Difference between revisions of "Threat"
(→Japan) |
|||
Line 29: | Line 29: | ||
==== [[Albania]] ==== | ==== [[Albania]] ==== | ||
{{definition|Kërcënim/sulm kibernetik (threat/cyber attack) – konsiderohet çdo përpjekje e drejtuar/qëllimshme për të marrë akses, manipuluar, ndërhyrë ose dëmtuar integritetin, konfidencialitetin, sigurinë dhe/ose disponibilitetin e të dhënave, të një aplikimi ose të të dhënave të sistemit kompjuterik, pa patur autoritet ligjor për ta bërë këtë. <ref>[http://www.cirt.gov.al/images/dokumenta/Dokumenti%20i%20Politikave%20per%20Sigurine%20Kibernetike%202015-2017.pdf Dokumenti i Politikave për Sigurinë Kibernetike 2015 - 2017]</ref>}} | {{definition|Kërcënim/sulm kibernetik (threat/cyber attack) – konsiderohet çdo përpjekje e drejtuar/qëllimshme për të marrë akses, manipuluar, ndërhyrë ose dëmtuar integritetin, konfidencialitetin, sigurinë dhe/ose disponibilitetin e të dhënave, të një aplikimi ose të të dhënave të sistemit kompjuterik, pa patur autoritet ligjor për ta bërë këtë. <ref>[http://www.cirt.gov.al/images/dokumenta/Dokumenti%20i%20Politikave%20per%20Sigurine%20Kibernetike%202015-2017.pdf Dokumenti i Politikave për Sigurinë Kibernetike 2015 - 2017]</ref>}} | ||
− | <br /> | + | <br /><br/> |
− | + | ==== [[Argentina]] ==== | |
+ | {{definition|Amenaza: Una causa potencial de un [[Incident|incidente]] no deseado, el cual puede ocasionar daños a un sistema u organización. | ||
+ | <ref>[http://servicios.infoleg.gob.ar/infolegInternet/anexos/215000-219999/219163/norma.htm Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)]</ref>}}<br/><br/> | ||
==== [[Brazil]] ==== | ==== [[Brazil]] ==== | ||
− | {{definition| Ameaça: causa potencial de um incidente indesejado, que pode resultar em dano para um sistema ou organização. <ref>[http://www.biblioteca.presidencia.gov.br/publicacoes-oficiais-1/catalogo/orgao-essenciais/gabinete-de-seguranca-institucional/guia-de-referencia-para-seguranca-de-infraestruturas-criticas-da-informacao/at_download/file GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)]</ref><br /><br/>Threat is the cause potential of an undesired [[incident]] which may result in [[harm]] to a system or organisation.}} <br /> | + | {{definition| Ameaça: causa potencial de um incidente indesejado, que pode resultar em dano para um sistema ou organização. <ref>[http://www.biblioteca.presidencia.gov.br/publicacoes-oficiais-1/catalogo/orgao-essenciais/gabinete-de-seguranca-institucional/guia-de-referencia-para-seguranca-de-infraestruturas-criticas-da-informacao/at_download/file GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)]</ref><br /><br/>Threat is the cause potential of an undesired [[incident]] which may result in [[harm]] to a system or organisation.}} <br /><br/> |
==== [[Canada]] ==== | ==== [[Canada]] ==== | ||
Line 41: | Line 43: | ||
==== [[Colombia]] ==== | ==== [[Colombia]] ==== | ||
{{definition|Amenaza: Violación potencial de la seguridad (Potential violation of safety) <ref>[https://www.unodc.org/res/cld/lessons-learned/col/lineamientos-de-politica-para-ciberseguridad-y-ciberdefensa_html/Lineamientos_de_politica_para_ciberseguridad_y_ciberdefensa.pdf Lineamientos de política para ciberseguridad y ciberdefensa (2011)]</ref><br/><br/>Amenaza informática: La aparición de una situación potencial o actual donde un agente tiene la capacidad de generar una agresión cibernética contra la población, el territorio y la organización política del Estado (Ministerio de Defensa de Colombia)}} | {{definition|Amenaza: Violación potencial de la seguridad (Potential violation of safety) <ref>[https://www.unodc.org/res/cld/lessons-learned/col/lineamientos-de-politica-para-ciberseguridad-y-ciberdefensa_html/Lineamientos_de_politica_para_ciberseguridad_y_ciberdefensa.pdf Lineamientos de política para ciberseguridad y ciberdefensa (2011)]</ref><br/><br/>Amenaza informática: La aparición de una situación potencial o actual donde un agente tiene la capacidad de generar una agresión cibernética contra la población, el territorio y la organización política del Estado (Ministerio de Defensa de Colombia)}} | ||
− | <br /> | + | <br /><br/> |
====[[Czech Republic]]==== | ====[[Czech Republic]]==== | ||
{{definition|Potenciální příčina nechtěného incidentu, jehož výsledkem může být poškození systému nebo organizace. <ref>[http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)]</ref> <br/><br/>Potential cause of an unwanted incident which may result in damage to a system or organization. <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}} | {{definition|Potenciální příčina nechtěného incidentu, jehož výsledkem může být poškození systému nebo organizace. <ref>[http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)]</ref> <br/><br/>Potential cause of an unwanted incident which may result in damage to a system or organization. <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}} | ||
− | <br /> | + | <br /><br/> |
====[[Finland]]==== | ====[[Finland]]==== | ||
− | {{definition|Uhka: mahdollisesti toteutuva haitallinen tapahtuma tai kehityskulku.<br/><br/>Threat is possibly realising adverse [[event]] or development. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /> | + | {{definition|Uhka: mahdollisesti toteutuva haitallinen tapahtuma tai kehityskulku.<br/><br/>Threat is possibly realising adverse [[event]] or development. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /><be/> |
==== [[France]] ==== | ==== [[France]] ==== | ||
{{definition|(in French) Menace: tout événement physique, phénomène ou activité humaine potentiellement préjudiciable, susceptible de provoquer des décès ou des lésions corporelles, des dégâts matériels ou immatériels, des perturbations sociales et économiques ou une détérioration de l’environnement. Pour la démarche de sécurité des secteurs d’activités d’importance vitale, les menaces seront réputées avoir un caractère malveillant ou être de nature terroriste. <ref>[http://circulaire.legifrance.gouv.fr/pdf/2014/01/cir_37828.pdf INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J] </ref>}} | {{definition|(in French) Menace: tout événement physique, phénomène ou activité humaine potentiellement préjudiciable, susceptible de provoquer des décès ou des lésions corporelles, des dégâts matériels ou immatériels, des perturbations sociales et économiques ou une détérioration de l’environnement. Pour la démarche de sécurité des secteurs d’activités d’importance vitale, les menaces seront réputées avoir un caractère malveillant ou être de nature terroriste. <ref>[http://circulaire.legifrance.gouv.fr/pdf/2014/01/cir_37828.pdf INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J] </ref>}} | ||
<big> | <big> | ||
A non-official translation is the following:</big> | A non-official translation is the following:</big> | ||
− | {{definition|Any physical event, phenomenon or human activities potentially harmful, that could cause death or injuries, material or immaterial [[damage]], social and economic disruption or environmental degradation. Meant for a security approach of vital activity sectors ([[CI]]-sectors), [[threat]]s will be considered as having a malicious character or as terrorist activities.}}<br /> | + | {{definition|Any physical event, phenomenon or human activities potentially harmful, that could cause death or injuries, material or immaterial [[damage]], social and economic disruption or environmental degradation. Meant for a security approach of vital activity sectors ([[CI]]-sectors), [[threat]]s will be considered as having a malicious character or as terrorist activities.}}<br /><br/> |
==== [[Germany]] ==== | ==== [[Germany]] ==== | ||
− | {{definition|Eine Bedrohung ist ganz allgemein ein Umstand oder Ereignis, durch den oder das ein Schaden entstehen kann. <ref>[https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKataloge/Inhalt/Glossar/glossar_node.html Glossar und Begriffsdefinitionen BSI]</ref>}} Der Schaden bezieht sich dabei auf einen konkreten Wert wie Vermögen, Wissen, Gegenstände oder Gesundheit. Übertragen in die Welt der Informationstechnik ist eine Bedrohung ein Umstand oder Ereignis, der oder das die Verfügbarkeit, Integrität oder Vertraulichkeit von Informationen beeinträchtigen kann, wodurch dem Besitzer bzw. Benutzer der Informationen ein Schaden entstehen kann. Beispiele für Bedrohungen sind höhere Gewalt, menschliche Fehlhandlungen, technisches Versagen oder vorsätzliche Handlungen. Trifft eine Bedrohung auf eine Schwachstelle (insbesondere technische oder organisatorische Mängel), so entsteht eine Gefährdung.<br/> | + | {{definition|Eine Bedrohung ist ganz allgemein ein Umstand oder Ereignis, durch den oder das ein Schaden entstehen kann. <ref>[https://www.bsi.bund.de/DE/Themen/ITGrundschutz/ITGrundschutzKataloge/Inhalt/Glossar/glossar_node.html Glossar und Begriffsdefinitionen BSI]</ref>}} Der Schaden bezieht sich dabei auf einen konkreten Wert wie Vermögen, Wissen, Gegenstände oder Gesundheit. Übertragen in die Welt der Informationstechnik ist eine Bedrohung ein Umstand oder Ereignis, der oder das die Verfügbarkeit, Integrität oder Vertraulichkeit von Informationen beeinträchtigen kann, wodurch dem Besitzer bzw. Benutzer der Informationen ein Schaden entstehen kann. Beispiele für Bedrohungen sind höhere Gewalt, menschliche Fehlhandlungen, technisches Versagen oder vorsätzliche Handlungen. Trifft eine Bedrohung auf eine Schwachstelle (insbesondere technische oder organisatorische Mängel), so entsteht eine Gefährdung.<br/><br/> |
====[[India]]==== | ====[[India]]==== | ||
− | {{definition|Threat is a circumstance or [[event]] with the potential to cause [[harm]] to a system, including the destruction, unauthorised disclosure, or modification of data and/or denial of service. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /> | + | {{definition|Threat is a circumstance or [[event]] with the potential to cause [[harm]] to a system, including the destruction, unauthorised disclosure, or modification of data and/or denial of service. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /><br/> |
==== [[Japan]] ==== | ==== [[Japan]] ==== | ||
− | {{definition|脅威: セキュリティの侵害についての潜在的可能性。これは、セキュリティを侵害し、加害をもたらす可能性がある状況、能力、行為もしくはイベントがあるとき存在する. <br/><br/>(Cyber) Threat is a potential for violation of [[security]], which exists when there is a circumstance, [[capability]], action, or [[event]] that could breach security and cause [[harm]]. <ref>[http://www.ipa.go.jp/security/rfc/RFC2828EN.html RFC2828 (Japanese translation)]</ref>}}<br/> | + | {{definition|脅威: セキュリティの侵害についての潜在的可能性。これは、セキュリティを侵害し、加害をもたらす可能性がある状況、能力、行為もしくはイベントがあるとき存在する. <br/><br/>(Cyber) Threat is a potential for violation of [[security]], which exists when there is a circumstance, [[capability]], action, or [[event]] that could breach security and cause [[harm]]. <ref>[http://www.ipa.go.jp/security/rfc/RFC2828EN.html RFC2828 (Japanese translation)]</ref>}}<br/><br/> |
====[[Kingdom of Saudi Arabia]]==== | ====[[Kingdom of Saudi Arabia]]==== | ||
{{definition|Threat is an agent that exploits security vulnerabilities and risks. <ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}} | {{definition|Threat is an agent that exploits security vulnerabilities and risks. <ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}} | ||
− | <br /> | + | <br /><br/> |
==== [[Netherlands]]==== | ==== [[Netherlands]]==== | ||
− | {{definition|A threat is an [[event]] or a process which potentially can lead to an [[incident]].<br/><br/>Een gebeurtenis of een proces die in potentie tot een incident kan leiden. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref><br/><br/>Het hogere doel (intentie) kan zijn het verstevigen van de concurrentiepositie; politiek/landelijk gewin, maatschappelijke ontwrichting of levensbedreiging. <ref>[https://www.ncsc.nl/binaries/content/documents/ncsc-nl/actueel/cybersecuritybeeld-nederland/cybersecuritybeeld-nederland-5/1/CSBN5.pdf NCSC, Cyber Security Beeld Nederland 5 (2015)]</ref>}}<br /> | + | {{definition|A threat is an [[event]] or a process which potentially can lead to an [[incident]].<br/><br/>Een gebeurtenis of een proces die in potentie tot een incident kan leiden. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref><br/><br/>Het hogere doel (intentie) kan zijn het verstevigen van de concurrentiepositie; politiek/landelijk gewin, maatschappelijke ontwrichting of levensbedreiging. <ref>[https://www.ncsc.nl/binaries/content/documents/ncsc-nl/actueel/cybersecuritybeeld-nederland/cybersecuritybeeld-nederland-5/1/CSBN5.pdf NCSC, Cyber Security Beeld Nederland 5 (2015)]</ref>}}<br /><br/> |
==== [[Norway]] ==== | ==== [[Norway]] ==== | ||
− | {{definition|Trusselaktør: entitet som utgjør en reell eller potensiell trussel mot et identifiserbart mål eller i en avgrenset og identifiserbar sammenheng. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/nasjonal_strategi_infosikkerhet.pdf Nasjonal strategi for informasjonssikkerhet (2012)]</ref><br /><br/>Threat: an entity that constitutes a real or potential threat to an identifiable goal or in a limited and identifiable context. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/cyber_security_strategy_norway.pdf Cyber Security Strategy for Norway (2012)]</ref>}}<br /> | + | {{definition|Trusselaktør: entitet som utgjør en reell eller potensiell trussel mot et identifiserbart mål eller i en avgrenset og identifiserbar sammenheng. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/nasjonal_strategi_infosikkerhet.pdf Nasjonal strategi for informasjonssikkerhet (2012)]</ref><br /><br/>Threat: an entity that constitutes a real or potential threat to an identifiable goal or in a limited and identifiable context. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/cyber_security_strategy_norway.pdf Cyber Security Strategy for Norway (2012)]</ref>}}<br /><br/> |
==== [[Philippines]] ==== | ==== [[Philippines]] ==== | ||
− | {{definition|Cyber threats are [[Event|events]], situations and conditions that tend to reduce, degrade and destroy digital infrastructures. <ref>[https://www.itu.int/en/ITU-D/Cybersecurity/Documents/National_Strategies_Repository/Philippine_2005_National%20Cyber%20Security%20Plan%202005.pdf Philippine National Cyber Security Plan 2005]</ref>}}<br /> | + | {{definition|Cyber threats are [[Event|events]], situations and conditions that tend to reduce, degrade and destroy digital infrastructures. <ref>[https://www.itu.int/en/ITU-D/Cybersecurity/Documents/National_Strategies_Repository/Philippine_2005_National%20Cyber%20Security%20Plan%202005.pdf Philippine National Cyber Security Plan 2005]</ref>}}<br /><br/> |
==== [[Republic of Trinidad & Tobago]] ==== | ==== [[Republic of Trinidad & Tobago]] ==== | ||
− | {{definition|A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property. <ref>[http://www.odpm.gov.tt/sites/default/files/Comprehensive%20Disaster%20Management%20Policy%20Framework%20for%20Trinidad%20and%20Tobago.pdf Comprehensive Disaster Management Policy Framework for Trinidad and Tobago]</ref>}}<br /> | + | {{definition|A natural or manmade occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property. <ref>[http://www.odpm.gov.tt/sites/default/files/Comprehensive%20Disaster%20Management%20Policy%20Framework%20for%20Trinidad%20and%20Tobago.pdf Comprehensive Disaster Management Policy Framework for Trinidad and Tobago]</ref>}}<br /><br/> |
====[[Singapore]]==== | ====[[Singapore]]==== | ||
− | {{definition|A man-made or natural situation or condition that can cause disruption to an organization’s operations or services. <ref>Singapore Standard SS 540: 2008 on Business Continuity</ref>}}<br /> | + | {{definition|A man-made or natural situation or condition that can cause disruption to an organization’s operations or services. <ref>Singapore Standard SS 540: 2008 on Business Continuity</ref>}}<br /><br/> |
==== [[Switzerland]]==== | ==== [[Switzerland]]==== | ||
{{definition|Als Gefährdung wird eine konkrete Gefahr bezeichnet, die für ein konkretes Schutzgut besteht. <ref>[http://www.bevoelkerungsschutz.admin.ch/internet/bs/de/home/themen/ski/leitfaden.parsysrelated1.85483.DownloadFile.tmp/leitfadenski2015de.pdf Leitfaden Schutz kritischer Infrastrukturen 2015]</ref>}} | {{definition|Als Gefährdung wird eine konkrete Gefahr bezeichnet, die für ein konkretes Schutzgut besteht. <ref>[http://www.bevoelkerungsschutz.admin.ch/internet/bs/de/home/themen/ski/leitfaden.parsysrelated1.85483.DownloadFile.tmp/leitfadenski2015de.pdf Leitfaden Schutz kritischer Infrastrukturen 2015]</ref>}} | ||
− | Die Gefährdung entspricht daher einem potentiellen Ereignis oder einer potentiellen Entwicklung mit möglichen Auswirkungen für ein Schutzgut.<br/> | + | Die Gefährdung entspricht daher einem potentiellen Ereignis oder einer potentiellen Entwicklung mit möglichen Auswirkungen für ein Schutzgut.<br/><br/> |
==== [[Turkey]]==== | ==== [[Turkey]]==== | ||
− | {{definition|Tehdit: Bir kurumun veya sistemin zarar görmesi ile sonuçlanabilecek istenmeyen bir olayın potansiyel nedenini <ref>[http://www.udhb.gov.tr/doc/siberg/2016-2019guvenlik.pdf 2016-2019 UlUSAL SİBER GÜVENLİk STRATEJİSİ (National Cyber Security Strategy 2016-2019, Sept. 2016)]</ref>}}<br/> | + | {{definition|Tehdit: Bir kurumun veya sistemin zarar görmesi ile sonuçlanabilecek istenmeyen bir olayın potansiyel nedenini <ref>[http://www.udhb.gov.tr/doc/siberg/2016-2019guvenlik.pdf 2016-2019 UlUSAL SİBER GÜVENLİk STRATEJİSİ (National Cyber Security Strategy 2016-2019, Sept. 2016)]</ref>}}<br/><br/> |
====[[United Kingdom|United Kingdom (UK)]]==== | ====[[United Kingdom|United Kingdom (UK)]]==== | ||
− | {{definition|Threat is the intent and capacity to cause loss of life or create adverse [[consequence]]s to human welfare (including property and the supply of [[Vital Services|essential services]] and commodities), the environment or [[security]]. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br /> | + | {{definition|Threat is the intent and capacity to cause loss of life or create adverse [[consequence]]s to human welfare (including property and the supply of [[Vital Services|essential services]] and commodities), the environment or [[security]]. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br /><br/> |
==== [[United States]] ==== | ==== [[United States]] ==== | ||
Line 96: | Line 98: | ||
{{definition|'''Advanced Persistent Threat''' (APT): An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). <ref>[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)]</ref>}} | {{definition|'''Advanced Persistent Threat''' (APT): An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). <ref>[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)]</ref>}} | ||
These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives. | These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives. | ||
− | <br/> | + | <br/><br/> |
==== [[Uruguay]]==== | ==== [[Uruguay]]==== | ||
Line 130: | Line 132: | ||
[[Category:Threat]] | [[Category:Threat]] | ||
[[Category:Infrastructure]][[Category:Policy]] | [[Category:Infrastructure]][[Category:Policy]] | ||
− | {{#set:defined by=EU|defined by=ENISA|defined by=NATO|defined by=ITU-T|defined by=EU project|defined by=Albania|defined by=Brazil|defined by=Canada|defined by=Colombia|defined by=Czech Republic|defined by=Finland|defined by=France|defined by=Germany|defined by=India|defined by=Japan|defined by=Kingdom of Saudi Arabia|defined by=Netherlands|defined by=Norway|defined by=Philippines|defined by=Republic of Trinidad & Tobago|defined by=Singapore|defined by=Switzerland|defined by=Turkey|defined by=United Kingdom|defined by=United States|defined by=Uruguay|defined by=ISO|defined by=NIST|defined by=IETF}} | + | {{#set:defined by=EU|defined by=ENISA|defined by=NATO|defined by=ITU-T|defined by=EU project|defined by=Albania|defined by=Argentina|defined by=Brazil|defined by=Canada|defined by=Colombia|defined by=Czech Republic|defined by=Finland|defined by=France|defined by=Germany|defined by=India|defined by=Japan|defined by=Kingdom of Saudi Arabia|defined by=Netherlands|defined by=Norway|defined by=Philippines|defined by=Republic of Trinidad & Tobago|defined by=Singapore|defined by=Switzerland|defined by=Turkey|defined by=United Kingdom|defined by=United States|defined by=Uruguay|defined by=ISO|defined by=NIST|defined by=IETF}} |
Revision as of 01:01, 2 December 2016
The definitions of "Threat" and "Hazard" are very similar, so maybe the terms do not need to be distinguished. A CI-specific usage example for the above terms can be found on the "Hazard" entry.
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 Other International Definitions
- 1.3 National Definitions
- 1.3.1 Albania
- 1.3.2 Argentina
- 1.3.3 Brazil
- 1.3.4 Canada
- 1.3.5 Colombia
- 1.3.6 Czech Republic
- 1.3.7 Finland
- 1.3.8 France
- 1.3.9 Germany
- 1.3.10 India
- 1.3.11 Japan
- 1.3.12 Kingdom of Saudi Arabia
- 1.3.13 Netherlands
- 1.3.14 Norway
- 1.3.15 Philippines
- 1.3.16 Republic of Trinidad & Tobago
- 1.3.17 Singapore
- 1.3.18 Switzerland
- 1.3.19 Turkey
- 1.3.20 United Kingdom (UK)
- 1.3.21 United States
- 1.3.22 Uruguay
- 1.4 Other Definitions
- 1.5 Standard Definitions
- 2 See also
- 3 Notes
Definitions
European Definitions
The European Commission's CBRN Glossary[2] defines threat as
ENISA
Other International Definitions
ITU-T
NATO CEP / EAPC
An all hazards approach to threat includes accidents, natural hazards as well as deliberate attacks.
EU Project VITA
The semantics of that definition in the context of CI is that a threat to a CI may give rise to serious consequences to critical societal functions, including the supply chain, health, safety, security, economic or social well-being of people.
National Definitions
Albania
Argentina
Amenaza: Una causa potencial de un incidente no deseado, el cual puede ocasionar daños a un sistema u organización.[10]
Brazil
Threat is the cause potential of an undesired incident which may result in harm to a system or organisation.
Canada
Présence d’un danger et d’une voie d’exposition. [12] [13]
Threats may be natural or human-induced, either accidental or intentional.
Colombia
Amenaza informática: La aparición de una situación potencial o actual donde un agente tiene la capacidad de generar una agresión cibernética contra la población, el territorio y la organización política del Estado (Ministerio de Defensa de Colombia)
Czech Republic
Potential cause of an unwanted incident which may result in damage to a system or organization. [16]
Finland
Threat is possibly realising adverse event or development. -unofficial translation- [17]
<be/>
France
A non-official translation is the following:
Germany
Der Schaden bezieht sich dabei auf einen konkreten Wert wie Vermögen, Wissen, Gegenstände oder Gesundheit. Übertragen in die Welt der Informationstechnik ist eine Bedrohung ein Umstand oder Ereignis, der oder das die Verfügbarkeit, Integrität oder Vertraulichkeit von Informationen beeinträchtigen kann, wodurch dem Besitzer bzw. Benutzer der Informationen ein Schaden entstehen kann. Beispiele für Bedrohungen sind höhere Gewalt, menschliche Fehlhandlungen, technisches Versagen oder vorsätzliche Handlungen. Trifft eine Bedrohung auf eine Schwachstelle (insbesondere technische oder organisatorische Mängel), so entsteht eine Gefährdung.
India
Japan
(Cyber) Threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. [21]
Kingdom of Saudi Arabia
Netherlands
Een gebeurtenis of een proces die in potentie tot een incident kan leiden. [23]
Het hogere doel (intentie) kan zijn het verstevigen van de concurrentiepositie; politiek/landelijk gewin, maatschappelijke ontwrichting of levensbedreiging. [24]
Norway
Threat: an entity that constitutes a real or potential threat to an identifiable goal or in a limited and identifiable context. [26]
Philippines
Republic of Trinidad & Tobago
Singapore
Switzerland
Die Gefährdung entspricht daher einem potentiellen Ereignis oder einer potentiellen Entwicklung mit möglichen Auswirkungen für ein Schutzgut.
Turkey
United Kingdom (UK)
United States
DHS
NIST
These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives.
Uruguay
Other Definitions
Ontario (Canada)
Menace: personne, chose ou événement considéré comme une cause probable de préjudice ou de dommage. [37]
Standard Definitions
IETF
ISO/PAS 22399:2007
ISO/IEC 27000:2014
ISO 22300:2012(en)
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ 2.0 2.1 European Commission's CBRN Glossary, 2012
- ↑ ENISA Risk Glossary
- ↑ ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T X-800.
- ↑ Sécurité dans les télécommunications et les technologies de l’information: Aperçu des problèmes et présentation des Recommandations UIT-T existantes sur la sécurité dans les télécommunications, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ Seguridad de las telecomunicaciones y las tecnologías de la información: Exposición general de asuntos relacionados con la seguridad de las telecomunicaciones y la aplicación de las Recomendaciones vigentes del UIT-T, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ EU VITA deliverable.
- ↑ Dokumenti i Politikave për Sigurinë Kibernetike 2015 - 2017
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)
- ↑ An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Lineamientos de política para ciberseguridad y ciberdefensa (2011)
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ Glossar und Begriffsdefinitionen BSI
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ RFC2828 (Japanese translation)
- ↑ Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ NCSC, Cyber Security Beeld Nederland 5 (2015)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Cyber Security Strategy for Norway (2012)
- ↑ Philippine National Cyber Security Plan 2005
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ Singapore Standard SS 540: 2008 on Business Continuity
- ↑ Leitfaden Schutz kritischer Infrastrukturen 2015
- ↑ 2016-2019 UlUSAL SİBER GÜVENLİk STRATEJİSİ (National Cyber Security Strategy 2016-2019, Sept. 2016)
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- ↑ Glossary CERTuy
- ↑ 37.0 37.1 Province of Ontario’s Emergency Management Glossary of Terms
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management.
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO 22300:2012(en) Societal security — Terminology