Computer security Edit
|“||the disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.||”|
|“||the unauthorized disclosure, modification, substitution, or use of sensitive information or to invade system by getting around its security.||”|
Compromise is a
|“||[t]ype of incident where information is disclosed to unauthorized individuals or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.||”|
|“||[t]he known or suspected exposure of clandestine personnel, installations, or other assets or of classified information or material, to an unauthorized person.||”|
National security Edit
|“||[a]ny occurrence which results or can result in unauthorized persons gaining access to national security information.||”|
|“||[t]he disclosure or release of classified information to unauthorized person(s).||”|
Power grid Edit
|“||[t]he misuse or unauthorized modification of a Cyber Asset or supporting system.||”|
|“||[a] security violation that has resulted in confirmed or suspected exposure of classified/ sensitive information to an unauthorized person.||”|
Overview (Computer security) Edit
Out-of-date software, unsafe web browsing habits, or lack of appropriate anti-virus systems can all lead to the compromise of computer systems. Criminals and other adversaries often exploit weak identity solutions for individuals, websites, email, and the infrastructure that the Internet utilizes.
The collection of identity-related information across multiple service providers and user accounts, coupled with the sharing of personal information through the growth of social media, increases opportunities for data compromise. For example, personal data used to recover lost passwords (e.g., mother’s maiden name, the name of your first pet, etc.) is often publicly available.
In some cases, service providers have met consumer demand for online services, but they have provided inadequate identity assurances. Service providers have also deemed some highly desirable services that could provide further efficiencies and cost savings too risky to conduct online.
- ↑ Information Security: Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology, at 71.
- ↑ DM3595-001, at 5.
- ↑ Report on Cybersecurity Practices, at 3.
- ↑ CNSSI 4009.
- ↑ Department of Defense Dictionary of Military and Associated Terms, at 45.
- ↑ Tempest Glossary, at 2.
- ↑ Intelligence Community Standard 700-01, at 6.
- ↑ Security Guideline for the Electricity Sector: Identifying Critical Cyber Assets, at 3. (full-text).
- ↑ Department of the Interior, Departmental Manual, Part 441, Chapter 1, §1.6(I) (Jan. 8, 2010).