Difference between revisions of "Vulnerability"
(→Czech Republic) |
(→Definitions) |
||
Line 10: | Line 10: | ||
==== UNISDR ==== | ==== UNISDR ==== | ||
− | {{definition|The characteristics and circumstances of a community, [[system]] or [[asset]] that make it susceptible to the damaging effects of a [[hazard]] <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref> | + | {{definition|The characteristics and circumstances of a community, [[system]] or [[asset]] that make it susceptible to the damaging effects of a [[hazard]]. <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref> }} |
<big>There are many aspects of vulnerability, arising from various physical, social, economic, and environmental factors. Examples may include poor design and construction of buildings, inadequate protection of assets, lack of public information and awareness, limited official recognition of risks and preparedness measures, and disregard for wise environmental management. | <big>There are many aspects of vulnerability, arising from various physical, social, economic, and environmental factors. Examples may include poor design and construction of buildings, inadequate protection of assets, lack of public information and awareness, limited official recognition of risks and preparedness measures, and disregard for wise environmental management. | ||
Line 28: | Line 28: | ||
==== Czech Republic ==== | ==== Czech Republic ==== | ||
− | {{definition|Vulnerability is a weak spot of an [[asset]] or control which can be made use of by a [[threat]].<ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} | + | {{definition|Vulnerability is a weak spot of an [[asset]] or control which can be made use of by a [[threat]]. <ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} |
Slabé místo aktiva nebo řízení, které může být využito hrozbou.<br /> | Slabé místo aktiva nebo řízení, které může být využito hrozbou.<br /> | ||
==== France ==== | ==== France ==== | ||
− | {{Definition|(in French) Vulnérabilité: propension d’un milieu, d’un bien ou d’une personne à subir des conséquences dommageables à la suite d’un événement. Elle ne produit pas nécessairement de dommage par elle-même <ref>[http://circulaire.legifrance.gouv.fr/pdf/2014/01/cir_37828.pdf INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J] </ref> | + | {{Definition|(in French) Vulnérabilité: propension d’un milieu, d’un bien ou d’une personne à subir des conséquences dommageables à la suite d’un événement. Elle ne produit pas nécessairement de dommage par elle-même. <ref>[http://circulaire.legifrance.gouv.fr/pdf/2014/01/cir_37828.pdf INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J] </ref>}} |
<big>Non-official translation: propensity of an environment, a good or a person to suffer from adverse [[consequence|consequences]] as a result of an [[event]]. It does not necessarily produce [[damage]] itself.</big> | <big>Non-official translation: propensity of an environment, a good or a person to suffer from adverse [[consequence|consequences]] as a result of an [[event]]. It does not necessarily produce [[damage]] itself.</big> | ||
<br /> | <br /> | ||
====Kingdom of Saudi Arabia==== | ====Kingdom of Saudi Arabia==== | ||
− | {{definition|A vulnerabiliuty is a defect or weakness in system security procedure, design, implementation, or internal control that an attacker can exploit.<ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}} | + | {{definition|A vulnerabiliuty is a defect or weakness in system security procedure, design, implementation, or internal control that an attacker can exploit. <ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}}<br /> |
− | <br /> | + | {{definition|Vulnerability is the susceptibility of individuals or a community, services or infrastructure to [[damage]] or [[harm]] arising from an [[emergency]] or other [[incident]]. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br /> |
+ | |||
==== Norway ==== | ==== Norway ==== | ||
− | {{definition|The vulnerability of a system is an expression of the weaknesses and deficiencies in the system and special circumstances increases the likelihood that [[threat]]s will materialize in a security [[Incident|incident]] (Sårbarheten til et system er et uttrykk for de svakheter og mangler som finnes i systemet og spesielle omstendigheter som øker sannsynligheten for at trusler vil materialisere seg i en sikkerhetshendelse).<ref>[http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/Norway_Cyber_Security_StrategyNO.pdf Nasjonal strategi for informasjonssikkerhet (2012)]</ref>}} | + | {{definition|The vulnerability of a system is an expression of the weaknesses and deficiencies in the system and special circumstances increases the likelihood that [[threat]]s will materialize in a security [[Incident|incident]] (Sårbarheten til et system er et uttrykk for de svakheter og mangler som finnes i systemet og spesielle omstendigheter som øker sannsynligheten for at trusler vil materialisere seg i en sikkerhetshendelse). <ref>[http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/Norway_Cyber_Security_StrategyNO.pdf Nasjonal strategi for informasjonssikkerhet (2012)]</ref>}} |
Examples of special circumstances may be size, complexity, that many actors are involved, geographical spread, frequent changes and deferred location. | Examples of special circumstances may be size, complexity, that many actors are involved, geographical spread, frequent changes and deferred location. | ||
<br /> | <br /> | ||
Line 48: | Line 49: | ||
{{definition|A physical feature or operational attribute that renders an entity open to exploitation or susceptible to a given [[hazard]] <ref> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>.}} | {{definition|A physical feature or operational attribute that renders an entity open to exploitation or susceptible to a given [[hazard]] <ref> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>.}} | ||
=====NIST===== | =====NIST===== | ||
− | {{definition|A vulnerability is a weakness in an information system, system security procedures,internal controls, or implementation that could be exploited or triggered by a [[threat]] source.<ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series]</ref>}} | + | {{definition|A vulnerability is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a [[threat]] source. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series]</ref>}} |
The document provides several definitions.<br /> | The document provides several definitions.<br /> | ||
Revision as of 00:17, 25 May 2015
Contents
Definitions
European Definitions
Other International Definitions
NATO CEP / EAPC
UNISDR
There are many aspects of vulnerability, arising from various physical, social, economic, and environmental factors. Examples may include poor design and construction of buildings, inadequate protection of assets, lack of public information and awareness, limited official recognition of risks and preparedness measures, and disregard for wise environmental management.
Vulnerability varies significantly within a community and over time. This definition identifies vulnerability as a characteristic of the element of interest (community, system or asset) which is independent of its exposure. However, in common use the word is often used more broadly to include the element’s exposure.
National Definitions
Australia
Canada
It is a measure of how well prepared and equipped a community is to minimize the impact of or cope with hazards.
Czech Republic
Slabé místo aktiva nebo řízení, které může být využito hrozbou.
France
Non-official translation: propensity of an environment, a good or a person to suffer from adverse consequences as a result of an event. It does not necessarily produce damage itself.
Kingdom of Saudi Arabia
Norway
Examples of special circumstances may be size, complexity, that many actors are involved, geographical spread, frequent changes and deferred location.
United States
DHS
NIST
The document provides several definitions.
Other Definitions
Ontario (Canada)
Standard Definition
ISO 22300:2012(en)
ISO/IEC 27000:2014
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ 4.0 4.1 Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
- ↑ Province of Ontario’s Emergency Management Glossary of Terms
- ↑ Province of Ontario’s Emergency Management Glossary of Terms
- ↑ ISO 22300:2012(en) Societal security — Terminology
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary