Difference between revisions of "Vulnerability"
(→Netherlands) |
|||
Line 40: | Line 40: | ||
==== [[Canada]] ==== | ==== [[Canada]] ==== | ||
− | {{definition| Vulnerability is the conditions determined by physical, social, economic and environmental factors or processes, which increase the susceptibility of a community to the impact of hazards.<br /><br />Condition ou ensemble de conditions résultant de facteurs ou de processus physiques, sociaux, économiques et environnementaux qui prédispose une collectivité à subir les effets néfastes des aléas. <ref> [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition) </ref> <ref name="canada">[http://publications.gc.ca/collections/collection_2012/tpsgc-pwgsc/S52-2-281-2012.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}} | + | {{definition| Vulnerability is the conditions determined by physical, social, economic and environmental factors or processes, which increase the susceptibility of a community to the impact of hazards.<br /><br />Condition ou ensemble de conditions résultant de facteurs ou de processus physiques, sociaux, économiques et environnementaux qui prédispose une collectivité à subir les effets néfastes des aléas. <ref>[http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition)]</ref> <ref name="canada">[http://publications.gc.ca/collections/collection_2012/tpsgc-pwgsc/S52-2-281-2012.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}} |
It is a measure of how well prepared and equipped a community is to minimize the impact of or cope with hazards.<br /> | It is a measure of how well prepared and equipped a community is to minimize the impact of or cope with hazards.<br /> | ||
==== [[Czech Republic]] ==== | ==== [[Czech Republic]] ==== | ||
− | {{definition|Zranitelnost: Slabé místo aktiva nebo řízení, které může být využito hrozbou. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref> <br/><br/>Vulnerability is a weak spot of an [[asset]] or control which can be made use of by a [[threat]]. <ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} | + | {{definition|Zranitelnost: Slabé místo aktiva nebo řízení, které může být využito hrozbou. <ref>[http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)]</ref> <br/><br/>Vulnerability is a weak spot of an [[asset]] or control which can be made use of by a [[threat]]. <ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} |
<br /> | <br /> | ||
Line 53: | Line 53: | ||
====[[India]]==== | ====[[India]]==== | ||
{{definition|A vulnerability is a weakness that could be exploited to cause [[damage]] to the system or the [[Asset|assets]] it contains. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /> | {{definition|A vulnerability is a weakness that could be exploited to cause [[damage]] to the system or the [[Asset|assets]] it contains. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /> | ||
+ | |||
==== [[Japan]] ==== | ==== [[Japan]] ==== | ||
− | {{definition|脆弱性: システムのセキュリティポリシーを侵害するように攻略される可能性がある、システムの設計/実装/運用管理における欠陥もしくは弱点. <br/><br/>(Cyber) Vulnerability is a flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. <ref>http://www.ipa.go.jp/security/rfc/RFC2828EN.html RFC2828 (Japanese translation) </ref>}}<br/> | + | {{definition|脆弱性: システムのセキュリティポリシーを侵害するように攻略される可能性がある、システムの設計/実装/運用管理における欠陥もしくは弱点. <br/><br/>(Cyber) Vulnerability is a flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. <ref>[http://www.ipa.go.jp/security/rfc/RFC2828EN.html RFC2828 (Japanese translation)] </ref>}}<br/> |
====[[Kingdom of Saudi Arabia]]==== | ====[[Kingdom of Saudi Arabia]]==== |
Revision as of 14:36, 28 September 2016
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 Other International Definitions
- 1.3 National Definitions
- 1.3.1 Australia
- 1.3.2 Brazil
- 1.3.3 Cameroon (Cameroun)
- 1.3.4 Canada
- 1.3.5 Czech Republic
- 1.3.6 France
- 1.3.7 India
- 1.3.8 Japan
- 1.3.9 Kingdom of Saudi Arabia
- 1.3.10 Luxembourg
- 1.3.11 Netherlands
- 1.3.12 Nigeria
- 1.3.13 Norway
- 1.3.14 Republic of Trinidad & Tobago
- 1.3.15 Switzerland
- 1.3.16 United Kingdom
- 1.3.17 United States
- 1.4 Other Definitions
- 1.5 Standard Definition
- 2 See also
- 3 Notes
Definitions
European Definitions
COM(2006)787
ENISA
Other International Definitions
CARICOM
ITU-T
NATO CEP / EAPC
UNISDR
There are many aspects of vulnerability, arising from various physical, social, economic, and environmental factors. Examples may include poor design and construction of buildings, inadequate protection of assets, lack of public information and awareness, limited official recognition of risks and preparedness measures, and disregard for wise environmental management.
Vulnerability varies significantly within a community and over time. This definition identifies vulnerability as a characteristic of the element of interest (community, system or asset) which is independent of its exposure. However, in common use the word is often used more broadly to include the element’s exposure.
National Definitions
Australia
Brazil
Vulnerability is the intrinsic property of something resulting in susceptibility to a source of risk that can lead to an event with a result.
Cameroon (Cameroun)
Canada
Condition ou ensemble de conditions résultant de facteurs ou de processus physiques, sociaux, économiques et environnementaux qui prédispose une collectivité à subir les effets néfastes des aléas. [12] [13]
It is a measure of how well prepared and equipped a community is to minimize the impact of or cope with hazards.
Czech Republic
Vulnerability is a weak spot of an asset or control which can be made use of by a threat. [15]
France
Non-official translation: propensity of an environment, a good or a person to suffer from adverse consequences as a result of an event. It does not necessarily produce damage itself.
India
Japan
(Cyber) Vulnerability is a flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. [18]
Kingdom of Saudi Arabia
Luxembourg
Netherlands
Nigeria
Norway
Vulnerability: (1) The challenges a system will have to face to function when subjected to an adverse event, and challenges related to resuming normal system operation after the event has occurred. (2) The vulnerability of a system is an expression of its weaknesses and flaws and special circumstances that would increase the likelihood that threats will materialise into a security incident. [25]
A system’s vulnerability is reduced by increasing the system’s robustness. Examples of special circumstances can include size, complexity, that many stakeholders are involved, geographical distribution, frequent changes, and exposed location.
Republic of Trinidad & Tobago
Switzerland
(CIIP/ICT-based definition)
United Kingdom
United States
DHS
NIST
The document provides several definitions.
DoD
1. The susceptibility of a nation or military force to any action by any means through which its war potential or combat effectiveness may be reduced or its will to fight diminished. (JP 3-01)
2. The characteristics of a system that cause it to suffer a definite degradation (incapability to perform the designated mission) as a result of having been subjected to a certain level of effects in an unnatural (man-made) hostile environment. (JP 3-60)
3. In information operations, a weakness in information system security design, procedures, implementation, or internal controls that could be exploited to gain unauthorized access to information or an information system (source: JP 3-13). [31]
Other Definitions
Ontario (Canada)
Vulnérabilité: susceptibilité d’une collectivité, d’un système ou d’un bien à subir les effets dommageables d’un danger. [32]
Standard Definition
IETF
ISO 22300:2012(en)
ISO/IEC 27000:2014
ISO/IEC 29147:2014
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ ENISA Risk Glossary
- ↑ Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
- ↑ ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T X-800.
- ↑ Sécurité dans les télécommunications et les technologies de l’information: Aperçu des problèmes et présentation des Recommandations UIT-T existantes sur la sécurité dans les télécommunications, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ Seguridad de las telecomunicaciones y las tecnologías de la información: Exposición general de asuntos relacionados con la seguridad de las telecomunicaciones y la aplicación de las Recomendaciones vigentes del UIT-T, ITU-T, Geneva (2012) - ITU-T X.800.
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ 9.0 9.1 Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ ABNT NBR ISO 31000:2009: Gestão de riscos - Princípios e diretrizes. Rio de Janeiro (2009)
- ↑ LOI N°2010/012 DU 21 DECEMBRE 2010 RELATIVE A LA CYBERSECURITE ET LA CYBERCRIMINALITE AU CAMEROUN
- ↑ An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ INSTRUCTION GENERALE INTERMINISTERIELLE RELATIVE A LA SECURITE DES ACTIVITES D’IMPORTANCE VITALE N°6600/SGDSN/PSE/PSN du 7 janvier 2014, PREMIER MINISTRE, SECRETARIAT GENERAL DE LA DEFENSE ET DE LA SECURITE NATIONALE, Direction Protection et Sécurité de l’Etat N° NOR: PRMD1400503J
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ RFC2828 (Japanese translation)
- ↑ Developing National Information Security Strategy for the Kingdom of Saudi Arabia NISS draft 7
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ [From French Glossary]
- ↑ Cybersecuritybeeld Nederland 2016 NCSC, Cyber Security Beeld Nederland 5 (2015)
- ↑ National Cyber Security Strategy Nigeria (2014)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Cyber Security Strategy for Norway (2012)
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ Melani Glossary (n.d.)
- ↑ Cabinet Office, Lexicon of UK Civil Protection Terminology, Version 2.1.1, February 2013
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
- ↑ Joint Publication 1-02: Department of Defense Dictionary of Military and Associated Terms (2016)
- ↑ 32.0 32.1 Province of Ontario’s Emergency Management Glossary of Terms
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO 22300:2012(en) Societal security — Terminology
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 29147:2014, Information technology -- Security techniques -- Vulnerability disclosure