Difference between revisions of "Vulnerability"
Jump to navigation
Jump to search
(→Norway) |
|||
| Line 44: | Line 44: | ||
{{definition|A vulnerabiliuty is a defect or weakness in system security procedure, design, implementation, or internal control that an attacker can exploit. <ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}}<br /> | {{definition|A vulnerabiliuty is a defect or weakness in system security procedure, design, implementation, or internal control that an attacker can exploit. <ref>[http://www.mcit.gov.sa/Ar/MediaCenter/PubReqDocuments/NISS_Draft_7_EN.pdf Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7]</ref>}}<br /> | ||
{{definition|Vulnerability is the susceptibility of individuals or a community, services or infrastructure to [[damage]] or [[harm]] arising from an [[emergency]] or other [[incident]]. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br /> | {{definition|Vulnerability is the susceptibility of individuals or a community, services or infrastructure to [[damage]] or [[harm]] arising from an [[emergency]] or other [[incident]]. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br /> | ||
| − | |||
| − | |||
==== Norway ==== | ==== Norway ==== | ||
{{definition|Vulnerability: (1) The challenges a system will have to face to function when subjected to an adverse [[event]], and challenges related to resuming normal system operation after the event has occurred. (2) The vulnerability of a system is an expression of its weaknesses and flaws and special circumstances that would increase the likelihood that [[threat|threats]] will materialise into a security incident. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/cyber_security_strategy_norway.pdf Cyber Security Strategy for Norway (2012)]</ref><br /><br />Sårbarhet: (1) Et uttrykk for de problemer et system vil få med å fungere når det utsettes for en uønsket hendelse, og de problemer systemet får med å gjenoppta sin virksomhet etter at hendelsen har inntruffet. (2) Sårbarheten til et system er et uttrykk for de svakheter og mangler som finnes i systemet og spesielle omstendigheter som øker sannsynligheten for at trusler vil materialisere seg i en sikkerhetshendelse. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/nasjonal_strategi_infosikkerhet.pdf Nasjonal strategi for informasjonssikkerhet (2012)]</ref>}}<br />A system’s vulnerability is reduced by increasing the system’s robustness. Examples of special circumstances can include size, complexity, that many stakeholders are involved, geographical distribution, frequent changes, and exposed location. | {{definition|Vulnerability: (1) The challenges a system will have to face to function when subjected to an adverse [[event]], and challenges related to resuming normal system operation after the event has occurred. (2) The vulnerability of a system is an expression of its weaknesses and flaws and special circumstances that would increase the likelihood that [[threat|threats]] will materialise into a security incident. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/cyber_security_strategy_norway.pdf Cyber Security Strategy for Norway (2012)]</ref><br /><br />Sårbarhet: (1) Et uttrykk for de problemer et system vil få med å fungere når det utsettes for en uønsket hendelse, og de problemer systemet får med å gjenoppta sin virksomhet etter at hendelsen har inntruffet. (2) Sårbarheten til et system er et uttrykk for de svakheter og mangler som finnes i systemet og spesielle omstendigheter som øker sannsynligheten for at trusler vil materialisere seg i en sikkerhetshendelse. <ref>[https://www.regjeringen.no/globalassets/upload/fad/vedlegg/ikt-politikk/nasjonal_strategi_infosikkerhet.pdf Nasjonal strategi for informasjonssikkerhet (2012)]</ref>}}<br />A system’s vulnerability is reduced by increasing the system’s robustness. Examples of special circumstances can include size, complexity, that many stakeholders are involved, geographical distribution, frequent changes, and exposed location. | ||
Revision as of 17:11, 15 June 2015
Contents
Definitions
European Definitions
A characteristic of an element of the CI’s design, implementation, or operation that renders it susceptible to disruption or destruction by a threat and includes dependencies on other types of infrastructure. [1]
Other International Definitions
ITU-T
Any weakness that could be exploited to violate a system or the information it contains. [2]
Vulnérabilité: Toute faiblesse qui pourrait être exploitée pour violer un système ou les informations qu'il contient. [3]
Vulnerabilidad: Cualquier debilidad que podría explotarse con el fin de violar un sistema o la información que contiene. [4]
NATO CEP / EAPC
A characteristic of an element of the critical infrastructure’s design, implementation, or operation that renders it susceptible to destruction or incapacitation by a threat. [5]
UNISDR
The characteristics and circumstances of a community, system or asset that make it susceptible to the damaging effects of a hazard. [6]
There are many aspects of vulnerability, arising from various physical, social, economic, and environmental factors. Examples may include poor design and construction of buildings, inadequate protection of assets, lack of public information and awareness, limited official recognition of risks and preparedness measures, and disregard for wise environmental management.
Vulnerability varies significantly within a community and over time. This definition identifies vulnerability as a characteristic of the element of interest (community, system or asset) which is independent of its exposure. However, in common use the word is often used more broadly to include the element’s exposure.
National Definitions
Australia
Vulnerability is the degree of susceptibility and resilience of the community and environment to hazards. [7]
Vulnerability is the degree of loss to a given element at risk or set of such elements resulting from the occurrence of a phenomenon of a given magnitude and expressed on a scale of 0 (no damage) to 1 (total loss). [7]
Canada
Vulnerability is the conditions determined by physical, social, economic and environmental factors or processes, which increase the susceptibility of a community to the impact of hazards.
Condition ou ensemble de conditions résultant de facteurs ou de processus physiques, sociaux, économiques et environnementaux qui prédispose une collectivité à subir les effets néfastes des aléas. [8] [9]
Condition ou ensemble de conditions résultant de facteurs ou de processus physiques, sociaux, économiques et environnementaux qui prédispose une collectivité à subir les effets néfastes des aléas. [8] [9]
It is a measure of how well prepared and equipped a community is to minimize the impact of or cope with hazards.
Czech Republic
Slabé místo aktiva nebo řízení, které může být využito hrozbou.
France
(in French) Vulnérabilité: propension d’un milieu, d’un bien ou d’une personne à subir des conséquences dommageables à la suite d’un événement. Elle ne produit pas nécessairement de dommage par elle-même. [11]
Non-official translation: propensity of an environment, a good or a person to suffer from adverse consequences as a result of an event. It does not necessarily produce damage itself.
Kingdom of Saudi Arabia
A vulnerabiliuty is a defect or weakness in system security procedure, design, implementation, or internal control that an attacker can exploit. [12]
Vulnerability is the susceptibility of individuals or a community, services or infrastructure to damage or harm arising from an emergency or other incident. [13]
Norway
Vulnerability: (1) The challenges a system will have to face to function when subjected to an adverse event, and challenges related to resuming normal system operation after the event has occurred. (2) The vulnerability of a system is an expression of its weaknesses and flaws and special circumstances that would increase the likelihood that threats will materialise into a security incident. [14]
Sårbarhet: (1) Et uttrykk for de problemer et system vil få med å fungere når det utsettes for en uønsket hendelse, og de problemer systemet får med å gjenoppta sin virksomhet etter at hendelsen har inntruffet. (2) Sårbarheten til et system er et uttrykk for de svakheter og mangler som finnes i systemet og spesielle omstendigheter som øker sannsynligheten for at trusler vil materialisere seg i en sikkerhetshendelse. [15]
Sårbarhet: (1) Et uttrykk for de problemer et system vil få med å fungere når det utsettes for en uønsket hendelse, og de problemer systemet får med å gjenoppta sin virksomhet etter at hendelsen har inntruffet. (2) Sårbarheten til et system er et uttrykk for de svakheter og mangler som finnes i systemet og spesielle omstendigheter som øker sannsynligheten for at trusler vil materialisere seg i en sikkerhetshendelse. [15]
A system’s vulnerability is reduced by increasing the system’s robustness. Examples of special circumstances can include size, complexity, that many stakeholders are involved, geographical distribution, frequent changes, and exposed location.
Republic of Trinidad & Tobago
The characteristics and circumstances of a community, system or asset that make it susceptible to the damaging effects of a hazard. [16]
United States
DHS
A physical feature or operational attribute that renders an entity open to exploitation or susceptible to a given hazard. [17]
NIST
A vulnerability is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. [18]
The document provides several definitions.
Other Definitions
Ontario (Canada)
Vulnerability is the susceptibility of a community, system or asset to the damaging effects of a hazard. [19]
Vulnérabilité: susceptibilité d’une collectivité, d’un système ou d’un bien à subir les effets dommageables d’un danger. [19]
Standard Definition
ISO 22300:2012(en)
Intrinsic properties of something resulting in susceptibility to a risk source that can lead to an event with a consequence. [20]
ISO/IEC 27000:2014
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T X-800.
- ↑ Sécurité dans les télécommunications et les technologies de l’information: Aperçu des problèmes et présentation des Recommandations UIT-T existantes sur la sécurité dans les télécommunications, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ Seguridad de las telecomunicaciones y las tecnologías de la información: Exposición general de asuntos relacionados con la seguridad de las telecomunicaciones y la aplicación de las Recomendaciones vigentes del UIT-T, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ 7.0 7.1 Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ Cyber Security Strategy for Norway (2012)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
- ↑ 19.0 19.1 Province of Ontario’s Emergency Management Glossary of Terms
- ↑ ISO 22300:2012(en) Societal security — Terminology
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
