Difference between revisions of "Vulnerability"
(→Norway) |
|||
Line 49: | Line 49: | ||
==== United States ==== | ==== United States ==== | ||
=====DHS===== | =====DHS===== | ||
− | {{definition|A physical feature or operational attribute that renders an entity open to exploitation or susceptible to a given [[hazard]] <ref> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref> | + | {{definition|A physical feature or operational attribute that renders an entity open to exploitation or susceptible to a given [[hazard]]. <ref> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}} |
=====NIST===== | =====NIST===== | ||
{{definition|A vulnerability is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a [[threat]] source. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series]</ref>}} | {{definition|A vulnerability is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a [[threat]] source. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series]</ref>}} | ||
Line 62: | Line 62: | ||
===Standard Definition=== | ===Standard Definition=== | ||
==== ISO 22300:2012(en) ==== | ==== ISO 22300:2012(en) ==== | ||
− | {{definition|Intrinsic properties of something resulting in susceptibility to a risk source that can lead to an event with a consequence .<ref>ISO 22300:2012(en) Societal security — Terminology</ref>}} | + | {{definition|Intrinsic properties of something resulting in susceptibility to a risk source that can lead to an event with a consequence. <ref>ISO 22300:2012(en) Societal security — Terminology</ref>}} |
==== ISO/IEC 27000:2014 ==== | ==== ISO/IEC 27000:2014 ==== | ||
− | {{definition|Weakness of an [[asset]] or [[control]] that can be exploited by one or more [[threat|threats]] <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> | + | {{definition|Weakness of an [[asset]] or [[control]] that can be exploited by one or more [[threat|threats]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>}} |
==See also== | ==See also== | ||
Line 82: | Line 82: | ||
[[Category:Risk]] | [[Category:Risk]] | ||
+ | [[Category:Infrastructure]][[Category:Policy]] | ||
+ | {{#set:defined by=EU|defined by=NATO|defined by=UNISDR|defined by=Australia|defined by=Canada|defined by=Czech Republic|defined by=France|defined by=Kingdom of Saudi Arabia|defined by=Norway|defined by=Republic of Trinidad & Tobago|defined by=United States|defined by=NIST|defined by=Ontario}} |
Revision as of 01:14, 13 June 2015
Contents
Definitions
European Definitions
Other International Definitions
NATO CEP / EAPC
UNISDR
There are many aspects of vulnerability, arising from various physical, social, economic, and environmental factors. Examples may include poor design and construction of buildings, inadequate protection of assets, lack of public information and awareness, limited official recognition of risks and preparedness measures, and disregard for wise environmental management.
Vulnerability varies significantly within a community and over time. This definition identifies vulnerability as a characteristic of the element of interest (community, system or asset) which is independent of its exposure. However, in common use the word is often used more broadly to include the element’s exposure.
National Definitions
Australia
Canada
Condition ou ensemble de conditions résultant de facteurs ou de processus physiques, sociaux, économiques et environnementaux qui prédispose une collectivité à subir les effets néfastes des aléas. [5] [6]
It is a measure of how well prepared and equipped a community is to minimize the impact of or cope with hazards.
Czech Republic
Slabé místo aktiva nebo řízení, které může být využito hrozbou.
France
Non-official translation: propensity of an environment, a good or a person to suffer from adverse consequences as a result of an event. It does not necessarily produce damage itself.
Kingdom of Saudi Arabia
Norway
Examples of special circumstances may be size, complexity, that many actors are involved, geographical spread, frequent changes and deferred location.
Republic of Trinidad & Tobago
United States
DHS
NIST
The document provides several definitions.
Other Definitions
Ontario (Canada)
Standard Definition
ISO 22300:2012(en)
ISO/IEC 27000:2014
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ 4.0 4.1 Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
- ↑ 15.0 15.1 Province of Ontario’s Emergency Management Glossary of Terms
- ↑ ISO 22300:2012(en) Societal security — Terminology
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary