The IT Law Wiki
Register
Advertisement

Definitions[]

Biometrics[]

A threat is

[a]n intentional or unintentional potential event that could compromise the security and integrity of the system.[1]

General[]

A threat is

[t]he capability of an adversary coupled with his/her intentions to undertake any actions detrimental to the success of program activities or operations.[2]
[a] natural or man-made occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.[3]
[a] potential cause of an unwanted incident, which may result in harm to a system or organization.[4]

Medical device[]

A threat is

any circumstance or event with the potential to adversely impact the essential clinical performance of the device, organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, or other organizations through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Threats exercise vulnerabilities, which may impact the essential clinical performance of the device.[5]

Security[]

A threat is

any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of service.[6]
any circumstance or event with the potential to intentionally or unintentionally exploit one or more vulnerabilities in a system resulting in a loss of confidentiality, integrity, or availability.[7]
[a] potential cause of an incident, that may result in harm of systems and organization.[8]
a potential undesirable event, malicious or not, of (1) compromise (i.e., theft of valuable or sensitive information or services), (2) corruption of information or information services, or (3) denial of service by degradation/blocking of data, processing, or communications or an entity possessing the capability and intent to cause the above.[9]
[a]ny circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.[10]
[a]ny circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the Nation through a system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.[11]

Overview[]

Threats are implemented by threat agents.

Snapshot 2009-11-07 20-17-23

Information systems[]

Information systems are subject to serious threats that can have adverse effects on organizational operations (including missions, functions, image, or reputation), organizational assets, individuals, other organizations, and the government by compromising the confidentiality, integrity, or availability of information being processed, stored, or transmitted by those systems.

Threats to information systems include environmental disruptions, human errors, and purposeful attacks. Attacks on information systems today are often well-organized, disciplined, aggressive, well-funded, and in a growing number of documented cases, extremely sophisticated. Successful attacks on public and private sector information systems can result in great harm to the national and economic security interests of a country.

Indeed, systems sometimes fail without any external provocation, as a result of design flaws, implementation bugs, misconfiguration, and system aging.

Additional threats arise in the system acquisition and code distribution processes. Serious security problems have also resulted from discarded or stolen systems. For large-scale systems consisting of many independent installations (such as the Domain Name System (DNS)), security updates must reach and be installed in all relevant components throughout the entire life cycle of the systems. This scope of updating has proven to be difficult to achieve.

IWThreat

References[]

See also[]

Advertisement