Difference between revisions of "Attack"
Jump to navigation
Jump to search
Line 26: | Line 26: | ||
=== National Definitions === | === National Definitions === | ||
==== [[Czech Republic]] ==== | ==== [[Czech Republic]] ==== | ||
− | {{definition| Útok: Pokus o zničení, vystavení hrozbě, nežádoucí změnu, vyřazení z činnosti, zcizení nebo získání neautorizovaného přístupu k aktivu nebo uskutečnění neautorizovaného použití aktiva. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref> <br/><br/> Attack is an attempt at destruction, exposure to a [[threat]], unwanted change, putting out of operation, stealing or obtaining an unauthorized access to an [[asset]] or execution of an unauthorized use of an [[asset]]. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref>}}<br/> | + | {{definition| Útok: Pokus o zničení, vystavení hrozbě, nežádoucí změnu, vyřazení z činnosti, zcizení nebo získání neautorizovaného přístupu k aktivu nebo uskutečnění neautorizovaného použití aktiva. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref> <br/><br/> Attack is an attempt at destruction, exposure to a [[threat]], unwanted change, putting out of operation, stealing or obtaining an unauthorized access to an [[asset]] or execution of an unauthorized use of an [[asset]]. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref>}}<br/><br/> |
==== [[Japan]] ==== | ==== [[Japan]] ==== | ||
− | {{definition|攻撃: インテリジェントな脅威、すなわちセキュリティサービスを回避し、システムのセキュリティポリシーを侵害する故意の試み(特に、方式あるいは技法という意味において)としてのインテリジェントな動作によってもたらされるセキュリティシステムへの攻撃. <br/><br/>(Cyber) attack is an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. <ref>http://www.ipa.go.jp/security/rfc/RFC2828EN.html RFC2828 (Japanese translation) </ref>}}<br/> | + | {{definition|攻撃: インテリジェントな脅威、すなわちセキュリティサービスを回避し、システムのセキュリティポリシーを侵害する故意の試み(特に、方式あるいは技法という意味において)としてのインテリジェントな動作によってもたらされるセキュリティシステムへの攻撃. <br/><br/>(Cyber) attack is an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. <ref>[http://www.ipa.go.jp/security/rfc/RFC2828EN.html RFC2828 (Japanese translation)]</ref>}}<br/><br/> |
− | + | ==== [[Philippines]] ==== | |
+ | {{definition|Attack - Any kind of malicious activity that attempts to collect, disrupt, deny, | ||
+ | degrade, or destroy information system resources or the information itself. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/><br/> | ||
==== [[United States]] ==== | ==== [[United States]] ==== | ||
=====[[NIST]]===== | =====[[NIST]]===== | ||
− | {{definition|An attempt top gain unauthorized access to system services, resources, or information, or an attempt to compromise system [[Integrity]]. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/FIPS 200]</ref>}}<br/> | + | {{definition|An attempt top gain unauthorized access to system services, resources, or information, or an attempt to compromise system [[Integrity]]. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/FIPS 200]</ref>}}<br/><br/> |
===Standard Definition=== | ===Standard Definition=== | ||
Line 56: | Line 58: | ||
[[Category:Threat]][[Category:Risk]] | [[Category:Threat]][[Category:Risk]] | ||
− | {{#set:defined by=ITU-T|defined by=Czech Republic|defined by=Japan|defined by=IETF|defined by=NATO|defined by=United States|defined by=NIST}} | + | {{#set:defined by=ITU-T|defined by=Czech Republic|defined by=Japan|defined by=Philippines|defined by=IETF|defined by=NATO|defined by=United States|defined by=NIST}} |
Revision as of 01:04, 9 December 2016
Contents
Definitions
European Definitions
Other International Definitions
ITU-T
(Cyber) attack are the activities undertaken to bypass or exploit deficiencies in a system's security mechanisms. [1]
By a direct attack on a system they exploit deficiencies in the underlying algorithms, principles, or properties of a security mechanism. Indirect attacks are performed
when they bypass the mechanism, or when they make the system use the mechanism incorrectly.
Attaque: Activités entreprises pour contourner ou exploiter des déficiences constatées dans les mécanismes de sécurité d'un système. [2]
Ataque: Actividades realizadas para obviar los mecanismos de seguridad de un sistema o aprovechar sus deficiencias. [3]
攻击: 为绕过一个系统的安全机制或利用其漏洞而采取的行动. [4]
NATO
NATO AAP-06
Action taken to disrupt, deny, degrade or destroy information resident in a computer and/or computer network, or the computer and/or computer network itself. [5]
CCD-CoE (Tallinn manual)
Cyber attack is a cyber operation, whether offensive of defensive, that is reasonable expected to cause injury or death to persons or damage or destruction to objects. [6]
National Definitions
Czech Republic
Útok: Pokus o zničení, vystavení hrozbě, nežádoucí změnu, vyřazení z činnosti, zcizení nebo získání neautorizovaného přístupu k aktivu nebo uskutečnění neautorizovaného použití aktiva. [7]
Attack is an attempt at destruction, exposure to a threat, unwanted change, putting out of operation, stealing or obtaining an unauthorized access to an asset or execution of an unauthorized use of an asset. [8]
Attack is an attempt at destruction, exposure to a threat, unwanted change, putting out of operation, stealing or obtaining an unauthorized access to an asset or execution of an unauthorized use of an asset. [8]
Japan
攻撃: インテリジェントな脅威、すなわちセキュリティサービスを回避し、システムのセキュリティポリシーを侵害する故意の試み(特に、方式あるいは技法という意味において)としてのインテリジェントな動作によってもたらされるセキュリティシステムへの攻撃.
(Cyber) attack is an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. [9]
(Cyber) attack is an assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. [9]
Philippines
Attack - Any kind of malicious activity that attempts to collect, disrupt, deny,degrade, or destroy information system resources or the information itself. [10]
United States
NIST
An attempt top gain unauthorized access to system services, resources, or information, or an attempt to compromise system Integrity. [11]
Standard Definition
IETF
An intentional act by which an entity attempts to evade security services and violate the security policy of a system. That is, an actual assault on system security that derives from an intelligent threat.
A method or technique used in an assault (e.g., masquerade).[12]
A method or technique used in an assault (e.g., masquerade).[12]
Discussion Topic
See also
Notes
- ↑ ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T H.235.
- ↑ Sécurité dans les télécommunications et les technologies de l’information: Aperçu des problèmes et présentation des Recommandations UIT-T existantes sur la sécurité dans les télécommunications, ITU-T, Geneva (2012) - ITU-T H.235.
- ↑ Seguridad de las telecomunicaciones y las tecnologías de la información: Exposición general de asuntos relacionados con la seguridad de las telecomunicaciones y la aplicación de las Recomendaciones vigentes del UIT-T, ITU-T, Geneva (2012) - ITU-T H.235.
- ↑ 关于电信安全的若干议题综述 及相关ITU-T建议书应用简介, ITU-T, Geneva (2012) - ITU-T H.235.
- ↑ NATO AAP-06 Edition 2014
- ↑ Tallinn Manual on the International Law Applicable to Cyber Warfare (2013)
- ↑ http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ RFC2828 (Japanese translation)
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/FIPS 200
- ↑ IETF RFC449 Internet Security Glossary 2