Difference between revisions of "Threat"
m (→NIST) |
|||
Line 43: | Line 43: | ||
A non-official translation is the following:</big> | A non-official translation is the following:</big> | ||
{{definition|Any physical event, phenomenon or human activities potentially harmful, that could cause death or injuries, material or immaterial [[damage]], social and economic disruption or environmental degradation. Meant for a security approach of vital activity sectors ([[CI]]-sectors), [[threat]]s will be considered as having a malicious character or as terrorist activities.}}<br /> | {{definition|Any physical event, phenomenon or human activities potentially harmful, that could cause death or injuries, material or immaterial [[damage]], social and economic disruption or environmental degradation. Meant for a security approach of vital activity sectors ([[CI]]-sectors), [[threat]]s will be considered as having a malicious character or as terrorist activities.}}<br /> | ||
+ | ====India==== | ||
+ | {{definition|Threats is a circumstance or [[event]] with the potential to cause [[harm]] to a system, including the destruction, unauthorised disclosure, or modification of data and/or denial of service. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}}Absolute security is impossible to achieve in practice and the quality of a given security system is relative. Within a state-model security system, security is a specific “state" to be preserved under various operations. <br /> | ||
====Kingdom of Saudi Arabia==== | ====Kingdom of Saudi Arabia==== | ||
{{definition|Threat is an agent that exploits security vulnerabilities and risks. <ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}} | {{definition|Threat is an agent that exploits security vulnerabilities and risks. <ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}} | ||
Line 87: | Line 89: | ||
[[Category:Threat]] | [[Category:Threat]] | ||
[[Category:Infrastructure]][[Category:Policy]] | [[Category:Infrastructure]][[Category:Policy]] | ||
− | {{#set:defined by=EU|defined by=NATO|defined by=ITU-T|defined by=EU project|defined by=Brazil|defined by=Canada|defined by=Czech Republic|defined by=France|defined by=Kingdom of Saudi Arabia|defined by=Norway|defined by=Republic of Trinidad & Tobago|defined by=Singapore|defined by=United Kingdom|defined by=United States|defined by=ISO|defined by=NIST}} | + | {{#set:defined by=EU|defined by=NATO|defined by=ITU-T|defined by=EU project|defined by=Brazil|defined by=Canada|defined by=Czech Republic|defined by=France|defined by=India|defined by=Kingdom of Saudi Arabia|defined by=Norway|defined by=Republic of Trinidad & Tobago|defined by=Singapore|defined by=United Kingdom|defined by=United States|defined by=ISO|defined by=NIST}} |
Revision as of 02:06, 28 June 2015
The definitions of "Threat" and "Hazard" are very similar, so maybe the terms do not need to be distinguished. A CI-specific usage example for the above terms can be found on the "Hazard" entry.
Contents
Definitions
European Definitions
The European Commission's CBRN Glossary[2] defines threat as
Other International Definitions
ITU-T
NATO CEP / EAPC
An Αll Ηazards approach to threat includes accidents, natural hazards as well as deliberate attacks.
EU Project VITA
The semantics of that definition in the context of CI is that a threat to a CI may give rise to serious consequences to critical societal functions, including the supply chain, health, safety, security, economic or social well-being of people.
National Definitions
Brazil
Threat is the cause potential of an undesired incident which may result in harm to a system or organisation.
Canada
Présence d’un danger et d’une voie d’exposition. [9] [10]
Threats may be natural or human-induced, either accidental or intentional.
Czech Republic
France
A non-official translation is the following:
India
Absolute security is impossible to achieve in practice and the quality of a given security system is relative. Within a state-model security system, security is a specific “state" to be preserved under various operations.
Kingdom of Saudi Arabia
Norway
Trusselaktør: entitet som utgjør en reell eller potensiell trussel mot et identifiserbart mål eller i en avgrenset og identifiserbar sammenheng. [16]
Republic of Trinidad & Tobago
Singapore
United Kingdom (UK)
United States
DHS
NIST
Other Definitions
Ontario (Canada)
Menace: personne, chose ou événement considéré comme une cause probable de préjudice ou de dommage. [22]
Standard Definitions
ISO/PAS 22399:2007
ISO/IEC 27000:2014
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ 2.0 2.1 European Commission's CBRN Glossary, 2012
- ↑ ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T X-800.
- ↑ Sécurité dans les télécommunications et les technologies de l’information: Aperçu des problèmes et présentation des Recommandations UIT-T existantes sur la sécurité dans les télécommunications, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ Seguridad de las telecomunicaciones y las tecnologías de la información: Exposición general de asuntos relacionados con la seguridad de las telecomunicaciones y la aplicación de las Recomendaciones vigentes del UIT-T, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ EU VITA deliverable.
- ↑ GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)
- ↑ [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
- ↑ Cyber Security Strategy for Norway (2012)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ Singapore Standard SS 540: 2008 on Business Continuity
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
- ↑ 22.0 22.1 Province of Ontario’s Emergency Management Glossary of Terms
- ↑ ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management.
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary