Vulnerability

From CIPedia
Revision as of 18:16, 17 September 2014 by Eluiijf (talk | contribs) (NATO CEP / EAPC)
Jump to navigation Jump to search

Definitions

European Definitions

A characteristic of an element of the CI’s design, implementation, or operation that renders it susceptible to disruption or destruction by a threat and includes dependencies on other types of infrastructure. [1]


Other International Definitions

NATO CEP / EAPC

A characteristic of an element of the critical infrastructure’s design, implementation, or operation that renders it susceptible to destruction or incapacitation by a threat. [2]

UNISDR

The characteristics and circumstances of a community, system or asset that make it susceptible to the damaging effects of a hazard [3].

There are many aspects of vulnerability, arising from various physical, social, economic, and environmental factors. Examples may include poor design and construction of buildings, inadequate protection of assets, lack of public information and awareness, limited official recognition of risks and preparedness measures, and disregard for wise environmental management.

Vulnerability varies significantly within a community and over time. This definition identifies vulnerability as a characteristic of the element of interest (community, system or asset) which is independent of its exposure. However, in common use the word is often used more broadly to include the element’s exposure.

National Definitions

US Definition

A physical feature or operational attribute that renders an entity open to exploitation or susceptible to a given hazard [4].


Standard Definition

ISO/IEC 27000:2014

Weakness of an asset or control that can be exploited by one or more threats [5].


See also

Notes

  1. EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
  2. NATO EAPC(SCEPC) lexicon 2003.
  3. 2009 UNISDR Terminology on Disaster Risk Reduction
  4. DHS Risk Lexicon 2010 Edition, September 2010
  5. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Vulnerability&oldid=1519"