Difference between revisions of "Threat"
(→Notes) |
(→Australia) |
||
Line 39: | Line 39: | ||
{{definition|Amenaza: Una causa potencial de un [[Incident|incidente]] no deseado, el cual puede ocasionar daños a un sistema u organización. <ref>[http://servicios.infoleg.gob.ar/infolegInternet/anexos/215000-219999/219163/norma.htm Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)]</ref>}}<br/><br/> | {{definition|Amenaza: Una causa potencial de un [[Incident|incidente]] no deseado, el cual puede ocasionar daños a un sistema u organización. <ref>[http://servicios.infoleg.gob.ar/infolegInternet/anexos/215000-219999/219163/norma.htm Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)]</ref>}}<br/><br/> | ||
==== [[Australia]] ==== | ==== [[Australia]] ==== | ||
− | {{definition|Threat: A source of [[harm]] that is deliberate or has intent to do harm. <ref>[https://www.protectivesecurity.gov.au/resources/Pages/PSPF-Glossary-of-terms.aspx Protective Security Policy Framework - Glossary Oct 2017]</ref>}}<br/><br/> | + | {{definition|Threat: A source of [[harm]] that is deliberate or has intent to do harm. <ref>[https://www.protectivesecurity.gov.au/resources/Pages/PSPF-Glossary-of-terms.aspx Protective Security Policy Framework - Glossary Oct 2017]</ref>}}<br/> |
+ | ===== [[New South Wales]]===== | ||
+ | {{definition|Threat: A [[hazard]], usually man-made, that deliberately disrupts [[Critical Infrastructure|critical infrastructure]] service provision. <ref>[https://www.emergency.nsw.gov.au/Documents/publications/policies/NSW%20Critical%20Infrastructure%20Resilience%20Strategy%202018.pdf NSW Critical Infrastructure Resilience Strategy Partner, Prepare, Provide (2018) ]</ref>}}<br/> | ||
+ | |||
==== [[Bosnia and Herzegovina]] ==== | ==== [[Bosnia and Herzegovina]] ==== | ||
{{definition|Pretnja je potencijalni štetni fizički događaj, fenomen ili aktivnost namjernog/zlonamjernog karaktera. <ref>[http://www.msb.gov.ba/PDF/EU_SMJERNICE_ZA_PRCJENU_RIZIKA21122015.pdf RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama]</ref>}}<br/><br/> | {{definition|Pretnja je potencijalni štetni fizički događaj, fenomen ili aktivnost namjernog/zlonamjernog karaktera. <ref>[http://www.msb.gov.ba/PDF/EU_SMJERNICE_ZA_PRCJENU_RIZIKA21122015.pdf RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama]</ref>}}<br/><br/> |
Revision as of 00:36, 19 March 2019
The definitions of "Threat" and "Hazard" are very similar, so maybe the terms do not need to be distinguished. A CI-specific usage example for the above terms can be found on the "Hazard" entry.
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 European Project Definitions
- 1.3 Other International Definitions
- 1.4 National Definitions
- 1.4.1 Albania
- 1.4.2 Argentina
- 1.4.3 Australia
- 1.4.4 Bosnia and Herzegovina
- 1.4.5 Brazil
- 1.4.6 Burkina-Faso
- 1.4.7 Canada
- 1.4.8 Colombia
- 1.4.9 Czech Republic
- 1.4.10 Egypt
- 1.4.11 El Salvador
- 1.4.12 Finland
- 1.4.13 France
- 1.4.14 Germany
- 1.4.15 Guatemala
- 1.4.16 Haiti
- 1.4.17 Hong Kong
- 1.4.18 India
- 1.4.19 Japan
- 1.4.20 Kingdom of Saudi Arabia
- 1.4.21 Mexico
- 1.4.22 Morocco
- 1.4.23 Netherlands
- 1.4.24 Norway
- 1.4.25 Oman
- 1.4.26 Philippines
- 1.4.27 Poland
- 1.4.28 Portugal
- 1.4.29 Republic of Trinidad & Tobago
- 1.4.30 Singapore
- 1.4.31 Slovakia
- 1.4.32 Spain
- 1.4.33 Switzerland
- 1.4.34 Turkey
- 1.4.35 United Arab Emirates
- 1.4.36 United Kingdom (UK)
- 1.4.37 United States
- 1.4.38 Uruguay
- 1.5 Other Definitions
- 1.6 Standard Definitions
- 2 See also
- 3 Notes
Definitions
European Definitions
The European Commission's CBRN Glossary[2] defines threat as
ENISA
European Project Definitions
CIPRNet project
The CIPRNet project [4] uses the following definition:
Other International Definitions
IAEA
(1) A person or group of persons with motivation, intention and capability to commit a malicious act.
(2) A likely cause of harm to people, damage to property or harm to the environment by an individual or individuals with the motivation, intention and capability to commit a malicious act.
An entity with motivation, intention and capability to commit a malicious act.
(4) A characterization of an adversary capable of causing undesirable consequences, including the objectives, motivation and capabilities, e.g. number of potential attackers, equipment, training and attack plan.
(5) The potential cause of an unwanted incident, which may result in harm to a system or organization. [5]
ITU-T
NATO CEP / EAPC
An all hazards approach to threat includes accidents, natural hazards as well as deliberate attacks.
EU Project VITA
The semantics of that definition in the context of CI is that a threat to a CI may give rise to serious consequences to critical societal functions, including the supply chain, health, safety, security, economic or social well-being of people.
National Definitions
Albania
Argentina
Australia
New South Wales
Bosnia and Herzegovina
Brazil
Threat is the cause potential of an undesired incident which may result in harm to a system or organisation.
Burkina-Faso
Canada
Présence d’un danger et d’une voie d’exposition. [18] [19]
Threats may be natural or human-induced, either accidental or intentional.
Colombia
Amenaza informática: La aparición de una situación potencial o actual donde un agente tiene la capacidad de generar una agresión cibernética contra la población, el territorio y la organización política del Estado (Ministerio de Defensa de Colombia)
Translation: A threat generally is a circumstance or event through which harm can occur.
The harm refers to a specific value such as financial assets, knowledge, items, or health.
Czech Republic
Potential cause of an unwanted incident which may result in damage to a system or organization. [22]
Egypt
El Salvador
Es un factor de riesgo externo de un elemento o grupo de elementos expuestos, que se expresa como la probabilidad de que un evento se presente con una cierta intensidad, en un sitio especifico y en dentro de un periodo de tiempo definido.
Finland
Threat is possibly realising adverse event or development. -unofficial translation- [25]
France
A non-official translation is the following:
Germany
Der Schaden bezieht sich dabei auf einen konkreten Wert wie Vermögen, Wissen, Gegenstände oder Gesundheit. Übertragen in die Welt der Informationstechnik ist eine Bedrohung ein Umstand oder Ereignis, der oder das die Verfügbarkeit, Integrität oder Vertraulichkeit von Informationen beeinträchtigen kann, wodurch dem Besitzer bzw. Benutzer der Informationen ein Schaden entstehen kann. Beispiele für Bedrohungen sind höhere Gewalt, menschliche Fehlhandlungen, technisches Versagen oder vorsätzliche Handlungen. Trifft eine Bedrohung auf eine Schwachstelle (insbesondere technische oder organisatorische Mängel), so entsteht eine Gefährdung.
Guatemala
Haiti
Hong Kong
Threat: A potential violation of security that may cause harm to an organisation and its assets. [32]
India
Japan
(Cyber) Threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. [34]
Kingdom of Saudi Arabia
Mexico
Morocco
Netherlands
Een gebeurtenis of een proces die in potentie tot een incident kan leiden. [38]
Het hogere doel (intentie) kan zijn het verstevigen van de concurrentiepositie; politiek/landelijk gewin, maatschappelijke ontwrichting of levensbedreiging. [39]
Norway
Threat: an entity that constitutes a real or potential threat to an identifiable goal or in a limited and identifiable context. [41]
Oman
Philippines
Poland
Portugal
Republic of Trinidad & Tobago
Singapore
Slovakia
Spain
Una amenaza puede ser definida por su origen, motivación o resultado y puede ser deliberada o accidental, violenta o subrepticia, externa o interna.
Switzerland
Die Gefährdung entspricht daher einem potentiellen Ereignis oder einer potentiellen Entwicklung mit möglichen Auswirkungen für ein Schutzgut.
Turkey
Threat: The potential cause of an incident that may cause damage to an institution or system. [54]
United Arab Emirates
United Kingdom (UK)
United States
DHS
NIST
These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.
US-CERT
Uruguay
Other Definitions
Ontario (Canada)
Menace: personne, chose ou événement considéré comme une cause probable de préjudice ou de dommage. [63]
Standard Definitions
IETF
ISA-62443-*
ISO/PAS 22399:2007
ISO/IEC 27000:2014
ISO 22300:2012(en)
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ 2.0 2.1 European Commission's CBRN Glossary, 2012
- ↑ ENISA Risk Glossary
- ↑ http://www.ciprnet.eu/
- ↑ IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
- ↑ ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T X-800.
- ↑ Sécurité dans les télécommunications et les technologies de l’information: Aperçu des problèmes et présentation des Recommandations UIT-T existantes sur la sécurité dans les télécommunications, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ Seguridad de las telecomunicaciones y las tecnologías de la información: Exposición general de asuntos relacionados con la seguridad de las telecomunicaciones y la aplicación de las Recomendaciones vigentes del UIT-T, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ EU VITA deliverable.
- ↑ Dokumenti i Politikave për Sigurinë Kibernetike 2015 - 2017
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ Protective Security Policy Framework - Glossary Oct 2017
- ↑ NSW Critical Infrastructure Resilience Strategy Partner, Prepare, Provide (2018)
- ↑ RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama
- ↑ GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)
- ↑ CIRT-BF Glossary
- ↑ An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Lineamientos de política para ciberseguridad y ciberdefensa (2011)
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ Glossary of the National Telecom Authority (NTA), Egypt
- ↑ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ Glossar und Begriffsdefinitionen BSI
- ↑ Glossar BBK
- ↑ Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala
- ↑ PLAN NACIONAL DE GESTIÓN INTEGRAL DEL RIESGO POR LA TEMPORADA DE DESCENSO DE TEMPERATURA EN LA REPÚBLICA DE GUATEMALA 2015-2016, Guatemala
- ↑ [http://[www.md.gouv.ht/Livre_Blanc.pdf LIVRE BLANC SUR LA SÉCURITÉ ET LA DÉFENSE NATIONALE POUR LE DÉVELOPPEMENT ÉCONOMIQUE ET SOCIAL DURABLE D’HAÏTI, Juin 2015 ]
- ↑ Glossary for Information Security Terms/資訊保安詞彙表
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ RFC2828 (Japanese translation)
- ↑ Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
- ↑ Estragia Nacional de Ciberseguridad (November 2017)
- ↑ DIRECTIVE NATIONALE DE LA SECURITE DES SYSTEMES D'INFORMATION, Marocco 2013
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ NCSC, Cyber Security Beeld Nederland 5 (2015)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Cyber Security Strategy for Norway (2012)
- ↑ Oman CERT Glossary
- ↑ Philippine National Cyber Security Plan 2005
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ U S TAWA z dnia o krajowym systemie cyberbezpieczeństwa / Polish (draft) law on the national cybersecurity system (2018)
- ↑ Glossário Centro National de Cibersegurança Portugal
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ Singapore Standard SS 540: 2008 on Business Continuity
- ↑ BEZPEČNOSTNÁ RADA SLOVENSKEJ REPUBLIKY
- ↑ CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)
- ↑ Leitfaden Schutz kritischer Infrastrukturen 2015
- ↑ 2016-2019 UlUSAL SİBER GÜVENLİk STRATEJİSİ (Sept. 2016)
- ↑ Turkey's National Cyber Security Strategy 2016-2019 (2016)
- ↑ Abu Dhabi Safety and Security Planning Manual
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ Code of Practice Cyber Security for Ships, DSTL (2017)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- ↑ Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
- ↑ Glossary CERTuy
- ↑ 63.0 63.1 Province of Ontario’s Emergency Management Glossary of Terms
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISA-62443 series
- ↑ ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management.
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO 22300:2012(en) Societal security — Terminology