Difference between revisions of "Threat"
Jump to navigation
Jump to search
(→Canada) |
(→Definitions) |
||
| Line 6: | Line 6: | ||
<big>The European Commission's CBRN Glossary<ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref> defines threat as</big> | <big>The European Commission's CBRN Glossary<ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref> defines threat as</big> | ||
| − | {{definition|The [[likelihood]] of occurrence of a [[hazard]] or [[event]] with a harmful [[effect]]. In contrast to [[risk]], a threat is not related to the [[impact]] it may cause. In the context of public health, a [[threat]] is defined as a substance, condition or [[event]], which by its presence has the potential to rapidly [[harm]] an exposed population, sufficiently lead to a major [[crisis]]<ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref> | + | {{definition|The [[likelihood]] of occurrence of a [[hazard]] or [[event]] with a harmful [[effect]]. In contrast to [[risk]], a threat is not related to the [[impact]] it may cause. In the context of public health, a [[threat]] is defined as a substance, condition or [[event]], which by its presence has the potential to rapidly [[harm]] an exposed population, sufficiently lead to a major [[crisis]]. <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref>}} |
<br /> | <br /> | ||
=== Other International Definitions === | === Other International Definitions === | ||
==== NATO CEP / EAPC ==== | ==== NATO CEP / EAPC ==== | ||
| − | {{definition|A threat is any [[event]] that has the potential to disrupt or destroy [[Critical Infrastructure|critical infrastructure]], or any element thereof. <ref>NATO EAPC(SCEPC) lexicon 2003.</ref> | + | {{definition|A threat is any [[event]] that has the potential to disrupt or destroy [[Critical Infrastructure|critical infrastructure]], or any element thereof. <ref>NATO EAPC(SCEPC) lexicon 2003.</ref>}} |
<big>An [[Αll Ηazards]] approach to threat includes accidents, [[Natural Hazard|natural hazards]] as well as deliberate attacks.</big><br /> | <big>An [[Αll Ηazards]] approach to threat includes accidents, [[Natural Hazard|natural hazards]] as well as deliberate attacks.</big><br /> | ||
==== EU Project VITA ==== | ==== EU Project VITA ==== | ||
| − | {{definition|A threat is a source of impending [[danger]] or [[harm]]. <ref>EU VITA deliverable.</ref> | + | {{definition|A threat is a source of impending [[danger]] or [[harm]]. <ref>EU VITA deliverable.</ref>}} |
<big>The semantics of that definition in the context of [[CI]] is that a [[threat]] to a [[CI]] may give rise to serious [[consequence|consequences]] to critical societal functions, including the supply chain, health, [[Safety|safety]], [[Security|security]], economic or social well-being of people.</big> | <big>The semantics of that definition in the context of [[CI]] is that a [[threat]] to a [[CI]] may give rise to serious [[consequence|consequences]] to critical societal functions, including the supply chain, health, [[Safety|safety]], [[Security|security]], economic or social well-being of people.</big> | ||
<br /> | <br /> | ||
| Line 26: | Line 26: | ||
====Czech Republic==== | ====Czech Republic==== | ||
| − | {{definition|Potential cause of an unwanted incident which may result in damage to a system or organization (Potenciální příčina nechtěného incidentu, jehož výsledkem může být poškození systému nebo organizace | + | {{definition|Potential cause of an unwanted incident which may result in damage to a system or organization (Potenciální příčina nechtěného incidentu, jehož výsledkem může být poškození systému nebo organizace). <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}} |
<br /> | <br /> | ||
==== France ==== | ==== France ==== | ||
| − | {{definition|(in French) Menace: tout événement physique, phénomène ou activité humaine potentiellement préjudiciable, susceptible de provoquer des décès ou des lésions corporelles, des dégâts matériels ou immatériels, des perturbations sociales et économiques ou une détérioration de l’environnement. Pour la démarche de sécurité des secteurs d’activités d’importance vitale, les menaces seront réputées avoir un caractère malveillant ou être de nature terroriste <ref>[http://circulaire.legifrance.gouv.fr/pdf/2014/01/cir_37828.pdf INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J] </ref> | + | {{definition|(in French) Menace: tout événement physique, phénomène ou activité humaine potentiellement préjudiciable, susceptible de provoquer des décès ou des lésions corporelles, des dégâts matériels ou immatériels, des perturbations sociales et économiques ou une détérioration de l’environnement. Pour la démarche de sécurité des secteurs d’activités d’importance vitale, les menaces seront réputées avoir un caractère malveillant ou être de nature terroriste. <ref>[http://circulaire.legifrance.gouv.fr/pdf/2014/01/cir_37828.pdf INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J] </ref>}} |
<big> | <big> | ||
A non-official translation is the following:</big> | A non-official translation is the following:</big> | ||
{{definition|Any physical event, phenomenon or human activities potentially harmful, that could cause death or injuries, material or immaterial [[damage]], social and economic disruption or environmental degradation. Meant for a security approach of vital activity sectors ([[CI]]-sectors), [[threat]]s will be considered as having a malicious character or as terrorist activities.}}<br /> | {{definition|Any physical event, phenomenon or human activities potentially harmful, that could cause death or injuries, material or immaterial [[damage]], social and economic disruption or environmental degradation. Meant for a security approach of vital activity sectors ([[CI]]-sectors), [[threat]]s will be considered as having a malicious character or as terrorist activities.}}<br /> | ||
====Kingdom of Saudi Arabia==== | ====Kingdom of Saudi Arabia==== | ||
| − | {{definition|Threat is an agent that exploits security vulnerabilities and risks.<ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}} | + | {{definition|Threat is an agent that exploits security vulnerabilities and risks. <ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}} |
<br /> | <br /> | ||
| + | |||
| + | ====United Kingdom (UK)==== | ||
| + | {{definition|Threat is the intent and capacity to cause loss of life or create adverse consequences to human welfare (including property and the supply of essential services and commodities), the environment or security. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br /> | ||
==== United States ==== | ==== United States ==== | ||
=====DHS===== | =====DHS===== | ||
| − | {{definition|A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to [[harm]] life, information, operations, the environment, and/or property <ref> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref> | + | {{definition|A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to [[harm]] life, information, operations, the environment, and/or property. <ref> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}} |
=====NIST===== | =====NIST===== | ||
| − | {{definition|Any circumstance or event with the potential to adversely [[impact]] organizational operations (including mission, functions, image, or reputation), organizational [[assets]], individuals, other organizations, or the Nation through an information system via unauthorized access,destruction, disclosure, modification of information, and/or denial of service.<ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series]</ref>}} <br /> | + | {{definition|Any circumstance or event with the potential to adversely [[impact]] organizational operations (including mission, functions, image, or reputation), organizational [[assets]], individuals, other organizations, or the Nation through an information system via unauthorized access,destruction, disclosure, modification of information, and/or denial of service. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series]</ref>}} <br /> |
<br /> | <br /> | ||
| Line 53: | Line 56: | ||
=== Standard Definitions === | === Standard Definitions === | ||
==== ISO/PAS 22399:2007 ==== | ==== ISO/PAS 22399:2007 ==== | ||
| − | {{definition|Potential cause of an unwanted [[incident]], which may result in [[harm]] to individuals, a [[system]] or organization, the environment or the community <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=50295 ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management.]</ref> | + | {{definition|Potential cause of an unwanted [[incident]], which may result in [[harm]] to individuals, a [[system]] or organization, the environment or the community. <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=50295 ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management.]</ref>}} |
==== ISO/IEC 27000:2014 ==== | ==== ISO/IEC 27000:2014 ==== | ||
| − | {{definition|Potential cause of an unwanted [[incident]], which may result in harm to a [[system]] or organization <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> | + | {{definition|Potential cause of an unwanted [[incident]], which may result in [[harm]] to a [[system]] or organization. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}} |
<br /> | <br /> | ||
Revision as of 00:12, 25 May 2015
The definitions of "Threat" and "Hazard" are very similar, so maybe the terms do not need to be distinguished. A CI-specific usage example for the above terms can be found on the "Hazard" entry.
Contents
Definitions
European Definitions
Any indication, circumstance, or event with the potential to disrupt or destroy CI, or any element thereof. [1]
The European Commission's CBRN Glossary[2] defines threat as
The likelihood of occurrence of a hazard or event with a harmful effect. In contrast to risk, a threat is not related to the impact it may cause. In the context of public health, a threat is defined as a substance, condition or event, which by its presence has the potential to rapidly harm an exposed population, sufficiently lead to a major crisis. [2]
Other International Definitions
NATO CEP / EAPC
A threat is any event that has the potential to disrupt or destroy critical infrastructure, or any element thereof. [3]
An Αll Ηazards approach to threat includes accidents, natural hazards as well as deliberate attacks.
EU Project VITA
The semantics of that definition in the context of CI is that a threat to a CI may give rise to serious consequences to critical societal functions, including the supply chain, health, safety, security, economic or social well-being of people.
National Definitions
Canada
Threat is the presence of a hazard and an exposure pathway. [5]
Threats may be natural or human-induced, either accidental or intentional.
Czech Republic
Potential cause of an unwanted incident which may result in damage to a system or organization (Potenciální příčina nechtěného incidentu, jehož výsledkem může být poškození systému nebo organizace). [6]
France
(in French) Menace: tout événement physique, phénomène ou activité humaine potentiellement préjudiciable, susceptible de provoquer des décès ou des lésions corporelles, des dégâts matériels ou immatériels, des perturbations sociales et économiques ou une détérioration de l’environnement. Pour la démarche de sécurité des secteurs d’activités d’importance vitale, les menaces seront réputées avoir un caractère malveillant ou être de nature terroriste. [7]
A non-official translation is the following:
Any physical event, phenomenon or human activities potentially harmful, that could cause death or injuries, material or immaterial damage, social and economic disruption or environmental degradation. Meant for a security approach of vital activity sectors (CI-sectors), threats will be considered as having a malicious character or as terrorist activities.
Kingdom of Saudi Arabia
Threat is an agent that exploits security vulnerabilities and risks. [8]
United Kingdom (UK)
Threat is the intent and capacity to cause loss of life or create adverse consequences to human welfare (including property and the supply of essential services and commodities), the environment or security. [9]
United States
DHS
A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property. [10]
NIST
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access,destruction, disclosure, modification of information, and/or denial of service. [11]
Other Definitions
Ontario (Canada)
Menace: personne, chose ou événement considéré comme une cause probable de préjudice ou de dommage. [13]
Standard Definitions
ISO/PAS 22399:2007
Potential cause of an unwanted incident, which may result in harm to individuals, a system or organization, the environment or the community. [14]
ISO/IEC 27000:2014
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ 2.0 2.1 European Commission's CBRN Glossary, 2012
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ EU VITA deliverable.
- ↑ [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition)
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
- ↑ Province of Ontario’s Emergency Management Glossary of Terms
- ↑ Province of Ontario’s Emergency Management Glossary of Terms
- ↑ ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management.
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
