Vulnerability
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 European Project Definitions
- 1.3 Other International Definitions
- 1.4 National Definitions
- 1.4.1 Argentina
- 1.4.2 Australia
- 1.4.3 Bosnia and Herzegovina
- 1.4.4 Brazil
- 1.4.5 Burkina-Faso
- 1.4.6 Cameroon (Cameroun)
- 1.4.7 Canada
- 1.4.8 Cape Verde
- 1.4.9 Czech Republic
- 1.4.10 France
- 1.4.11 Germany
- 1.4.12 Guatemala
- 1.4.13 India
- 1.4.14 Italy
- 1.4.15 Japan
- 1.4.16 Kingdom of Saudi Arabia
- 1.4.17 Luxembourg
- 1.4.18 Madagascar
- 1.4.19 Mexico
- 1.4.20 Morocco
- 1.4.21 Netherlands
- 1.4.22 Nigeria
- 1.4.23 Norway
- 1.4.24 Oman
- 1.4.25 Peru
- 1.4.26 Philippines
- 1.4.27 Portugal
- 1.4.28 Republic of Trinidad & Tobago
- 1.4.29 Romania
- 1.4.30 Slovakia
- 1.4.31 Switzerland
- 1.4.32 United Kingdom (UK)
- 1.4.33 United States
- 1.5 Other Definitions
- 1.6 Standard Definition
- 2 See also
- 3 Notes
Definitions
European Definitions
COM(2006)787
ENISA
CLIMATE-ADAPT
Vulnerability is a function of the character, magnitude, and rate of climate change and variation to which a system is exposed, its sensitivity, and its adaptive capacity.
There are different ways in which vulnerability can be framed; an inventory has been made by the Dutch Climate Changes Spatial Planning research programme.
European Project Definitions
CIPRNet project
The CIPRNet project [4] uses the following definition:
Other International Definitions
CARICOM
IAEA
(1) a physical feature or operational attribute that renders an entity, asset, system, network, facility, activity or geographic area open to exploitation or susceptible to a given threat.
(2) a weakness of an asset or control that can be exploited by a threat. [6]
IPCC
ITU-T
NATO CEP / EAPC
UNISDR
There are many aspects of vulnerability, arising from various physical, social, economic, and environmental factors. Examples may include poor design and construction of buildings, inadequate protection of assets, lack of public information and awareness, limited official recognition of risks and preparedness measures, and disregard for wise environmental management.
Vulnerability varies significantly within a community and over time. This definition identifies vulnerability as a characteristic of the element of interest (community, system or asset) which is independent of its exposure. However, in common use the word is often used more broadly to include the element’s exposure.
National Definitions
Argentina
Australia
Bosnia and Herzegovina
U vjerovatnosnim/kvantitativnim procjenama rizika termin ugroženost izražava dio ili procenat izloženosti koji će vjerovatno biti izgubljen zbog određene opasnosti.
Brazil
Vulnerability is the intrinsic property of something resulting in susceptibility to a source of risk that can lead to an event with a result.
Burkina-Faso
Cameroon (Cameroun)
Canada
Condition ou ensemble de conditions résultant de facteurs ou de processus physiques, sociaux, économiques et environnementaux qui prédispose une collectivité à subir les effets néfastes des aléas. [26] [27]
It is a measure of how well prepared and equipped a community is to minimize the impact of or cope with hazards.
Cape Verde
Há muitos aspectos de vulnerabilidade, decorrentes de vários factores físicos, sociais, económicos e ambientais. Os exemplos podem incluir má concepção e construção de edifícios, protecção inadequada dos activos, falta de informação e de sensibilização do público, reduzido reconhecimento oficial de riscos e de medidas de preparação, e desrespeito pela gestão ambiental. A vulnerabilidade varia significativamente dentro de uma comunidade e ao longo do tempo. Esta definição identifica vulnerabilidade como uma característica do elemento em questão (comunidade, sistema, ou activo), que é independente da sua exposição.
Czech Republic
Vulnerability is a weak spot of an asset or control which can be made use of by a threat. [30]
France
Unofficial translation: propensity of an environment, a good or a person to suffer from adverse consequences as a result of an event. It does not necessarily produce damage itself.
La vulnérabilité est fonction de la nature, de l’ampleur et du rythme de la variation du climat à laquelle le système considéré est exposé, de la sensibilité de ce système et de sa capacité d’adaptation (GIEC, 2007).
Remarques : Une vulnérabilité peut être utilisée par un code d’exploitation et conduire à une intrusion dans le système.
Germany
Vulnerability depends on a variety of factors. External factors are the nature, scale and speed of climate change and their variations. Internal factors are the sensitivity and adaptive capacity of the system in question.
Guatemala
India
Italy
La vulnerabilità esprime il grado di perdite di un dato elemento o di una serie di elementi causato da un fenomeno di una data forza. È espressa in una scala da zero a uno, dove zero indica che non ci sono stati danni, mentre uno corrisponde alla distruzione totale.
Japan
(Cyber) Vulnerability is a flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. [40]
Kingdom of Saudi Arabia
Luxembourg
Madagascar
Vulnérabilité: Une série de circonstances prédominantes ou consecutives composées de facteurs physiques, socio-économiques, et/oupolitiques, qui affectent les aptitudes à faire face aux catastrophes. [44]
Les vulnérabilités peuvent être d’ordre physique, social ou comportemental et de nature principale ou secondaire. Les strategies qui réduisent la vulnérabilité, diminuent également les risques.
Mexico
Morocco
Vulnerability: Security flaw in a program or on a computer system.
Netherlands
Nigeria
Norway
Vulnerability: (1) The challenges a system will have to face to function when subjected to an adverse event, and challenges related to resuming normal system operation after the event has occurred. (2) The vulnerability of a system is an expression of its weaknesses and flaws and special circumstances that would increase the likelihood that threats will materialise into a security incident. [50]
A system’s vulnerability is reduced by increasing the system’s robustness. Examples of special circumstances can include size, complexity, that many stakeholders are involved, geographical distribution, frequent changes, and exposed location.
Vulnerability is a way to express the problems a system will have in functioning when it is exposed to an adverse event, as well as the problems the system will experience in resuming operations after the event has occurred. [52]
Oman
Peru
Philippines
Portugal
Republic of Trinidad & Tobago
Romania
Slovakia
Vyjadruje mieru poškodenia systému v prípade vzniku nebezpečného javu.
Switzerland
(CIIP/ICT-based definition)
United Kingdom (UK)
Vulnerability is influenced by the system’s sensitivity and its adaptive capacity, as well as the magnitude of the change.
United States
DHS
NIST
The document provides several definitions.
DoD
1. The susceptibility of a nation or military force to any action by any means through which its war potential or combat effectiveness may be reduced or its will to fight diminished. (JP 3-01)
2. The characteristics of a system that cause it to suffer a definite degradation (incapability to perform the designated mission) as a result of having been subjected to a certain level of effects in an unnatural (man-made) hostile environment. (JP 3-60)
3. In information operations, a weakness in information system security design, procedures, implementation, or internal controls that could be exploited to gain unauthorized access to information or an information system (source: JP 3-13). [66]
Other Definitions
EM-DAT
Ontario (Canada)
Vulnérabilité: susceptibilité d’une collectivité, d’un système ou d’un bien à subir les effets dommageables d’un danger. [68]
Scotland
Vulnerability is a function of the character, magnitude, and rate of climate change and variation to which a system is exposed, its sensitivity, and its adaptive capacity.
Standard Definition
IETF
ISO 22300:2012(en)
ISO/IEC 27000:2014
ISO/IEC 29147:2014
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ ENISA Risk Glossary
- ↑ European Climate Adaptation Platform (CLIMATE-ADAPT) Glossary
- ↑ http://www.ciprnet.eu/
- ↑ Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
- ↑ IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
- ↑ IPCC
- ↑ ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T X-800.
- ↑ Sécurité dans les télécommunications et les technologies de l’information: Aperçu des problèmes et présentation des Recommandations UIT-T existantes sur la sécurité dans les télécommunications, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ Seguridad de las telecomunicaciones y las tecnologías de la información: Exposición general de asuntos relacionados con la seguridad de las telecomunicaciones y la aplicación de las Recomendaciones vigentes del UIT-T, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary in Bahasa
- ↑ UNISDR glossary in Malay
- ↑ UNISDR glossary in Tagalog
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ 21.0 21.1 Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama
- ↑ GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ ABNT NBR ISO 31000:2009: Gestão de riscos - Princípios e diretrizes. Rio de Janeiro (2009)
- ↑ CIRT-BF Glossary
- ↑ LOI N°2010/012 DU 21 DECEMBRE 2010 RELATIVE A LA CYBERSECURITE ET LA CYBERCRIMINALITE AU CAMEROUN
- ↑ An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Avaliação das Necessidades Pós- Desastre (PDNA) ERUPÇÃO VULCÂNICA NO FOGO 2014-2015, Cape Verde
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ Changement climatique: glossaire des définitions
- ↑ ANSSI Glossaire
- ↑ Combating Climate Change: The German Adaptation Strategy
- ↑ Methode für die Risikoanalyse im Bevölkerungsschutz
- ↑ Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ Dipartimento della Protezione Civile Glossario
- ↑ Dipartimento della Protezione Civile Glossario
- ↑ RFC2828 (Japanese translation)
- ↑ Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ [From French Glossary]
- ↑ Stratégie Nationale de Gestion des Risques et des Catastrophes – Madagascar (2014)
- ↑ GUÍA PARA LA PRESENTACIÓN DEL ESTUDIO DE RIESGO MODALIDAD ANALISIS DE RIESGO, Mexico
- ↑ STRATEGIE NATIONALE EN MATIERE DE CYBERSECURITE, Morocco, 2011
- ↑ Cybersecuritybeeld Nederland 2016 NCSC, Cyber Security Beeld Nederland 5 (2015)
- ↑ National Cyber Security Strategy Nigeria (2014)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Cyber Security Strategy for Norway (2012)
- ↑ DSB, National Risikobild 2014
- ↑ DSB, National Risk Analysis 2014
- ↑ Oman CERT Glossary
- ↑ Glosario de Términos para la Formulación de Proyectos Ambientales, Peru, 2012 / Fuente: Guía de ERA – MINAM
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ Glossário Centro National de Cibersegurança Portugal
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
- ↑ BEZPEČNOSTNÁ RADA SLOVENSKEJ REPUBLIKY
- ↑ Melani Glossary (n.d.)
- ↑ National Cyber Security Strategy 2016, HM Government
- ↑ Cabinet Office, Lexicon of UK Civil Protection Terminology, Version 2.1.1, February 2013
- ↑ UK Civil Protection Lexicon 2013
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
- ↑ Joint Publication 1-02: Department of Defense Dictionary of Military and Associated Terms (2016)
- ↑ EM-DAT disaster database glossary
- ↑ 68.0 68.1 Province of Ontario’s Emergency Management Glossary of Terms
- ↑ Preparing for a Changing Climate: Second Consultation to Inform Scotland's Climate Change Adaptation Framework
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO 22300:2012(en) Societal security — Terminology
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 29147:2014, Information technology -- Security techniques -- Vulnerability disclosure