>[http://www.marn.gob.sv/glosario-de-riesgo/ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador]</ref>}}Es un factor de riesgo externo de un elemento o grupo de elementos expuestos, que se expresa como la probabilidad de que un evento se presente con una cierta intensidad, en un sitio especifico y en dentro de un periodo de tiempo definido.<br/><br/> | {{definition|Amenaza (Hazard): Peligro latente que representa la posible manifestación dentro de un período de tiempo y en un territorio particular de un fenómeno de origen natural, socio-natural o antropogénico, que puede producir efectos adversos en las personas, la producción, la infraestructura, los bienes y servicios y el ambiente. <ref>[http://www.marn.gob.sv/glosario-de-riesgo/ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador]</ref>}}Es un factor de riesgo externo de un elemento o grupo de elementos expuestos, que se expresa como la probabilidad de que un evento se presente con una cierta intensidad, en un sitio especifico y en dentro de un periodo de tiempo definido.<br/><br/> | ||
Line 69: | Line 78: | ||
<big> | <big> | ||
A non-official translation is the following:</big> | A non-official translation is the following:</big> | ||
− | {{definition|Any physical event, phenomenon or human activities potentially harmful, that could cause death or injuries, material or immaterial [[damage]], social and economic disruption or environmental degradation. Meant for a security approach of vital activity sectors ([[CI]]-sectors), [[threat]]s will be considered as having a malicious character or as terrorist activities.}}<br /><br/> | + | {{definition|Any physical event, phenomenon or human activities potentially harmful, that could cause death or injuries, material or immaterial [[damage]], social and economic disruption or environmental degradation. Meant for a security approach of vital activity sectors ([[CI]]-sectors), [[threat]]s will be considered as having a malicious character or as terrorist activities.}}<br /> |
+ | {{definition|Menace: Cause potentielle d’un incident indésirable, qui peut nuire à un système ou à une organisation. <ref>[https://www.ssi.gouv.fr/uploads/2014/01/securite_industrielle_GT_methode_classification-principales_mesures.pdf Méthode de classification et mesures principales, ANSSI (2014)]</ref><br/><br/>Threat: Potential cause of an undesirable incident, which may harm a system or organisation. <ref>[https://www.ssi.gouv.fr/uploads/2014/01/industrial_security_WG_Classification_Method.pdf Classification Method and Key Measures, ANSSI (2014)]</ref>}}<br/><br/> | ||
+ | |||
==== [[Germany]] ==== | ==== [[Germany]] ==== | ||
{{definition|Eine Bedrohung ist ganz allgemein ein Umstand oder Ereignis, durch den oder das ein Schaden entstehen kann. <ref>[https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKataloge/Inhalt/Glossar/glossar_node.html Glossar und Begriffsdefinitionen BSI]</ref>}} Der Schaden bezieht sich dabei auf einen konkreten Wert wie Vermögen, Wissen, Gegenstände oder Gesundheit. Übertragen in die Welt der Informationstechnik ist eine Bedrohung ein Umstand oder Ereignis, der oder das die Verfügbarkeit, Integrität oder Vertraulichkeit von Informationen beeinträchtigen kann, wodurch dem Besitzer bzw. Benutzer der Informationen ein Schaden entstehen kann. Beispiele für Bedrohungen sind höhere Gewalt, menschliche Fehlhandlungen, technisches Versagen oder vorsätzliche Handlungen. Trifft eine Bedrohung auf eine Schwachstelle (insbesondere technische oder organisatorische Mängel), so entsteht eine Gefährdung.<br/> | {{definition|Eine Bedrohung ist ganz allgemein ein Umstand oder Ereignis, durch den oder das ein Schaden entstehen kann. <ref>[https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKataloge/Inhalt/Glossar/glossar_node.html Glossar und Begriffsdefinitionen BSI]</ref>}} Der Schaden bezieht sich dabei auf einen konkreten Wert wie Vermögen, Wissen, Gegenstände oder Gesundheit. Übertragen in die Welt der Informationstechnik ist eine Bedrohung ein Umstand oder Ereignis, der oder das die Verfügbarkeit, Integrität oder Vertraulichkeit von Informationen beeinträchtigen kann, wodurch dem Besitzer bzw. Benutzer der Informationen ein Schaden entstehen kann. Beispiele für Bedrohungen sind höhere Gewalt, menschliche Fehlhandlungen, technisches Versagen oder vorsätzliche Handlungen. Trifft eine Bedrohung auf eine Schwachstelle (insbesondere technische oder organisatorische Mängel), so entsteht eine Gefährdung.<br/> | ||
Line 77: | Line 88: | ||
{{definition|Amenaza: Fenómeno intencional generado por el poder de otro Estado, o por agentes no estatales, cuya característica es la integración de la capacidad y voluntad hostil que pone en peligro de vulneración particularmente grave, a los intereses y objetivos nacionales, en parte o en todo el país que cuestiona la existencia del mismo Estado. <ref>[http://stcns.gob.gt/docs/2016/Plan_Estrategico/PESN%202016-2020.pdf Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala]</ref>}}<br/> | {{definition|Amenaza: Fenómeno intencional generado por el poder de otro Estado, o por agentes no estatales, cuya característica es la integración de la capacidad y voluntad hostil que pone en peligro de vulneración particularmente grave, a los intereses y objetivos nacionales, en parte o en todo el país que cuestiona la existencia del mismo Estado. <ref>[http://stcns.gob.gt/docs/2016/Plan_Estrategico/PESN%202016-2020.pdf Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala]</ref>}}<br/> | ||
{{definition|Amenaza: Fenómeno o evento potencialmente destructor o peligroso, de origen natural o producido por la actividad humana (antrópico), que puede causar muertes, lesiones, epidemias, daños materiales, interrupción de la actividad social y económica, degradación ambiental y amenazar los medios de subsistencia de una comunidad o territorio en un determinado período de tiempo. <ref>[http://www.conred.gob.gt/www/documentos/planes/PLANNACGESTION-INTEGRAL-DEL-RIESGO-TEMPORADA-DESC-TEMPERATURA-2015-16.pdf PLAN NACIONAL DE GESTIÓN INTEGRAL DEL RIESGO POR LA TEMPORADA DE DESCENSO DE TEMPERATURA EN LA REPÚBLICA DE GUATEMALA 2015-2016, Guatemala]</ref>}}<br/><br/> | {{definition|Amenaza: Fenómeno o evento potencialmente destructor o peligroso, de origen natural o producido por la actividad humana (antrópico), que puede causar muertes, lesiones, epidemias, daños materiales, interrupción de la actividad social y económica, degradación ambiental y amenazar los medios de subsistencia de una comunidad o territorio en un determinado período de tiempo. <ref>[http://www.conred.gob.gt/www/documentos/planes/PLANNACGESTION-INTEGRAL-DEL-RIESGO-TEMPORADA-DESC-TEMPERATURA-2015-16.pdf PLAN NACIONAL DE GESTIÓN INTEGRAL DEL RIESGO POR LA TEMPORADA DE DESCENSO DE TEMPERATURA EN LA REPÚBLICA DE GUATEMALA 2015-2016, Guatemala]</ref>}}<br/><br/> | ||
+ | ====[[Haiti]]==== | ||
+ | {{definition|Menace: C’est une action réelle ou une manifestation que formule un acteur ou des acteurs, dans l’objectif de signifier à un autre ou à d’autres, la capacité ou l’intention d’occasionner un effet négatif à ses biens ou intérêts. Elle implique l’existence d’une volonté de causer un dommage aux biens ou intérêts d’autrui. <ref>[http://www.md.gouv.ht/Livre_Blanc.pdf LIVRE BLANC SUR LA SÉCURITÉ ET LA DÉFENSE NATIONALE POUR LE DÉVELOPPEMENT ÉCONOMIQUE ET SOCIAL DURABLE D’HAÏTI, Juin 2015]</ref>}}<br /><br/> | ||
+ | |||
+ | ==== [[Hong Kong]] ==== | ||
+ | {{definition|威脅 : 可能對機構及其資產有害的潛在保安因素。 <br/><br/>Threat: A potential violation of security that may cause harm to an organisation and its [[Asset|assets]]. <ref>[https://www.infosec.gov.hk/english/glossary/files/InfoSecGlossary_eng.pdf Glossary for Information Security Terms/資訊保安詞彙表] </ref>}}<br/><br/> | ||
====[[India]]==== | ====[[India]]==== | ||
Line 84: | Line 100: | ||
====[[Kingdom of Saudi Arabia]]==== | ====[[Kingdom of Saudi Arabia]]==== | ||
− | {{definition|Threat is an agent that exploits security vulnerabilities and risks. <ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}} | + | {{definition|Threat is an agent that exploits security vulnerabilities and risks. <ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}}<br/><br/> |
− | <br /><br/> | + | ==== [[Lebanon]]==== |
+ | {{definition|Threat: Any circumstance or event with the potential to adversely impact an asset through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. <ref>[http://pcm.gov.lb/Library/Files/LRF/tamim/Strategie_Liban_Cyber_EN_V20_Lg.pdf Lebanon Cyber Security Strategy v2]</ref>}}<br/> | ||
+ | |||
+ | ==== [[Mexico]] ==== | ||
+ | {{definition|Amenaza(s): Cualquier posible acto que puedacausaralgúntipodedañoalosactivosde información de las dependencias o entidades de la APF, los Poderes Legislativo y Judicial, los órganos constitucionales autónomos, las empresas productivas del Estado, los Gobiernos Estatales, Municipales y Delegacionales, así como los particulares. <ref>[https://www.gob.mx/cms/uploads/attachment/file/271884/Estrategia_Nacional_Ciberseguridad.pdf Estragia Nacional de Ciberseguridad (November 2017)]</ref>}}<br/> | ||
+ | {{definition|Amenaza: Peligro latente que representa la probable manifestación de un fenómeno físico de origen natural, socio-natural o antropogénico, que se anticipa puede producir efectos adversos en las personas, la producción, la infraestructura y los bienes y servicios. <ref>[http://www.atlasnacionalderiesgos.gob.mx/apps/IGOPP/glosario.php El Glosario Centro Nacional de prevencion de desastres (CENAPRED)]</ref>}} Es un factor de riesgo físico externo a un elemento o grupo de elementos sociales expuestos, que se expresa como la probabilidad de que un fenómeno se presente con una cierta intensidad, en un sitio especifico y dentro de un periodo de tiempo definido.<br/><br/> | ||
+ | |||
+ | ==== [[Morocco]] ==== | ||
+ | {{definition|Menace: Cause potentielle d’un incident indésirable, pouvant entraîner des dommages au sein d’un système ou d’une entité. <ref>[http://www.dgssi.gov.ma/uploads/media/DIRECTIVE_NATIONALE_DE_LA_SECURITE_DES_SYSTEMES_D_INFORMATION.pdf DIRECTIVE NATIONALE DE LA SECURITE DES SYSTEMES D'INFORMATION, Marocco 2013]</ref>}}<br/><br/> | ||
==== [[Netherlands]]==== | ==== [[Netherlands]]==== | ||
+ | {{definition|Cyber threat: Cyberdreiging is een cyberincident dat zich kan voordoen of een combinatie van gelijktijdige of opeenvolgende cyberincidenten. <ref>[https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2020/juni/29/csbn-2020/CSBN+2020.pdf Cyber Security Beeld Nederland 2020]</ref>}}<br/> | ||
{{definition|A threat is an [[event]] or a process which potentially can lead to an [[incident]].<br/><br/>Een gebeurtenis of een proces die in potentie tot een incident kan leiden. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref><br/><br/>Het hogere doel (intentie) kan zijn het verstevigen van de concurrentiepositie; politiek/landelijk gewin, maatschappelijke ontwrichting of levensbedreiging. <ref>[https://www.ncsc.nl/binaries/content/documents/ncsc-nl/actueel/cybersecuritybeeld-nederland/cybersecuritybeeld-nederland-5/1/CSBN5.pdf NCSC, Cyber Security Beeld Nederland 5 (2015)]</ref>}}<br /><br/> | {{definition|A threat is an [[event]] or a process which potentially can lead to an [[incident]].<br/><br/>Een gebeurtenis of een proces die in potentie tot een incident kan leiden. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref><br/><br/>Het hogere doel (intentie) kan zijn het verstevigen van de concurrentiepositie; politiek/landelijk gewin, maatschappelijke ontwrichting of levensbedreiging. <ref>[https://www.ncsc.nl/binaries/content/documents/ncsc-nl/actueel/cybersecuritybeeld-nederland/cybersecuritybeeld-nederland-5/1/CSBN5.pdf NCSC, Cyber Security Beeld Nederland 5 (2015)]</ref>}}<br /><br/> | ||
+ | {{definition|Dreiging (threat): Een potentiële oorzaak voor het optreden van een ongewenst incident die kan leiden tot schade aan een object, systeem of de organisatie. <ref>[https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2020/juni/29/csbn-2020/CSBN+2020.pdf Cyber Security Beeld Nederland 2020]</ref> <ref>[https://kennisopenbaarbestuur.nl/media/53867/handreiking-cybercrime.pdf Handreiking Cybercrime (2012)]</ref>}}<br/><br/> | ||
− | + | {{definition|Amenaza: Signo o indicio que anuncia un peligro. Acción o evento susceptible de producirse, transformarse en agresión contra un entorno o unos recursos y actuar en detrimento de su seguridad Fuente: Guía de Ciberseguridad para los países en desarrollo. <ref>[http://legislacion.asamblea.gob.ni/normaweb.nsf/b92aaea87dac762406257265005d21f7/bed236921a6bc847062585f30068db3e DE APROBACIÓN DE LA “ESTRATEGIA NACIONAL DE CIBERSEGURIDAD 2020-2025” (asamblea.gob.ni)]</ref>}}<br/> | |
− | {{definition| | ||
==== [[Norway]] ==== | ==== [[Norway]] ==== | ||
{{definition|Trusselaktør: entitet som utgjør en reell eller potensiell trussel mot et identifiserbart mål eller i en avgrenset og identifiserbar sammenheng. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/nasjonal_strategi_infosikkerhet.pdf Nasjonal strategi for informasjonssikkerhet (2012)]</ref><br /><br/>Threat: an entity that constitutes a real or potential threat to an identifiable goal or in a limited and identifiable context. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/cyber_security_strategy_norway.pdf Cyber Security Strategy for Norway (2012)]</ref>}}<br /><br/> | {{definition|Trusselaktør: entitet som utgjør en reell eller potensiell trussel mot et identifiserbart mål eller i en avgrenset og identifiserbar sammenheng. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/nasjonal_strategi_infosikkerhet.pdf Nasjonal strategi for informasjonssikkerhet (2012)]</ref><br /><br/>Threat: an entity that constitutes a real or potential threat to an identifiable goal or in a limited and identifiable context. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/cyber_security_strategy_norway.pdf Cyber Security Strategy for Norway (2012)]</ref>}}<br /><br/> | ||
+ | |||
====[[Oman]]==== | ====[[Oman]]==== | ||
{{definition|Threa": A potential for violation of security, which exists when there is a circumstance, capability, action, or [[event]] that could breach security and cause [[harm]]. <ref>[http://www.cert.gov.om/library_information_glossary.aspx Oman CERT Glossary]</ref>}}<br /><br/> | {{definition|Threa": A potential for violation of security, which exists when there is a circumstance, capability, action, or [[event]] that could breach security and cause [[harm]]. <ref>[http://www.cert.gov.om/library_information_glossary.aspx Oman CERT Glossary]</ref>}}<br /><br/> | ||
Line 99: | Line 125: | ||
{{definition|Cyber threats are [[Event|events]], situations and conditions that tend to reduce, degrade and destroy digital infrastructures. <ref>[https://www.itu.int/en/ITU-D/Cybersecurity/Documents/National_Strategies_Repository/Philippine_2005_National%20Cyber%20Security%20Plan%202005.pdf Philippine National Cyber Security Plan 2005]</ref>}}<br /> | {{definition|Cyber threats are [[Event|events]], situations and conditions that tend to reduce, degrade and destroy digital infrastructures. <ref>[https://www.itu.int/en/ITU-D/Cybersecurity/Documents/National_Strategies_Repository/Philippine_2005_National%20Cyber%20Security%20Plan%202005.pdf Philippine National Cyber Security Plan 2005]</ref>}}<br /> | ||
{{definition|Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/> | {{definition|Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/> | ||
− | {{definition|Threat: The potential for a threat-source to successfully exploit particular information system vulnerability. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/><br/> | + | {{definition|Threat: The potential for a threat-source to successfully exploit particular information system vulnerability. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/> |
+ | {{definition|Threat: A possible danger that might exploit a vulnerability to breach security and therefore cause possible harm. <ref>[https://digital.nhs.uk/services/data-and-cyber-security-protecting-information-and-data-in-health-and-care/cyber-and-data-security-policy-and-good-practice-in-health-and-care/cyber-and-data-security-resources/cyber-security-glossary NHS Cyber security glossary]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Poland]] ==== | ||
+ | {{definition|Zagrożenie ([[Cyber Security|cyberbezpieczeństwa]]) – potencjalną przyczynę [[Incident|incydentu]]. <ref name=Poland>[http://bip.kprm.gov.pl/download/75/30991/RM-10-64-18.pdf U S TAWA z dnia o krajowym systemie cyberbezpieczeństwa / Polish (draft) law on the national cybersecurity system (2018)]</ref>}}<br /> | ||
+ | |||
====[[Portugal]] ==== | ====[[Portugal]] ==== | ||
− | {{definition|[Definição] Ameaça: Causa potencial de incidente indesejável que pode resultar em danos para uma organização ou qualquer dos sistemas por ela utilizados. Estas ameaças podem ser acidentais ou deliberadas (com dolo) e caracterizam-se por elementos ameaçadores, alvos potenciais e métodos de ataque. <ref>[https://www.cncs.gov.pt/recursos/glossario/ Glossário Centro National de Cibersegurança Portugal]</ref>}}<br /><br/> | + | {{definition|[Definição] Ameaça: Causa potencial de incidente indesejável que pode resultar em danos para uma organização ou qualquer dos sistemas por ela utilizados. Estas ameaças podem ser acidentais ou deliberadas (com dolo) e caracterizam-se por elementos ameaçadores, alvos potenciais e métodos de ataque. <ref>[https://www.cncs.gov.pt/recursos/glossario/ Glossário Centro National de Cibersegurança Portugal]</ref>}}<br/> |
+ | {{definition|[Definição] Ameaça: Potencial causa de um incidente indesejado, que pode provocar danos a um sistema, indivíduo ou organização. <ref>[https://www.cncs.gov.pt/content/files/cncs_qnrcs_2019.pdf Quadro Nacional de Referência para a Cibersegurança]</ref>}}<br/><br/> | ||
==== [[Republic of Trinidad & Tobago]] ==== | ==== [[Republic of Trinidad & Tobago]] ==== | ||
{{definition|A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property. <ref>[http://www.odpm.gov.tt/sites/default/files/Comprehensive%20Disaster%20Management%20Policy%20Framework%20for%20Trinidad%20and%20Tobago.pdf Comprehensive Disaster Management Policy Framework for Trinidad and Tobago]</ref>}}<br /><br/> | {{definition|A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property. <ref>[http://www.odpm.gov.tt/sites/default/files/Comprehensive%20Disaster%20Management%20Policy%20Framework%20for%20Trinidad%20and%20Tobago.pdf Comprehensive Disaster Management Policy Framework for Trinidad and Tobago]</ref>}}<br /><br/> | ||
+ | ====[[Singapore]]==== | ||
+ | {{definition|A man-made or natural situation or condition that can cause disruption to an organization’s operations or services. <ref>Singapore Standard SS 540: 2008 on Business Continuity</ref>}}<br /><br/> | ||
==== [[Slovakia]] ==== | ==== [[Slovakia]] ==== | ||
{{definition|Ohrozenie: Stav systému, ktorý vzniká a trvá v dôsledku existencie a uvedomenia si potenciálneho narušenia jeho rovnovážneho stavu. Je to aktivizované riziko, ktoré pôsobí proti záujmom subjektu, a konkrétnej situácie, ktoré bezprostredne znemožňujú naplnenie jeho záujmov. <ref>[http://archiv.vlada.gov.sk/old.uv/data/files/2365.doc BEZPEČNOSTNÁ RADA SLOVENSKEJ REPUBLIKY]</ref>}}<br/><br/> | {{definition|Ohrozenie: Stav systému, ktorý vzniká a trvá v dôsledku existencie a uvedomenia si potenciálneho narušenia jeho rovnovážneho stavu. Je to aktivizované riziko, ktoré pôsobí proti záujmom subjektu, a konkrétnej situácie, ktoré bezprostredne znemožňujú naplnenie jeho záujmov. <ref>[http://archiv.vlada.gov.sk/old.uv/data/files/2365.doc BEZPEČNOSTNÁ RADA SLOVENSKEJ REPUBLIKY]</ref>}}<br/><br/> | ||
− | ====[[ | + | ==== [[South Africa]] ==== |
− | {{definition| | + | {{definition|‘‘isenzo esinobungozi’’ kungaba sisenzo esilulwaphulo-mthetho, sobugrogrisi, okanye esenzeke ngengozi, okanye ukungenziwa kwesenzo ebesimele senziwe ukuthintela ulwaphulo-mthetho, ubugrogrisi okanye ukwenzeka kwento ngengozi, okunokuthi kubangele umonakalo okanye ukulahlekelwa ziziseko ezibalulekileyo ezingundoqo okanye kubangele ukungakwazi ukunika iinkonzo ezisisiseko zoluntu, kwaye lisengaquka intlekele yendalo enokubangela ukuba sisisulu kweziseko ezibalulekileyo ezingundoqo<br/><br/>‘‘threat’’ includes any action or omission of a criminal, terrorist or accidental nature which may potentially cause damage, harm or loss to critical infrastructure or interfere with the ability or availability of critical infrastructure to deliver basic public services, and may involve any natural hazard which is likely to increase the vulnerability of critical infrastructure to such action or omission. <ref>[https://www.gov.za/sites/default/files/gcis_document/201911/4286628-11act8of2019criticalinfraprotectact.pdf Act No. 8 of 2019: Critical Infrastructure Protection Act, 2019]</ref>}}<br/><br/> |
+ | |||
+ | ==== [[Spain]] ==== | ||
+ | {{definition|Amenaza (Threat): La posibilidad de compromiso, pérdida o robo de información clasificada OTAN o de servicios y recursos que la soportan. <ref>[https://publicaciones.defensa.gob.es/media/downloadable/files/links/c/e/ce_149.pdf CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)]</ref>}}Una amenaza puede ser definida por su origen, motivación o resultado y puede ser deliberada o accidental, violenta o subrepticia, externa o interna.<br/><br/> | ||
==== [[Switzerland]]==== | ==== [[Switzerland]]==== | ||
Line 114: | Line 151: | ||
Die Gefährdung entspricht daher einem potentiellen Ereignis oder einer potentiellen Entwicklung mit möglichen Auswirkungen für ein Schutzgut.<br/><br/> | Die Gefährdung entspricht daher einem potentiellen Ereignis oder einer potentiellen Entwicklung mit möglichen Auswirkungen für ein Schutzgut.<br/><br/> | ||
− | ==== [[ | + | ==== [[Türkiye]]==== |
{{definition|Tehdit: Bir kurumun veya sistemin zarar görmesi ile sonuçlanabilecek istenmeyen bir olayın potansiyel nedenini <ref>[http://www.udhb.gov.tr/doc/siberg/2016-2019guvenlik.pdf 2016-2019 UlUSAL SİBER GÜVENLİk STRATEJİSİ (Sept. 2016)]</ref><br/><br/>Threat: The potential cause of an incident that may cause damage to an institution or system. <ref>[http://www.udhb.gov.tr/doc/siberg/UlusalSibereng.pdf Turkey's National Cyber Security Strategy 2016-2019 (2016)]</ref>}}<br/><br/> | {{definition|Tehdit: Bir kurumun veya sistemin zarar görmesi ile sonuçlanabilecek istenmeyen bir olayın potansiyel nedenini <ref>[http://www.udhb.gov.tr/doc/siberg/2016-2019guvenlik.pdf 2016-2019 UlUSAL SİBER GÜVENLİk STRATEJİSİ (Sept. 2016)]</ref><br/><br/>Threat: The potential cause of an incident that may cause damage to an institution or system. <ref>[http://www.udhb.gov.tr/doc/siberg/UlusalSibereng.pdf Turkey's National Cyber Security Strategy 2016-2019 (2016)]</ref>}}<br/><br/> | ||
Line 121: | Line 158: | ||
====[[United Kingdom|United Kingdom (UK)]]==== | ====[[United Kingdom|United Kingdom (UK)]]==== | ||
− | {{definition|Threat is the intent and capacity to cause loss of life or create adverse [[consequence]]s to human welfare (including property and the supply of [[Vital Services|essential services]] and commodities), the environment or [[security]]. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br /><br/> | + | {{definition|Threat is the intent and capacity to cause loss of life or create adverse [[consequence]]s to human welfare (including property and the supply of [[Vital Services|essential services]] and commodities), the environment or [[security]]. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}}<br/> |
+ | {{definition|Threat: A potential cause of an [[Incident|incident]] or hazardous situation that may result in harm to an [[Asset|asset]], person, system or organization. <ref>[https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/642598/cyber-security-code-of-practice-for-ships.pdf Code of Practice Cyber Security for Ships, DSTL (2017)]</ref>}}<br/> | ||
==== [[United States]] ==== | ==== [[United States]] ==== | ||
Line 128: | Line 166: | ||
=====[[NIST]]===== | =====[[NIST]]===== | ||
− | {{definition|Any circumstance or event with the potential to adversely [[impact]] organizational operations (including mission, functions, image, or reputation), organizational [[Asset|assets]], individuals, other organizations, or the Nation through an information system via unauthorized access,destruction, disclosure, modification of information, and/or denial of service. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series]</ref>}} <br /> | + | {{definition|Any circumstance or [[event]] with the potential to adversely [[impact]] organizational operations (including mission, functions, image, or reputation), organizational [[Asset|assets]], individuals, other organizations, or the Nation through an information system via unauthorized access,destruction, disclosure, modification of information, and/or denial of service. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series]</ref>}} <br /> |
{{definition|'''Advanced Persistent Threat''' (APT): An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). <ref>[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)]</ref>}} | {{definition|'''Advanced Persistent Threat''' (APT): An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). <ref>[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)]</ref>}} | ||
These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives. | These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives. | ||
<br/><br/> | <br/><br/> | ||
+ | =====[[US-CERT]]===== | ||
+ | {{definition|Threat: The combination of a [[vulnerability]], a threat actor, a motive (if the threat actor is a person or persons), and the potential to produce a harmful outcome for the organization. <ref name="USCERT">[https://www.us-cert.gov/sites/default/files/c3vp/csc-crr-method-description-and-user-guide.pdf Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)]</ref>}}<br /> | ||
==== [[Uruguay]]==== | ==== [[Uruguay]]==== | ||
{{definition|Amenaza: Causa potencial de un [[Incident|incidente]] indeseado que puede dar lugar a la perdida de la seguridad de la información. <ref>[https://www.cert.uy/inicio/sobre_seguridad/glosario/ Glossary CERTuy]</ref>}}<br/><br/> | {{definition|Amenaza: Causa potencial de un [[Incident|incidente]] indeseado que puede dar lugar a la perdida de la seguridad de la información. <ref>[https://www.cert.uy/inicio/sobre_seguridad/glosario/ Glossary CERTuy]</ref>}}<br/><br/> | ||
+ | ====[[Venezuela]]==== | ||
+ | {{definition|Amenaza: Factor externo de riesgo, representado por la potencial ocurrencia de un suceso de origen natural o generado por el ser humano, que puede manifestarse en un lugar especifico, con una intensidad y duración determinada. <ref>[http://www.intt.gob.ve/repositorio/biblioteca/educacion_y_seguridad_vial/glosario%20de%20terminos%202013.pdf GLOSARIO DE TÉRMINOS EDUCACIÓN Y SEGURIDAD VÍAL]</ref>}}<br /><br/> | ||
===Other Definitions=== | ===Other Definitions=== | ||
Line 142: | Line 184: | ||
=== Standard Definitions === | === Standard Definitions === | ||
====[[IETF]]==== | ====[[IETF]]==== | ||
− | {{definition|A potential for violation of [[security]], which exists when there is an entity, circumstance, [[capability]], action, or [[event]] that could cause [[harm]]. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br /> | + | {{definition|A potential for violation of [[security]], which exists when there is an entity, circumstance, [[capability]], action, or [[event]] that could cause [[harm]]. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br/><br/> |
+ | ==== [[ISA|ISA-62443-*]] ==== | ||
+ | {{definition|Threat: circumstance or [[event]] with the potential to adversely affect operations (including mission, functions, image or reputation), [[asset|assets]], [[Industrial Automation Control System|control systems]] or individuals via unauthorized access, destruction, disclosure, modification of data and/or [[Denial of Service|denial of service]]. <ref name='ISA999'>ISA-62443 series</ref>}}<br/><br/> | ||
+ | |||
==== [[ISO|ISO/PAS 22399:2007]] ==== | ==== [[ISO|ISO/PAS 22399:2007]] ==== | ||
{{definition|Potential cause of an unwanted [[incident]], which may result in [[harm]] to individuals, a [[system]] or organization, the environment or the community. <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=50295 ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management.]</ref>}}<br /> | {{definition|Potential cause of an unwanted [[incident]], which may result in [[harm]] to individuals, a [[system]] or organization, the environment or the community. <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=50295 ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management.]</ref>}}<br /> | ||
Line 148: | Line 193: | ||
{{definition|Potential cause of an unwanted [[incident]], which may result in [[harm]] to a [[system]] or organization. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}}<br /> | {{definition|Potential cause of an unwanted [[incident]], which may result in [[harm]] to a [[system]] or organization. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}}<br /> | ||
==== [[ISO|ISO 22300:2012(en)]] ==== | ==== [[ISO|ISO 22300:2012(en)]] ==== | ||
− | {{definition| Potential cause of an unwanted [[incident]], which can result in [[harm]] to individuals, a [[system]] or organization (2.2.9), the environment or the [[community]]. <ref>ISO 22300:2012(en) Societal security — Terminology</ref>}} | + | {{definition| Potential cause of an unwanted [[incident]], which can result in [[harm]] to individuals, a [[system]] or organization (2.2.9), the environment or the [[community]]. <ref>ISO 22300:2012(en) Societal security — Terminology</ref>}}<br/> |
==See also== | ==See also== | ||
Line 157: | Line 202: | ||
==Notes== | ==Notes== | ||
+ | |||
+ | ==References== | ||
<references /> | <references /> | ||
− | |||
− | |||
− | |||
[[Category:Threat]][[Category:Infrastructure]][[Category:Policy]][[Category:CIPRNet-Glossary]] | [[Category:Threat]][[Category:Infrastructure]][[Category:Policy]][[Category:CIPRNet-Glossary]] | ||
− | {{#set:defined by=EU|defined by=ENISA|defined by=NATO|defined by=IAEA|defined by=ITU-T|defined by=EU project|defined by=Albania|defined by=Argentina|defined by=Bosnia and Herzegovina|defined by=Brazil|defined by=Burkina-Faso|defined by=Canada|defined by=Colombia|defined by=Czech Republic|defined by=El Salvador|defined by=Egypt|defined by=Finland|defined by=France|defined by=Germany|defined by=Guatemala|defined by=India|defined by=Japan|defined by=Kingdom of Saudi Arabia|defined by=Morocco|defined by=Netherlands|defined by=Oman|defined by=Norway|defined by=Philippines|defined by=Portugal|defined by=Republic of Trinidad & Tobago|defined by=Singapore|defined by=Slovakia|defined by=Switzerland|defined by=United Arab Emirates|defined by=Turkey|defined by=United Kingdom|defined by=United States|defined by=Uruguay|defined by=ISO|defined by=NIST|defined by=IETF|defined by=EU project}} | + | {{#set:defined by=EU|defined by=ENISA|defined by=NATO|defined by=IAEA|defined by=ITU-T|defined by=EU project|defined by=Albania|defined by=Argentina|defined by=Australia|defined by=Bosnia and Herzegovina|defined by=Brazil|defined by=Burkina-Faso|defined by=Canada|defined by=Colombia|defined by=Czech Republic|defined by=El Salvador|defined by=Egypt|defined by=Finland|defined by=France|defined by=Germany|defined by=Guatemala|defined by=Haiti|defined by=Hong Kong|defined by=India|defined by=Japan|defined by=Kingdom of Saudi Arabia|defined by=Lebanon|defined by=Mexico|defined by=Morocco|defined by=Netherlands|defined by=Nicaragua|defined by=Oman|defined by=Norway|defined by=Philippines|defined by=Poland|defined by=Portugal|defined by=Republic of Trinidad & Tobago|defined by=Singapore|defined by=Slovakia|defined by=South Africa|defined by=Spain|defined by=Switzerland|defined by=United Arab Emirates|defined by=Turkey|defined by=United Kingdom|defined by=United States|defined by=Uruguay|defined by=Venezuela|defined by=ISO|defined by=NIST|defined by=IETF|defined by=ISA|defined by=EU project|defined by=US-CERT|defined by=New South Wales}} |
+ | {{#set: Showmainpage=Yes}} |
Latest revision as of 01:19, 8 April 2023
The definitions of "Threat" and "Hazard" are very similar, so maybe the terms do not need to be distinguished. A CI-specific usage example for the above terms can be found on the "Hazard" entry.
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 European Project Definitions
- 1.3 Other International Definitions
- 1.4 National Definitions
- 1.4.1 Albania
- 1.4.2 Argentina
- 1.4.3 Australia
- 1.4.4 Bosnia and Herzegovina
- 1.4.5 Brazil
- 1.4.6 Burkina-Faso
- 1.4.7 Canada
- 1.4.8 Colombia
- 1.4.9 Czech Republic
- 1.4.10 Egypt
- 1.4.11 El Salvador
- 1.4.12 Finland
- 1.4.13 France
- 1.4.14 Germany
- 1.4.15 Guatemala
- 1.4.16 Haiti
- 1.4.17 Hong Kong
- 1.4.18 India
- 1.4.19 Japan
- 1.4.20 Kingdom of Saudi Arabia
- 1.4.21 Lebanon
- 1.4.22 Mexico
- 1.4.23 Morocco
- 1.4.24 Netherlands
- 1.4.25 Norway
- 1.4.26 Oman
- 1.4.27 Philippines
- 1.4.28 Poland
- 1.4.29 Portugal
- 1.4.30 Republic of Trinidad & Tobago
- 1.4.31 Singapore
- 1.4.32 Slovakia
- 1.4.33 South Africa
- 1.4.34 Spain
- 1.4.35 Switzerland
- 1.4.36 Türkiye
- 1.4.37 United Arab Emirates
- 1.4.38 United Kingdom (UK)
- 1.4.39 United States
- 1.4.40 Uruguay
- 1.4.41 Venezuela
- 1.5 Other Definitions
- 1.6 Standard Definitions
- 2 See also
- 3 Notes
- 4 References
Definitions
European Definitions
The European Commission's CBRN Glossary[2] defines threat as
ENISA
European Project Definitions
CIPRNet project
The CIPRNet project [5] uses the following definition:
Other International Definitions
IAEA
(1) A person or group of persons with motivation, intention and capability to commit a malicious act.
(2) A likely cause of harm to people, damage to property or harm to the environment by an individual or individuals with the motivation, intention and capability to commit a malicious act.
An entity with motivation, intention and capability to commit a malicious act.
(4) A characterization of an adversary capable of causing undesirable consequences, including the objectives, motivation and capabilities, e.g. number of potential attackers, equipment, training and attack plan.
(5) The potential cause of an unwanted incident, which may result in harm to a system or organization. [6]
ITU-T
NATO CEP / EAPC
An all hazards approach to threat includes accidents, natural hazards as well as deliberate attacks.
EU Project VITA
The semantics of that definition in the context of CI is that a threat to a CI may give rise to serious consequences to critical societal functions, including the supply chain, health, safety, security, economic or social well-being of people.
National Definitions
Albania
Argentina
Australia
New South Wales
Bosnia and Herzegovina
Brazil
Threat is the cause potential of an undesired incident which may result in harm to a system or organisation.
Burkina-Faso
Canada
Présence d’un danger et d’une voie d’exposition. [19] [20]
Threats may be natural or human-induced, either accidental or intentional.
Colombia
Amenaza informática: La aparición de una situación potencial o actual donde un agente tiene la capacidad de generar una agresión cibernética contra la población, el territorio y la organización política del Estado (Ministerio de Defensa de Colombia)
Translation: A threat generally is a circumstance or event through which harm can occur.
The harm refers to a specific value such as financial assets, knowledge, items, or health.
Czech Republic
Threat: Potential cause of an unwanted incident which may result in damage to a system or organization. [23]
Egypt
El Salvador
Es un factor de riesgo externo de un elemento o grupo de elementos expuestos, que se expresa como la probabilidad de que un evento se presente con una cierta intensidad, en un sitio especifico y en dentro de un periodo de tiempo definido.
Finland
Threat is possibly realising adverse event or development. -unofficial translation- [27]
France
A non-official translation is the following:
Threat: Potential cause of an undesirable incident, which may harm a system or organisation. [30]
Germany
Der Schaden bezieht sich dabei auf einen konkreten Wert wie Vermögen, Wissen, Gegenstände oder Gesundheit. Übertragen in die Welt der Informationstechnik ist eine Bedrohung ein Umstand oder Ereignis, der oder das die Verfügbarkeit, Integrität oder Vertraulichkeit von Informationen beeinträchtigen kann, wodurch dem Besitzer bzw. Benutzer der Informationen ein Schaden entstehen kann. Beispiele für Bedrohungen sind höhere Gewalt, menschliche Fehlhandlungen, technisches Versagen oder vorsätzliche Handlungen. Trifft eine Bedrohung auf eine Schwachstelle (insbesondere technische oder organisatorische Mängel), so entsteht eine Gefährdung.
Guatemala
Haiti
Hong Kong
Threat: A potential violation of security that may cause harm to an organisation and its assets. [36]
India
Japan
(Cyber) Threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. [38]
Kingdom of Saudi Arabia
Lebanon
Mexico
Es un factor de riesgo físico externo a un elemento o grupo de elementos sociales expuestos, que se expresa como la probabilidad de que un fenómeno se presente con una cierta intensidad, en un sitio especifico y dentro de un periodo de tiempo definido.
Morocco
Netherlands
Een gebeurtenis of een proces die in potentie tot een incident kan leiden. [45]
Het hogere doel (intentie) kan zijn het verstevigen van de concurrentiepositie; politiek/landelijk gewin, maatschappelijke ontwrichting of levensbedreiging. [46]
Norway
Threat: an entity that constitutes a real or potential threat to an identifiable goal or in a limited and identifiable context. [51]
Oman
Philippines
Poland
Portugal
Republic of Trinidad & Tobago
Singapore
Slovakia
South Africa
‘‘threat’’ includes any action or omission of a criminal, terrorist or accidental nature which may potentially cause damage, harm or loss to critical infrastructure or interfere with the ability or availability of critical infrastructure to deliver basic public services, and may involve any natural hazard which is likely to increase the vulnerability of critical infrastructure to such action or omission. [63]
Spain
Una amenaza puede ser definida por su origen, motivación o resultado y puede ser deliberada o accidental, violenta o subrepticia, externa o interna.
Switzerland
Die Gefährdung entspricht daher einem potentiellen Ereignis oder einer potentiellen Entwicklung mit möglichen Auswirkungen für ein Schutzgut.
Türkiye
Threat: The potential cause of an incident that may cause damage to an institution or system. [67]
United Arab Emirates
United Kingdom (UK)
United States
DHS
NIST
These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.
US-CERT
Uruguay
Venezuela
Other Definitions
Ontario (Canada)
Menace: personne, chose ou événement considéré comme une cause probable de préjudice ou de dommage. [77]
Standard Definitions
IETF
ISA-62443-*
ISO/PAS 22399:2007
ISO/IEC 27000:2014
ISO 22300:2012(en)
See also
Notes
References
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ 2.0 2.1 European Commission's CBRN Glossary, 2012
- ↑ law and publications EUR-Lex EUR-Lex - 2017/0225 (COD) LEX 1899 - EN
- ↑ ENISA Risk Glossary
- ↑ http://www.ciprnet.eu/
- ↑ IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
- ↑ ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T X-800.
- ↑ Sécurité dans les télécommunications et les technologies de l’information: Aperçu des problèmes et présentation des Recommandations UIT-T existantes sur la sécurité dans les télécommunications, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ Seguridad de las telecomunicaciones y las tecnologías de la información: Exposición general de asuntos relacionados con la seguridad de las telecomunicaciones y la aplicación de las Recomendaciones vigentes del UIT-T, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ EU VITA deliverable.
- ↑ Dokumenti i Politikave për Sigurinë Kibernetike 2015 - 2017
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ Protective Security Policy Framework - Glossary Oct 2017
- ↑ NSW Critical Infrastructure Resilience Strategy Partner, Prepare, Provide (2018)
- ↑ RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama
- ↑ GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)
- ↑ CIRT-BF Glossary
- ↑ An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Lineamientos de política para ciberseguridad y ciberdefensa (2011)
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ Glossary of the National Telecom Authority (NTA), Egypt
- ↑ (Draft) Ley de ciberseguridad
- ↑ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ Méthode de classification et mesures principales, ANSSI (2014)
- ↑ Classification Method and Key Measures, ANSSI (2014)
- ↑ Glossar und Begriffsdefinitionen BSI
- ↑ Glossar BBK
- ↑ Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala
- ↑ PLAN NACIONAL DE GESTIÓN INTEGRAL DEL RIESGO POR LA TEMPORADA DE DESCENSO DE TEMPERATURA EN LA REPÚBLICA DE GUATEMALA 2015-2016, Guatemala
- ↑ LIVRE BLANC SUR LA SÉCURITÉ ET LA DÉFENSE NATIONALE POUR LE DÉVELOPPEMENT ÉCONOMIQUE ET SOCIAL DURABLE D’HAÏTI, Juin 2015
- ↑ Glossary for Information Security Terms/資訊保安詞彙表
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ RFC2828 (Japanese translation)
- ↑ Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
- ↑ Lebanon Cyber Security Strategy v2
- ↑ Estragia Nacional de Ciberseguridad (November 2017)
- ↑ El Glosario Centro Nacional de prevencion de desastres (CENAPRED)
- ↑ DIRECTIVE NATIONALE DE LA SECURITE DES SYSTEMES D'INFORMATION, Marocco 2013
- ↑ Cyber Security Beeld Nederland 2020
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ NCSC, Cyber Security Beeld Nederland 5 (2015)
- ↑ Cyber Security Beeld Nederland 2020
- ↑ Handreiking Cybercrime (2012)
- ↑ DE APROBACIÓN DE LA “ESTRATEGIA NACIONAL DE CIBERSEGURIDAD 2020-2025” (asamblea.gob.ni)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Cyber Security Strategy for Norway (2012)
- ↑ Oman CERT Glossary
- ↑ Philippine National Cyber Security Plan 2005
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ NHS Cyber security glossary
- ↑ U S TAWA z dnia o krajowym systemie cyberbezpieczeństwa / Polish (draft) law on the national cybersecurity system (2018)
- ↑ Glossário Centro National de Cibersegurança Portugal
- ↑ Quadro Nacional de Referência para a Cibersegurança
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ Singapore Standard SS 540: 2008 on Business Continuity
- ↑ BEZPEČNOSTNÁ RADA SLOVENSKEJ REPUBLIKY
- ↑ Act No. 8 of 2019: Critical Infrastructure Protection Act, 2019
- ↑ CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)
- ↑ Leitfaden Schutz kritischer Infrastrukturen 2015
- ↑ 2016-2019 UlUSAL SİBER GÜVENLİk STRATEJİSİ (Sept. 2016)
- ↑ Turkey's National Cyber Security Strategy 2016-2019 (2016)
- ↑ Abu Dhabi Safety and Security Planning Manual
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ Code of Practice Cyber Security for Ships, DSTL (2017)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- ↑ Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
- ↑ Glossary CERTuy
- ↑ GLOSARIO DE TÉRMINOS EDUCACIÓN Y SEGURIDAD VÍAL
- ↑ 77.0 77.1 Province of Ontario’s Emergency Management Glossary of Terms
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISA-62443 series
- ↑ ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management.
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO 22300:2012(en) Societal security — Terminology