Search results

==== [[ISO|ISO 22300:2012(en)]] ==== ...human acts, [[Natural Hazard|natural hazards]], and technical failures<ref>ISO 22300:2012(en) Societal security — Terminology</ref>}}

====[[ISO]]==== ...onsibilities, authorities and relationship to achieve its objectives. <ref>ISO 22301:2012</ref>}}<br />

== The International Organization for Standardization (ISO) has defined the following terms == {{#ask: [[Category:Main]][[defined by::ISO]] | format=category | limit=1000 }}

{{definition|Risk Criteria are terms of reference by which the significance or [[risk]] is assessed. <ref name="ENISAGlos"> [htt {{definition| Risk criteria are standards by which the results of [[Risk Assessment|risk assessments]] can be assessed.

...affect, be affected by, or perceive itself to be affected by, a [[risk]] (ISO/IEC Guide 73). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activitie ...ion that can affect, be affected by, or perceive themselves to be affected by a decision or activity.}}Key stakeholders of CIPRNet are: (1) Governmental

...|civilian]] health, safety, and property from [[emergency|emergencies]] as defined in the Civil Contingencies Act (2004) <ref name=UK>[https://www.gov.uk/gove ==== [[ISO|ISO 22300:2012(en)]] ====

{{definition|Harm: any adverse effects that would be experienced by an individual (i.e., that may be socially, physically, or financially damag ==== [[ISO]] ====

==== [[ISO|ISO standards]]==== ....org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Informatio

==== ISO 22300:2012(en) ==== ...of affected organizations, including efforts to reduce risk factors. <ref>ISO 22300:2012(en) Societal security — Terminology</ref>}}<br />

...ocess to find, list and characterize elements of [[risk]] (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activit ...ikacija rizika je proces pronalaženja, prepoznavanja i opisivanja rizika. (ISO 31010) <ref>[http://www.msb.gov.ba/PDF/EU_SMJERNICE_ZA_PRCJENU_RIZIKA21122

==== [[ISO|ISO 28002:2011]] ==== The definition included is the same as the one in ISO Guide 73 (see [[Organisational Resilience]]). However, the standard notes:

...le. Each new definition should be formatted as a heading level 4, followed by the unformatted text of the definition. An example follows below: --> ====[[ISO]]====

...the preservation and restoration of essential societal services. (Adapted by UNISDR <ref name="UNISDR">[http://www.unisdr.org/we/inform/terminology 2009 ==== [[ISO|ISO Guide 73:2009]] ====

...olerance may differ across an organization, but must be clearly understood by those making risk-related decisions.<br /><br/> ...ling to assume in order to achieve a potential desired result;<br/>(b) The defined impacts to an enterprise‘s information systems that an entity is willing

...ng power above a minimum defined value. This inability to transmit above a defined power level is termed Forced Outage Rate (F.O.R.).<br/> ...eliability: property of consistent intended behaviour and results. Source: ISO/IEC 27000:2018 <ref>[https://www.fsb.org/wp-content/uploads/P121118-1.pdf F

...(e.g. the capacity of a generator or the amount of electric power consumed by a consumer) and derived attributes (e.g. the load in a distribution line) w ...le. Each new definition should be formatted as a heading level 4, followed by the unformatted text of the definition. An example follows below:

...mplementation of [[Measure|measures]] to modify [[risk]] (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activit ...eduction”. Risk treatments can create new risks or modify existing risks. (ISO/Guide 73:2009 Risk management — Vocabulary) <ref>[http://www.sama.gov.sa/

...the property that information was produced, issued, modified or destroyed by a certain individual, a system, agency or entity.}} <br /><br/> {{definition|Property that an entity is what it claims to be. Source: ISO/IEC 27000:2018. <ref>[https://www.fsb.org/wp-content/uploads/P121118-1.pdf

{{definition|“Asset" is defined as a person, structure, facility, information, material, equipment, network ==== [[ISO|ISO/IEC 27000:2012]] ====

...finition|Likelihood: The chance of an event or incident happening, whether defined, measured or determined objectively or subjectively.<br /><br />Vraisemblan ====[[ISO|ISO 73:2009]]====

==== [[ISO|ISO/PAS 22399:2007]] ==== ...ion location. <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=50295 ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and

...ent is an occurrence of a particular set of circumstances (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activit {{definition|Event: includes both planned and unplanned activities run by, or on behalf of, an Australian Government agency. <ref>[https://www.protec

====[[ISO]]==== {{#set:defined by=NIAC|defined by=United States}}

==== [[ISO|ISO Guide 73:2009]] ==== ...between 0 and 1 where 0 is impossibility and 1 is absolute certainty. <ref>ISO Guide 73:2009</ref>}}<br />

...bability]] and [[Consequence|consequences]] of a [[risk]] (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos">[http://www.enisa.europa.eu/activiti ...lia|defined by=Canada|defined by=Czech Republic|defined by=Finland|defined by=Peru}}

==== ISO 22300:2012(en) ==== ...nd [[consequences]] of an [[incident]] and communication the results. <ref>ISO 22300:2012(en) Societal security — Terminology</ref>}}<br />

<big>The term “consequence” is not well-defined in the literature and confusion arises when compared to the terms "[[impact For example, the ISO definition found below is very general and does not distinguish between con

...sibility of exercising decisive influence on an undertaking, in particular by: (a) ownership or the right to use all or part of the assets of an undertak ...ity, combined with the capability to manage resources, in order to achieve defined objectives. <ref>[https://www.gov.uk/government/uploads/system/uploads/atta

{{definition|''ENISA uses the ISO definition, see below.'' <ref name="ENISAGlos"> [http://www.enisa.europa.eu ==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ====

...risk criteria]] to determine the significance of [[risk]] (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activit ...izika da se utvrdi da li se rizik i/ili njegova veličina mogu tolerisati. (ISO 31010) <ref>[http://www.msb.gov.ba/PDF/EU_SMJERNICE_ZA_PRCJENU_RIZIKA21122

====[[ISO|ISO/IEC]]==== ...esult of damage to property or to the environment. <ref>[http://www.iso.ch ISO/IEC Guide 55:1999]</ref>}}<br/>

==== [[ISO|ISO 22300:2012(en)]] ==== ...inology</ref> <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=50038 ISO 22301:2012 Societal security -- Business continuity management systems ---

...eholder [G.50] views a risk [G.27], based on a set of values or concerns. (ISO/IEC Guide 73) <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activities ====[[ISO|ISO Guide 73:2009(en)]] ====

{{definition|An approach to manage the uncertain nature of emergency risk by building resilience to all or multiple hazards. <ref>[https://www.emergency ...ent or event, natural or human caused, that requires an organized response by a public, private, and/or governmental entity in order to protect life, pub

...e mutual sharing of information such as experience, knowledge and know-how by transferring to associates and communicating among organizations and member {{definition|Information Sharing: The requirements for information sharing by an IT system with one or more other IT systems or applications, for informa

...is a hypothetical situation comprised of a [[hazard]], an entity impacted by that hazard, and associated conditions including consequences when appropri ==== [[ISO|ISO 22300:2012(en)]] ====

...biometrical traits (fingerprint). A higher security level can be achieved by the combination of different traits used for authentication.<br/><br/> ..., such as a token or PIN, is required in addition to the first one this is defined as 2-factor authentication. <ref>[https://digital.nhs.uk/services/data-and

...le. Each new definition should be formatted as a heading level 4, followed by the unformatted text of the definition. An example follows below: --> ...le. Each new definition should be formatted as a heading level 4, followed by the unformatted text of the definition. Enclose the name with [[ ]] to link

{{definition|The result of an unwanted incident (refers to [[ISO|ISO/IEC PDTR 13335-1]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/act ...is Positive and negative, primary and secondary longterm effects produced by a development intervention, directly or indirectly, intended or unintended.

...he data has been received or to protect the recipient against false denial by the sender that the data has been sent. <ref>[http://www.dgqadefence.gov.in ...urrence of a claimed event or action and its originating entities. Source: ISO/IEC 27000:2018 <ref>[https://www.fsb.org/wp-content/uploads/P121118-1.pdf F

...for secure telecommunications, ITU-T, Geneva (2012) - ITU-T H.235.</ref>}}By a ''direct attack'' on a system they exploit deficiencies in the underlying ...sed psychological attack on citizens or digital identity theft perpetrated by different techniques. <ref>[http://www.hopr.gov.et/c/document_library/get_f

* The representativeness heuristic involves making decisions by comparing the present situation to the most representative mental prototype <!--{#set:defined by=ISO}}-->

...of any negative [[consequence]] of a particular [[event]] (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activit The EU EURAM project defined Risk mitigation as:

...anisation, (5) is out of the ordinary and/or (6) requires concerted action by several stakeholders. <ref>[https://www.msb.se/RibData/Filer/pdf/26621.pdf ====[[ISO/PAS 22399:2007]]====

==== [[ISO|ISO/IEC TR 27019:2013]] ====

...the scale and / or the duration of eventual society which is at [[risk]]; by reducing the [[vulnerability]] of its people, structures, services, and eco ...quence|consequences]] or both, associated with a [[risk]] (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activit

==== [[ISO|ISO/IEC TR 27019:2013]] ==== ...Security techniques -- Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility indust

{{definition|Activities undertaken by emergency services to protect populations, properties, infrastructure and t {{definition|''Civil defence'': The system of measures, usually run by a governmental agency, to protect the civilian population in wartime, to re

{{quote-ciprnet|Hazard is defined as the source of potential harm.}}<br/> ...n combination. In technical settings, hazards are described quantitatively by the likely frequency of occurrence of different intensities for different a

...management comprises the set of of measures and means (incl. preparations) by the public authorities in preparation for an [[Emergency|emergency]], in pr ==== [[ISO|ISO 22300:2012(en)]] ====

...on|Availability is the property of being accessible and usable upon demand by an authorized entity. <ref>[https://www-ns.iaea.org/downloads/security/nuc {{definition|The property of being accessible and useable upon demand by an authorized entity. <ref>ITU Security in Telecommunications and Informati

..., individual organisations and groups of organisations. Capacity is shaped by, adapting to and reacting to external factors and actors, but it is not som ...generally used to express the quantity of output(s) that can be delivered by a particular service over a period of time, and in some cases with indicati

...users for approved purposes the confidentiality requirement is determined by reference to the likely consequences of unauthorised disclosure of official ...ntiality: The ability to protect sensitive information from being accessed by unauthorized people. <ref>[https://www.cyber.gc.ca/en/glossary Glossary - C

...not been altered or destroyed in an unauthorized manner.}}Refers to [[ISO|ISO/IEC PDTR 13335-1]]. <ref name="ENISAGlos"> [http://www.enisa.europa.eu/acti ...: the assurance that information has been created, amended or deleted only by the intended authorised means – integrity relates to information and comm

...on|Recovery is those capabilities necessary to assist communities affected by an [[incident]] to recover effectively, including, but not limited to, rebu ==== ISO 22300:2012(en) ====

{{definition|Infrastructure is defined as: The framework of interdependent networks and systems comprising identif ====[[ISO]]====

...le level of [[risk]] at an acceptable cost. This approach is characterised by identifying, measuring, and controlling risks to a level commensurate with ...water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.</big><br />

...sset]] or group of assets and thereby cause [[harm]] to the organization (ISO/IEC PDTR 13335-1). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/acti {{#set:defined by=Dictionary}}

...lth, a [[threat]] is defined as a substance, condition or [[event]], which by its presence has the potential to rapidly [[harm]] an exposed population, s ...ely cause of harm to people, damage to property or harm to the environment by an individual or individuals with the motivation, intention and capability

...rty the burden of loss or benefit of gain, for a [[risk]] (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activit ...ontingent credit facilities and reserve funds, where the costs are covered by premiums, investor contributions, interest rates and past savings, respecti

...ormation to identify sources and to estimate the [[risk]] (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activit ...rizika je proces razumijevanja prirode rizika i utvrđivanja nivoa rizika. (ISO 31010) <ref>[http://www.msb.gov.ba/PDF/EU_SMJERNICE_ZA_PRCJENU_RIZIKA211220

{{definition|Emergency (''power grid'') means, as declared by the ISO, either: (i) any abnormal system condition which requires immediate manual ...altuuksien käyttö.<br/><br/>Emergency is a condition of the society, meant by the ''Preparedness Act'', which has so many or so serious incidents or [[th

...er | sistema de información | sistem informational | informatiesysteem) is defined in the following ways:<br/><br/> ...data, as well as computer data stored, processed, retrieved or transmitted by that device or group of devices for the purposes of its or their operation,

...], accountability, [[authenticity]], and [[reliability]] (refers to [[ISO|ISO/IEC WD 15443-1]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activ ...rastructure and the risk of loss due to a disruption in essential services by minimizing the vulnerability of critical infrastructure assets, systems and

...plementation of stipulated information security measures and standards and by organisational support for jobs of planning, implementation, assessment and

...]], and the likelihood that a specific [[vulnerability]] will be exploited by a particular [[threat]]. <ref>[http://eur-lex.europa.eu/LexUriServ/site/en/ {{definition|The probability of adverse effects caused by a hazardous phenomenon or substance in an organism, a population, or an eco

...lity or flaw of an asset, system, process or control that can be exploited by a cyber threat. <ref name="NIS Directive2">[https://eur-lex.europa.eu/eli/d ...ion, or operation that renders it susceptible to disruption or destruction by a [[threat]] and includes [[dependency|dependencies]] on other types of [[i

...the prevention of an [[accident]] or keeping the [[damage|damages]] caused by an accident as small as possible. -''unofficial translation''- <ref name=TS ...investing in preventive measures is justified in areas frequently affected by disasters. <ref>[http://www.nemo.gov.lc/DRRProfile.pdf Disaster Risk Reduc

{{definition|A plan prepared by an authority defining what kind of rescue unit is needed to stabilise an [[ {{definition|Response is defined as the actions taken immediately before, during and/or directly after an [[

...tential loss or disruption of the provision of an essential service caused by that incident. <ref name=2557ojEN>https://eur-lex.europa.eu/eli/dir/2022/25 ...assessment is a methodology to determine the nature and extent of [[risk]] by analysing potential [[hazard|hazards]] and evaluating existing conditions o

...le. Each new definition should be formatted as a heading level 4, followed by the unformatted text of the definition. An example follows below: ...o con un método definido, con el fin de obtener los resultados esperados. (ISO).<br/><br/>El ejercicio de colaboración entre organizaciones para intercam

...iality of stored, transmitted or processed data or of the services offered by, or accessible via, network and information systems. <ref name=2555ojEN>ht ...f stored, transmitted or processed data or of the related services offered by, or accessible via, network and information systems. <ref name="NIS Directi

...ing in [[disruption]], [[damage]] and casualties, which cannot be relieved by the unaided capacity of locally, mobilised resources. <ref>[http://www.euro {{definition|A term describing an event that can be defined spatially and geographically, but that demands observation to produce evide

...заявки, отколкото може да поеме.<br/><br/>[CS] Distribuované odepření služby (DDoS, Distributed Denial of Service): Kybernetický útok zabraňující o ...Denial of Service (DDoS): the intentional paralyzing of a computer network by flooding it with data sent simultaneously from many individual computers.

...fyzická alebo právnická osoba zodpovedná za prevádzku, zabezpečovanie údržby, a rozvoj prenosovej sústavy v danej oblasti a prípadne aj rozvoj jej pre ...defined by=ENTSO-E|defined by=ENTSOG|defined by=EU|defined by=NERC|defined by=IEC}}

{{definition|Cybercrime consists of criminal acts that are committed online by using electronic communications networks and information systems. It is a b ...informační systémy (např. útoky na informační systémy, útoky odepření služby a malware).<br/><br/>[DE] Cyberkriminalität: Unterschiedliche kriminelle A

...fyzická alebo právnická osoba zodpovedná za prevádzku, zabezpečovanie údržby, a v prípade potreby rozvoj distribučnej sústavy v danej oblasti a príp ...the Distribution Provider. Thus, the Distribution Provider is not defined by a specific voltage, but rather as performing the distribution function at a

...information systems, the users of such systems, and other persons affected by cyber threats. <ref name=CSact>[https://eur-lex.europa.eu/eli/reg/2019/881/ ...nd [[integrity]] of information that is processed, stored and communicated by electronic or similar means. <ref>[http://www.ag.gov.au/RightsAndProtection

...ktura: Fyzické zdroje, služby a zařízení, jejichž nefunkčnost nebo zničení by mělo vážný dopad na fungování hospodářství a společnosti.<br/><br ...also referred to as nationally significant infrastructure, can be broadly defined as the systems, assets, facilities and networks that provide essential serv

...environment formed by physical and non-physical components, characterized by the use of computers and the electromagnetic spectrum, to store, modify, an ...able of creating, processing and processing exchange information generated by systems, information society services, as well and electronic communication