Difference between revisions of "Information Security"

Revision as of 01:20, 19 July 2015

Definitions

European Definitions

The protection of information against unauthorised disclosure, transfer, modification or destruction, whether accidental or intentional. ^[1]

Other International Definitions

NATO

The protection of information against unauthorised disclosure, transfer, modification or destruction, whether accidental or intentional (INFOSEC). ^[2]

Information security is the protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats. ^[3]

National Definitions

Austria

Information security or network security are umbrella terms for ICT security, referring to the entire relevant information of an organisation or an enterprise, including information that has not been processed electronically. Hence, it describes the entirety of characteristics of an organisation ensuring the confidentiality, availability and integrity of information. ^[4]

Informationssicherheit / Netzwerksicherheit ist ein Überbegriff zu IKT-Sicherheit und bezieht sich auf alle relevanten Informationen einer Organisation oder eines Unternehmens einschließlich von nicht elektronisch verarbeiteten Informationen. Es bezeichnet somit die Summe der Eigenschaften einer Organisation, die dem Schutz der Vertraulichkeit, Verfügbarkeit und Integrität der Informationen dienen. ^[5]

Information may be available as spoken text, paper documents or other directly readable media or as electronically processed data in ICT systems.

Brazil

Segurança da Informação: proteção dos sistemas de informação contra a negação de serviço a usuários autorizados, assim como contra a intrusão, e a modificação desautorizada de dados ou informações, armazenados, em processamento ou em trânsito, abrangendo, inclusive, a segurança dos recursos humanos, da documentação e do material, das áreas e instalações das comunicações e computacional, assim como as destinadas a prevenir, detectar, deter e documentar eventuais ameaças a seu desenvolvimento. ^[6]

Information Security is the protection of information systems against denial of service to authorised users, as well as against intrusion and unauthorised modification of data or information stored in processing or in transit, covering even the safety of human resources, documentation and material, of the areas and facilities of communications and computing, as well as to prevent, detect, deter and document any threats to its development.

Croatia

Informacijska sigurnost – stanje povjerljivosti, cjelovitosti i raspoloživosti podataka koje se postiže primjenom odgovarajućih sigurnosnih mjera.

Information security is the state of confidentiality, integrity and availability of information, which is achieved by implementation of stipulated information security measures and standards and by organisational support for jobs of planning, implementation, assessment and update of measures and standards. ^[7] ^[8]

Czech Republic

Bezpečností informací zajištění důvěrnosti, integrity a dostupnosti informací. ^[9]

Security (protection) of confidentiality, integrity and availability of information. ^[10]

Denmark

Informationssikkerhed er en bred betegnelse for de samlede for - anstaltninger til at sikre informationer i forhold til fortrolighed, integritet (ændring af data) og tilgængelighed. I arbejdet indgår blandt andet organisering af sikkerhedsarbejdet, påvirkning af adfærd, processer for behandling af data, styring af leverandører samt tekniske sikringsforanstaltninger. . ^[11]

Finland

Tietoturva, tietoturvallisuus: järjestelyt, joilla pyritään varmistamaan tiedon saatavuus, eheys ja luottamuksellisuus.

Information Security are arrangements aiming at ensuring the availability, integrity and confidentiality of information. -unofficial translation- ^[12]

Germany

IT security is the condition in which availability, integrity and confidentiality of information and Information Technology are ensured by appropriate safeguards. ^[13]

Jamaica

Information security is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. ^[14]

Note: The terms information security, computer security and information assurance are understood for these purposes as being interchangeable.

Montenegro]

Informaciona bezbjednost podrazumijeva stanje povjerljivosti, cjelovitosti i dostupnosti podataka. Informaciona bezbjednost se fokusira na podatke bez obzira na njihovu formu: elektronski, štampani ili drugi oblici podataka. ^[15]

Information security means the condition of confidentiality, integrity and availability of data. Information security focuses on data, regardless of their form: electronic, print or other forms of data.

Netherlands

Informatiebeveiliging is het behouden van de vertrouwelijkheid, integriteit en beschikbaarheid van informatie. ^[16]

Integriteit is de eigenschap dat de nauwkeurigheid en volledigheid van bedrijfsmiddelen wordt beveiligd.
Vertrouwelijkheid is de eigenschap dat informatie niet beschikbaar wordt gesteld of wordt ontsloten aan onbevoegde personen, entiteiten of processen.
Beschikbaarheid is het kenmerk dat iets toegankelijk en bruikbaar is op verzoek van een bevoegde entiteit.

Information security is taking and maintaining a coherent set of measures to guarantee the availability, integrity and confidentiality of information.

Het treffen en onderhouden van een samenhangend pakket aan maatregelen om de beschikbaarheid, integriteit en vertrouwelijkheid te borgen. ^[17]

Norway

IKT-sikkerhet: Hvordan elektroniske nettverk og systemer som behandler data eller kommuniserer med hverandre, og som virksomhetene er avhengig av for å fungere effektivt, skal beskyttes. ^[18]
ICT security is how business-critical electronic networks and systems that process data or communicate with each other are protected. ^[19]

United States

The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. ^[20]

Standard Definition

ISO/IEC 27000:2014

Preservation of confidentiality, integrity and availability of information. ^[21]. In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.

Notes

↑ [http://www.cimic-coe.org/wp-content/uploads/2014/06/NATO-EU-UN-glossary-on-DCB-and-CP.pdf NATO - EU - UN glossary
↑ [http://www.cimic-coe.org/wp-content/uploads/2014/06/NATO-EU-UN-glossary-on-DCB-and-CP.pdf NATO - EU - UN glossary
↑ [http://www.cimic-coe.org/wp-content/uploads/2014/06/NATO-EU-UN-glossary-on-DCB-and-CP.pdf NATO - EU - UN glossary
↑ Austrian Cyber Security Strategy, Federal Chancellery of the Republic of Austria, Vienna (2013)
↑ Österreichische Strategie für Cyber Sicherheit (2013)
↑ GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ Decreto Nº 3.505, de 13 de junho de 2000. Presidência da República, Casa Civil, Subchefia para Assuntos Jurídicos. Institui a Política de Segurança da Informação nos órgãos e entidades da Administração Pública Federal. Brasília, 2000.
↑ Article 2 of the Information Security Act
↑ National Cyber Security Strategy draft (2015)
↑ http://www.nbu.cz/download/nodeid-1384/ Zákon č. 181/2014 Sb. o kybernetické bezpečnosti a o změně souvisejících zákonů (zákon o kybernetické bezpečnosti)
↑ Cyber Security Explanatory Glossary (2013)
↑ Danish Cyber Security Strategy, 2014
↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
↑ Unpublished working glossary of UP KRITIS and BSI, 2014
↑ Jamaica's National Cyber Security Strategy
↑ Strategija o bezbjednosti 2013-2017 (2012)
↑ NEN-ISO/IEC-27001 en 27002
↑ Zakboekje Preventie Cybercrime (2008
↑ Nasjonal strategi for informasjonssikkerhet (2012)
↑ Cyber Security Strategy for Norway (2012)
↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary

[1] [http://www.cimic-coe.org/wp-content/uploads/2014/06/NATO-EU-UN-glossary-on-DCB-and-CP.pdf NATO - EU - UN glossary

[2] [http://www.cimic-coe.org/wp-content/uploads/2014/06/NATO-EU-UN-glossary-on-DCB-and-CP.pdf NATO - EU - UN glossary

[3] [http://www.cimic-coe.org/wp-content/uploads/2014/06/NATO-EU-UN-glossary-on-DCB-and-CP.pdf NATO - EU - UN glossary

[4] Austrian Cyber Security Strategy, Federal Chancellery of the Republic of Austria, Vienna (2013)

[5] Österreichische Strategie für Cyber Sicherheit (2013)

[6] GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ Decreto Nº 3.505, de 13 de junho de 2000. Presidência da República, Casa Civil, Subchefia para Assuntos Jurídicos. Institui a Política de Segurança da Informação nos órgãos e entidades da Administração Pública Federal. Brasília, 2000.

[7] Article 2 of the Information Security Act

[8] National Cyber Security Strategy draft (2015)

[9] ttp://www.nbu.cz/download/nodeid-1384/ Zákon č. 181/2014 Sb. o kybernetické bezpečnosti a o změně souvisejících zákonů (zákon o kybernetické bezpečnosti)

[10] Cyber Security Explanatory Glossary (2013)

[11] Danish Cyber Security Strategy, 2014

[TSK-12] Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)

[13] Unpublished working glossary of UP KRITIS and BSI, 2014

[14] Jamaica's National Cyber Security Strategy

[15] Strategija o bezbjednosti 2013-2017 (2012)

[16] NEN-ISO/IEC-27001 en 27002

[17] Zakboekje Preventie Cybercrime (2008

[18] Nasjonal strategi for informasjonssikkerhet (2012)

[19] Cyber Security Strategy for Norway (2012)

[NISTIR7298-20] NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series

[ISO27000-14-21] ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

@@ Line 4: / Line 4: @@
 === Other International Definitions ===
-====NATO====
+====[[NATO]]====
 {{definition|The protection of information against unauthorised disclosure, transfer, modification or destruction, whether accidental or intentional (INFOSEC). <ref>[http://www.cimic-coe.org/wp-content/uploads/2014/06/NATO-EU-UN-glossary-on-DCB-and-CP.pdf NATO - EU - UN glossary</ref>}}  <br />
-====UN====
+====[[UN|United Nations]]====
 {{definition|''Information security'' is the protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats. <ref>[http://www.cimic-coe.org/wp-content/uploads/2014/06/NATO-EU-UN-glossary-on-DCB-and-CP.pdf NATO - EU - UN glossary</ref>}}  <br />
@@ Line 13: / Line 13: @@
 === National Definitions ===
-==== Austria ====
+==== [[Austria]] ====
 {{definition|Information security or network security are umbrella terms for ICT security, referring to the entire relevant information of an organisation or an enterprise, including information that has not been processed electronically. Hence, it describes the entirety of characteristics of an organisation ensuring the confidentiality, availability and integrity of information.  <ref>[http://www.bmi.gv.at/cms/BMI_Service/cycer_security/130415_strategie_cybersicherheit_en_web.pdf Austrian Cyber Security Strategy, Federal Chancellery of the Republic of Austria, Vienna (2013)]</ref><br/><br/>Informationssicherheit / Netzwerksicherheit ist ein Überbegriff zu IKT-Sicherheit und bezieht sich auf alle relevanten Informationen einer Organisation oder eines Unternehmens einschließlich von nicht elektronisch verarbeiteten Informationen. Es bezeichnet somit die Summe der Eigenschaften einer Organisation, die dem Schutz der Vertraulichkeit, Verfügbarkeit und Integrität der Informationen dienen.  <ref>[https://www.bka.gv.at/DocView.axd?CobId=50748 Österreichische Strategie für Cyber Sicherheit (2013)]</ref>}}
 Information may be available as spoken text, paper documents or other directly readable media or as electronically processed data in ICT systems.<br />
 <br />
-==== Brazil ====
+==== [[Brazil]] ====
 {{definition| Segurança da Informação: proteção dos sistemas de informação contra a negação de serviço a usuários autorizados, assim como contra a intrusão, e a modificação desautorizada de dados ou informações, armazenados, em processamento ou em trânsito, abrangendo, inclusive, a segurança dos recursos humanos, da documentação e do material, das áreas e instalações das comunicações e computacional, assim como as destinadas a prevenir, detectar, deter e documentar eventuais ameaças a seu desenvolvimento. <ref>[http://www.biblioteca.presidencia.gov.br/publicacoes-oficiais-1/catalogo/orgao-essenciais/gabinete-de-seguranca-institucional/guia-de-referencia-para-seguranca-de-infraestruturas-criticas-da-informacao/at_download/file GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ Decreto Nº 3.505, de 13 de junho de 2000. Presidência da República, Casa Civil, Subchefia para Assuntos Jurídicos. Institui a Política de Segurança da Informação nos órgãos e entidades da Administração Pública Federal. Brasília, 2000.]</ref><br /><br />Information Security is the protection of information systems against denial of service to authorised users, as well as against intrusion and unauthorised modification of data or information stored in processing or in transit, covering even the safety of human resources, documentation and material, of the areas and facilities of communications and computing, as well as to prevent, detect, deter and document any [[Threat|threats]] to its development.}} <br />
-====Czech Republic====
+====[[Croatia]]====
+{{definition|Informacijska sigurnost – stanje povjerljivosti, cjelovitosti i raspoloživosti podataka koje se postiže primjenom odgovarajućih sigurnosnih mjera.<br/><br/>Information security is the state of [[confidentiality]], [[integrity]] and [[availability]] of information, which is achieved by implementation of stipulated information security measures and standards and by organisational support for jobs of planning, implementation, assessment and update of measures and standards. <ref> [http://www.uvns.hr/en/about-us/glossary/information-security Article 2 of the Information Security Act]</ref> <ref> [https://esavjetovanja.gov.hr/ECon/MainScreen?entityId=1072 National Cyber Security Strategy draft (2015)]</ref>}}
+<br />
+====[[Czech Republic]]====
 {{definition|Bezpečností informací zajištění důvěrnosti, integrity a dostupnosti informací. <ref>http://www.nbu.cz/download/nodeid-1384/ Zákon č. 181/2014 Sb. o kybernetické bezpečnosti a o změně souvisejících zákonů (zákon o kybernetické bezpečnosti)</ref><br/><br/>Security (protection) of [[confidentiality]], [[integrity]] and [[availability]] of information. <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}}
 <br />
-====Croatia====
-{{definition|Informacijska sigurnost – stanje povjerljivosti, cjelovitosti i raspoloživosti podataka koje se postiže primjenom odgovarajućih sigurnosnih mjera.<br/><br/>Information security is the state of [[confidentiality]], [[integrity]] and [[availability]] of information, which is achieved by implementation of stipulated information security measures and standards and by organisational support for jobs of planning, implementation, assessment and update of measures and standards. <ref> [http://www.uvns.hr/en/about-us/glossary/information-security Article 2 of the Information Security Act]</ref> <ref> [https://esavjetovanja.gov.hr/ECon/MainScreen?entityId=1072 National Cyber Security Strategy draft (2015)]</ref>}}
-<br />
-==== Denmark ====
+==== [[Denmark]] ====
 {{definition|Informationssikkerhed er en bred betegnelse for de samlede for - anstaltninger til at sikre informationer i forhold til fortrolighed, integritet (ændring af data) og tilgængelighed. I arbejdet indgår blandt andet organisering af sikkerhedsarbejdet, påvirkning af adfærd, processer for behandling af data, styring af leverandører samt tekniske sikringsforanstaltninger. . <ref>[http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/DK_NCSS.pdf Danish Cyber Security Strategy, 2014]</ref>}}
 <br />
-====Finland====
+====[[Finland]]====
 {{definition|Tietoturva, tietoturvallisuus: järjestelyt, joilla pyritään varmistamaan tiedon saatavuus, eheys ja luottamuksellisuus.<br/><br/>Information Security are arrangements aiming at ensuring the [[availability]], [[integrity]] and [[confidentiality]] of information. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br />
-==== Germany ====
+==== [[Germany]] ====
 {{definition|''IT security'' is the condition in which [[availability]], [[integrity]] and [[confidentiality]] of information and [[Information Technology]] are ensured by appropriate [[safeguard|safeguards]]. <ref>Unpublished working glossary of UP KRITIS and BSI, 2014 </ref>}}<br />
-==== Jamaica ====
+==== [[Jamaica]] ====
 {{definition|Information security is the protection of information and [[Information System|information systems]] from unauthorized access, use, disclosure, [[disruption]], modification, or destruction. <ref>[http://www.mstem.gov.jm/sites/default/files/documents/Jamaica%20National%20Cyber%20Security%20Strategy.pdf Jamaica's National Cyber Security Strategy]</ref>}}
 Note: The terms information security, computer security and information assurance are understood for these purposes as being interchangeable. <br />
-====Montenegro====
+====[[Montenegro]]]====
 {{definition| Informaciona bezbjednost podrazumijeva stanje povjerljivosti, cjelovitosti i dostupnosti podataka. Informaciona bezbjednost se fokusira na podatke bez obzira na njihovu formu: elektronski, štampani ili drugi oblici podataka. <ref>[http://www.mid.gov.me/ResourceManager/FileDownload.aspx?rid=146722&rType=2&file=Strategija%20o%20bezbjednosti%202013-2017.pdf Strategija o bezbjednosti 2013-2017 (2012)]</ref><br /><br />Information security means the condition of confidentiality, integrity and availability of data. Information security focuses on data, regardless of their form: electronic, print or other forms of data.}}<br />
-==== Netherlands ====
+==== [[Netherlands]] ====
 {{definition|''Informatiebeveiliging'' is het behouden van de vertrouwelijkheid, integriteit en beschikbaarheid van informatie. <ref>NEN-ISO/IEC-27001 en 27002</ref>}}
 * Integriteit is de eigenschap dat de nauwkeurigheid en volledigheid van bedrijfsmiddelen wordt beveiligd.
@@ Line 52: / Line 54: @@
 {{definition|Information security is taking and maintaining a coherent set of [[Measure|measures]] to guarantee the [[availability]], [[integrity]] and [[confidentiality]] of information.<br/><br/>Het treffen en onderhouden van een samenhangend pakket aan maatregelen om de beschikbaarheid, integriteit en vertrouwelijkheid te borgen. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref>}}<br />
-==== Norway ====
+==== [[Norway]] ====
-{{definition|ICT security is how business-critical electronic networks and systems that process data or communicate with each other are protected. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/cyber_security_strategy_norway.pdf Cyber Security Strategy for Norway (2012)]</ref><br />IKT-sikkerhet: Hvordan elektroniske nettverk og systemer som behandler data eller kommuniserer med hverandre, og som virksomhetene er avhengig av for å fungere effektivt, skal beskyttes.  <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/nasjonal_strategi_infosikkerhet.pdf Nasjonal strategi for informasjonssikkerhet (2012)]</ref>}}<br />
+{{definition|IKT-sikkerhet: Hvordan elektroniske nettverk og systemer som behandler data eller kommuniserer med hverandre, og som virksomhetene er avhengig av for å fungere effektivt, skal beskyttes.  <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/nasjonal_strategi_infosikkerhet.pdf Nasjonal strategi for informasjonssikkerhet (2012)]</ref><br/>ICT security is how business-critical electronic networks and systems that process data or communicate with each other are protected. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/cyber_security_strategy_norway.pdf Cyber Security Strategy for Norway (2012)]</ref>}}<br />
-====United States====
+====[[United States]]====
 {{definition|The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide [[confidentiality]], [[integrity]], and [[availability]]. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series]</ref>}}<br />
 ===Standard Definition===
-==== ISO/IEC 27000:2014 ====
+==== [[ISO|ISO/IEC 27000:2014]] ====
 {{definition|Preservation of [[confidentiality]], [[integrity]] and [[availability]] of information. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>. In addition, other properties, such as [[authenticity]], accountability, [[non-repudiation]], and [[reliability]] can also be involved.}}
 <br />

Difference between revisions of "Information Security"

Revision as of 01:20, 19 July 2015

Contents

Definitions

European Definitions

Other International Definitions

NATO

United Nations

National Definitions

Austria

Brazil

Croatia

Czech Republic

Denmark

Finland

Germany

Jamaica

Montenegro]

Netherlands

Norway

United States

Standard Definition

ISO/IEC 27000:2014

Notes

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Actions

Fraunhofer-Wiki-Farm

Tools