Cyber Security

Definitions

European Definitions

EU

Cyber-security commonly refers to the safeguards and actions that can be used to protect the cyber domain, both in the civilian and military fields, from those threats that are associated with or that may harm its interdependent networks and information infrastructure. Cyber-security strives to preserve the availability and integrity of the networks and infrastructure and the confidentiality of the information contained therein ^[1].

National Definitions

Australia

Measures relating to the confidentiality, availability and integrity of information that is processed, stored and communicated by electronic or similar means. ^[2]

Austria

Cyber security describes the protection of a key legal asset through constitutional means against actor-related, technical, organisational and natural dangers posing a risk to the security of cyberspace (including infrastructure and data security) as well as the security of the users in cyberspace. Cyber security helps to identify, assess and follow up on threats as well as to strengthen the ability to cope with interferences in or from cyber space, to minimise the effects as well as to restore the capacity to act and functional capabilities of the respective stakeholders, infrastructures and services. ^[3]

Cyber Sicherheit beschreibt den Schutz eines zentralen Rechtsgutes mit rechtsstaatlichen Mitteln vor akteursbezogenen,technischen, organisations- und naturbedingten Gefahren, die die Sicherheit des Cyber Space (inklusive Infrastruktur- und Datensicherheit) und die Sicherheit der Nutzer im Cyber Space gefährden. Cyber Sicherheit trägt dazu bei, die Gefährdungen zu erkennen, zu bewerten und zu verfolgen sowie die Fähigkeit zu stärken, Störungen im und aus dem Cyberspace zu bewältigen, die damit verbundenen Folgen zu mindern sowie die Handlungs- und Funktionsfähigkeit der davon betroffenen Akteure, Infrastrukturen und Dienste wieder herzustellen. ^[4]

Belgium

Cyber security is het vrij zijn van gevaar of schade veroorzaakt door verstoring of uitval van ICT of door misbruik van ICT (be free from danger or damage caused by disturbance or disruption of ICT or misuse of ICT). ^[5]

Brazil

Segurança Cibernética: arte de assegurar a existência e a continuidade da Sociedade da Informação de uma Nação, garantindo e protegendo, no Espaço Cibernético, seus ativos de informação e suas infra-estruturas crítical. ^[6]
Cybersecurity is the art to ensure the existence and continuity of the information society of a nation, ensuring and protecting in Cyberspace, their information assets and their critical infrastructure.

Cameroon (Cameroun)

Cybersécurité: ensemble de mesures de prévention, de protection et de dissuasion d’ordre technique, organisationnel, juridique, financier, humain, procédural et autres actions permettant d’atteindre les objectifs de sécurité fixés à travers les réseaux de communications électroniques, les systèmes d’information et pour la protection de la vie privée des personnes. ^[7]

Canada

The body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability.
Ensemble des technologies, des processus, des pratiques et des mesures d’atténuation et d’intervention conçus pour protéger les réseaux, les ordinateurs, les programmes et les données contre les attaques, les dommages ou les accès non autorisés afin d’assurer la confidentialité, l’intégrité et la disponibilité. ^[8]

Colombia

Ciberseguridad: Capacidad del Estado para minimizar el nivel de riesgo al que están expuestos sus ciudadanos, ante amenazas o incidentes de naturaleza cibernética. ^[9]

Cyber security is the ability of the state to minimize the level of risk their citizens from threats or incidents of cyber nature are exposed to.

Croatia

Kibernetička sigurnost: obuhvaća aktivnosti i mjere kojima se postiže povjerljivost, cjelovitost i dostupnost podataka i sustava u kibernetičkom prostoru.

Cyber security includes activities and measures to achieve confidentiality, integrity and availability of data and systems in cyberspace. ^[10]

Cyprus

Cybersecurity is the broader security of networked systems that operate in cyberspace. ^[11]

I.e. in most cases connected to the Internet, and this term also covers the safe and secure usage of these systems by end users.

Czech Republic

Souhrn právních, organizačních, technických a vzdělávacích prostředků směřujících k zajištění ochrany kybernetického prostoru. ^[12]

Collection of legal, organizational, technological and educational means aimed at providing protection of cyberspace. ^[13]

Denmark

Cybersikkerhed omfatter beskyttelse imod de sikkerhedsbrud, der opstår som følge af angreb mod data eller systemer via en for - bindelse til et eksternt net eller system. Arbejdet med cybersikker - hed fokuserer således på sårbarheder ved sammenkoblingen mellem systemer, herunder forbindelser til internettet. ^[14]

Finland

Cyber security means the desired end state in which the cyber domain is reliable and in which its functioning is ensured. ^[15]

Kyberturvallisuus: tila, jossa kybertoimintaympäristöstä yhteiskunnan elintärkeille toiminnoille tai muille kybertoimintaympäristöstä riippuvaisille toiminnoille koituvat uhkat ja riskit ovat hallinnassa.

Cyber security is a condition in which the threats and risks caused by cyber operating environment to the vital operations of society or other operations dependent on cyber operating environment are in control. -unofficial translation- ^[16]

France

The desired state of an information system in which it can resist events from cyberspace likely to compromise the availability, integrity or confidentiality of the data stored, processed or transmitted and of the related services that these systems offer or make accessible. ^[17]

Germany

(Globale) Cyber-Sicherheit ist der anzustrebende Zustand der IT-Sicherheitslage, in welchem die Risiken des globalen Cyber-Raums auf ein tragbares Maß reduziert sind. Cyber-Sicherheit in Deutschland ist demnach der anzustrebende Zustand der IT-Sicherheitslage, in welchem die Risiken des deutschen Cyber-Raums auf ein tragbares Maß reduziert sind. Cyber-Sicherheit (in Deutschland) entsteht durch die Summe von geeigneten und angemessenen Maßnahmen. ^[18]

(Global) cyber security is the desired condition of the IT security situation, in which the risks of the global cyberspace have been reduced to an acceptable minimum. Cyber security in Germany is thus the desired condition of the IT security situation, in which the risks of the German cyberspace have been reduced to an acceptable minimum. Cyber security (in Germany) is developed through the sum of suitable and adequate safeguards. ^[19]

Hungary

Cyber security is the continuous and planned taking of political, legal, economic, educational, awareness-raising and technical measures to manage risks in cyberspace that transforms the cyberspace into a reliable environment for the smooth functioning and operation of societal and economic processes by ensuring an acceptable level of risks in cyberspace. ^[20]

India

Cyber Security means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction. ^[21]

Islamic Republic of Afghanistan

Protection of information systems that protect the cyber space from attacks, ensuring the confidentiality, integrity and accessibility of the information being processed in this space, detection of attacks and cyber security incidents; putting into force the countermeasures against these incidents and then putting these systems back to their original states prior to the cyber security incident. ^[22]

Jamaica

Cyber Security is the implementation of measures to protect ICT infrastructure including critical infrastructure from intrusion, unauthorized access and includes the adoption of policies, protocols and good practices to better govern the use of cyberspace. ^[23]

Kenya

Cyber Security is defined as the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. ^[24]

Kingdom of Saudi Arabia

Cybersecurity is the ability to protect or defend the use of cyberspace from cyber-attacks. ^[25]

Latvia

Cyber security is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. ^[26]

Organisation and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment.

Lithuania

Cyber security is a set of legal, information dissemination, organizational and technical measures to prevent cyber as well as conventional electronic communications networks, information systems and industrial process control systems operating incidents to occur as well as detect, analyze, respond and recover in the event of such incidents. ^[27]

Kibernetinis saugumas: visuma teisinių, informacijos sklaidos, organizacinių ir techninių priemonių, skirtų kibernetiniams incidentams išvengti, aptikti, analizuoti ir reaguoti į juos, taip pat įprastinei elektroninių ryšių tinklų, informacinių sistemų ar pramoninių procesų valdymo sistemų veiklai, įvykus šiems incidentams, atkurti. ^[28]

Malta

Cyber security is the safeguards and actions that can be used to protect cyber domain from those threats that are associated with or that may harm its interdependent networks and information infrastructure.^[29]

Cyber security strives to preserve the availability and integrity of the networks and infrastructure and the confidentiality of the information contained therein.

Montenegro

Cyber security refers to the ISO, Netherlands and ITU-T definitions. ^[30]

Netherlands

Cyber security refers to efforts to prevent damage caused by disruptions to, breakdowns in or misuse of ICT and to repair damage if and when it has occurred. ^[31]

Such damage may consist of any or all of the following: reduced reliability of ICT, limited availability and violation of the confidentiality and/or integrity of information stored in the ICT systems.

Cyber security is het vrij zijn van gevaar of schade veroorzaakt door verstoring of uitval van ICT of door misbruik van ICT. ^[32] ^[33]

New Zealand

Cyber Security is the practice of making the networks that constitute cyber space as secure as possible against intrusions, maintaining confidentiality, availability and integrity of information, detecting intrusions and incidents that do occur, and responding to and recovering from them. ^[34]

Norway

Cyber Security is the protection of data and systems which are coupled to the Internet. ^[35]
Cybersikkerhet: Beskyttelse av data og systemer som er koblet til internettet. ^[36]

Pakistan

Cyber Security definition is still under development. ^[37]

Poland

cyberbezpieczeństwo RP (bezpieczeństwo RP w cyberprzestrzeni) – proces zapewniania bezpiecznego funkcjonowania w cyberprzestrzeni państwa jako całości, jego struktur, osób fizycznych i osób prawnych, w tym przedsiębiorców i innych podmiotów nieposiadających osobowości prawnej, a także będących w ich dyspozycji systemów teleinformatycznych oraz zasobów informacyjnych w globalnej cyberprzestrzeni.

Cyber RP (RP security in cyberspace) is the process of ensuring the safe operation of in cyberspace state as a whole, its structure, individuals and legal persons, including companies and other entities without legal personality, as well as at their disposal ICT systems and information resources in the global cyberspace. ^[38]

Qatar

The collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the cyber environment and organization and user’s assets. ^[39]

مجموعة ا أ لدوات والسياسات والمفاهيم وا إ لجراءات ا أ لمنية والمبادئ التوجيهية ومنهجيات إدارة المخاطر وا إ لجراءات والتدريب وأفضل الممارسات وسبل التأمي ن والتقنيات ال ت ي يمكن استخدامها لحماية بيئة الفضاء ا إ للك ترو ني وأصول^[40]

Organization and user’s assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cyber security strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment. The general security objectives comprise the following: confidentiality, integrity (which may include authenticity and non-repudiation), and availability.

Republic of Trinidad & Tobago

See ITU-T definition below ^[41]

Romania

Cyber security is a normality resulting from the application of a set of proactive and reactive measures that ensure the confidentiality, integrity, availability, authenticity and non-repudiation in electronic information, resources and services, public or private, in cyberspace.

Starea de normalitate rezultată în urma aplicării unui ansamblu de măsuri proactive şi reactive prin care se asigură confidenţialitatea, integritatea, disponibilitatea, autenticitatea şi nonrepudierea informaţiilor în format electronic, a resurselor şi serviciilor publice sau private, din spaţiul cybernetic. Măsurile proactive şi reactive pot include politici, concepte, standarde şi ghiduri de securitate, managementul riscului, activităţi de instruire şi conştientizare, implementarea de soluţii tehnice de protejare a infrastructurilor cibernetice, managementul identităţii, managementul consecinţelor. ^[42]

Saudi Arabia

Cyber Security is the ability to protect or defend the use of cyberspace from cyber-attacks. ^[43]

South Africa

Cyber Security is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user assets. ^[44]

Sweden

See ITU-T definition below. ^[45]

Turkey

Siber güvenlik: Siber ortamı oluşturan bilişim sistemlerinin saldırılardan korunmasını, bu ortamda işlenen bilginin gizlilik, bütünlük ve erişilebilirliğinin güvence altına alınmasını, saldırıların ve siber güvenlik olaylarının tespit edilmesini, bu tespitlere karşı tepki mekanizmalarının devreye alınmasını ve sonrasında ise sistemlerin yaşanan siber güvenlik olayı öncesi durumlarına geri döndürülmesini. ^[46]

Cyber Security is the protection of information systems that make up the cyber space from attacks, ensuring the confidentiality, integrity and accessibility of the information being processed in this space, detection of attacks and cyber security incidents, putting into force the countermeasures against these incidents and then putting these systems back to their states previous to the cyber security incident. ^[47]

United States

The prevention of damage to, unauthorized use of, or exploitation of, and, if needed, the restoration of electronic information and communications systems and the information contained therein to ensure confidentiality, integrity, and availability; includes protection and restoration, when needed, of information networks and wireline, wireless, satellite, public safety answering points, and 911 communications systems and control systems. ^[48]

Alternatively,

The ability to protect or defend the use of cyberspace from cyber attacks. ^[49]

International organisations

ITU-T

Cyber security is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. ^[50]

Organization and user’s assets include connected computing devices,personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cyber security strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment.

World Economic Forum

The analysis, warning, Information Sharing, vulnerability reduction, risk mitigation and recovery efforts for networked information systems. ^[51]

International standards

ISO/IEC

Cyber security is defined as the “preservation of confidentiality, integrity and availability of information in the Cyberspace. ^[52]

Other Definitions

Scotland

Cyber security is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets. ^[53]

East-West Institute (Russia-US)

Cybersecurity is a property of cyber space that is an ability to resist intentional and unintentional threats and respond and recover.

Кибербезопасность: свойство (киберпространства, киберсистемы), противостоять, намеренным и/или, ненамеренным угрозам, а также, реагировать на них и, восстанавливаться после воздействия этих угроз. ^[54]

Notes

[1] Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions - Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace, 07/02/2013

[2] Rights and Protections on Cyber Security, Australian Attorney-General’s Department

[3] Austrian Cyber Security Strategy, Federal Chancellery of the Republic of Austria, Vienna (2013)

[4] Österreichische Strategie für Cyber Sicherheit (2013)

[5] Cyber Security Strategy.be

[6] GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ Portaria Nº 45, de 8 de setembro de 2009.

[7] LOI N°2010/012 DU 21 DECEMBRE 2010 RELATIVE A LA CYBERSECURITE ET LA CYBERCRIMINALITE AU CAMEROUN

[canada-8] Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)

[9] Conpes 3510

[10] National Cyber Security Strategy draft (2015)

[11] Cybersecurity Strategy of the Republic of Cyprus (23 April 2012)

[12] ttp://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]

[13] ttp://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)

[14] Danish Cyber Security Strategy, 2014

[15] Finlands' Cyber Security Strategy

[TSK-16] Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)

[17] Information systems defence and security: France's Strategy

[18] ttp://www.kritis.bund.de/SubSites/Kritis/DE/Servicefunktionen/Glossar/Functions/glossar.html Protection of Critical Infrastructures, BMI.

[19] Unpublished working glossary of UP KRITIS and BSI (2014)

[20] Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary

[21] Information Technology Act Ammendment (2008)

[22] National Cyber Security Strategy of Afghanistan (2014)

[23] Jamaica's National Cyber Security Strategy

[24] Kenya's National Cyber Security Strategy

[25] Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7

[26] ttp://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/lv-ncss Kenya's National Cyber Security Strategy]

[27] GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 2011–2019

[28] LIETUVOS RESPUBLIKOS KIBERNETINIO SAUGUMO ĮSTATYMAS 2014 m. gruodžio 11 d. Nr. XII-1428 Vilnius

[29] NATIONAL CYBER SECURITY STRATEGY GREEN PAPER 2015

[30] NATIONAL CYBER SECURITY STRATEGY FOR MONTENEGRO 2013-2017

[31] National Cyber Security Strategy 2: From Awareness to Capability, Ministry of Security and Justice, The Hague, The Netherlands

[32] Cyber Security Beeld Nederland 4, 2014, Ministry of Security and Justice, The Hague, The Netherlands

[33] Cyber Security Beeld Nederland 5, 2015, Ministry of Security and Justice, The Hague, The Netherlands

[34] New Zealand’s Cyber Security Strategy (2011)

[35] Cyber Security Strategy for Norway (2012)

[36] Nasjonal strategi for informasjonssikkerhet (2012)

[37] tion still under development

[38] [http://mon.gov.pl/z/pliki/dokumenty/rozne/2015/05/DCB.pdf Doktryna cyberbezpieczeństwa Rzeczypospolitej Polskiej, Warsaw (2015)]

[39] QATAR National Cyber Security Strategy (May 2014)

[40] الاستراتيجية الوطنية للأمن السيبراني QATAR NCSS - Arabic version (May 2014)

[41] Government of the Republic of Trinidad & Tobago, National Cyber Security Strategy (December 2012)

[42] Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică

[43] Drafting National Information Security Strategy for the Kingdom of Saudi Arabia (Draft 7 - 2011)

[44] South Africa Cyber Security Policy, Staatskoerant No. 32963, 10 Feb 2010

[45] Informations- och cybersäkerhet i Sverige Strategi och åtgärder för säker information i staten(2015)

[46] UlUSAL SİBER GÜVENLİk STRATEJİSİ VE

[47] Turkey's National Cyber Security Strategy and 2013-2014 Action Plan

[48] National Infrastructure Protection Plan, Partnering to enhance protection and resiliency, US Department of Homeland Security, 2009

[49] [http://www.ncix.gov/publications/policy/docs/CNSSI_4009.pdf National Information Assurance (IA) Glossary, Committee on National Security Systems, CNSS Instruction No. 4009, 26 April 2010.

[50] ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T X.1205

[51] WEF Partnering for Cyber Resilience Guidelines 2012

[52] ISO/IEC 27032:2012 Information technology — Security techniques — Guidelines for cybersecurity

[53] [http://news.scotland.gov.uk/imagelibrary/downloadmedia.ashx?MediaDetailsID=3708&SizeId=-1 Scottish Government Consultation on proposal for a Cyber Resilience Strategy for Scotland]

[54] RUSSIA-‐U.S. BILATERAL ON CYBERSECURITY CRITICAL TERMINOLOGY FOUNDATIONS

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

[23]

[24]

[25]

[26]

[27]

[28]

[29]

[30]

[31]

[32]

[33]

[34]

[35]

[36]

[37]

[38]

[39]

[40]

[41]

[42]

[43]

[44]

[45]

[46]

[47]

[48]

[49]

[50]

[51]

[52]

[53]

[54]