Wikia

The IT Law Wiki

Threat

31,969pages on
this wiki
Talk0

Definitions Edit

Biometrics Edit

A threat is

[a]n intentional or unintentional potential event that could compromise the security and integrity of the system.[1]

General Edit

A threat is

[t]he capability of an adversary coupled with his/her intentions to undertake any actions detrimental to the success of program activities or operations.[2]
[a] natural or man-made occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.[3]
[a] potential cause of an unwanted incident, which may result in harm to a system or organization.[4]

Medical device Edit

A threat is

any circumstance or event with the potential to adversely impact the essential clinical performance of the device, organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, or other organizations through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Threats exercise vulnerabilities, which may impact the essential clinical performance of the device.[5]

Security Edit

A threat is

any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification of data, and/or denial of service.[6]
any circumstance or event with the potential to intentionally or unintentionally exploit one or more vulnerabilities in a system resulting in a loss of confidentiality, integrity, or availability.[7]
[a] potential cause of an incident, that may result in harm of systems and organization.[8]
a potential undesirable event, malicious or not, of (1) compromise (i.e., theft of valuable or sensitive information or services), (2) corruption of information or information services, or (3) denial of service by degradation/blocking of data, processing, or communications or an entity possessing the capability and intent to cause the above.[9]
[a]ny circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.[10]

Overview Edit

Threats are implemented by threat agents.

Snapshot 2009-11-07 20-17-23

Information systems Edit

Information systems are subject to serious threats that can have adverse effects on organizational operations (including missions, functions, image, or reputation), organizational assets, individuals, other organizations, and the government by compromising the confidentiality, integrity, or availability of information being processed, stored, or transmitted by those systems.

Threats to information systems include environmental disruptions, human errors, and purposeful attacks. Attacks on information systems today are often well-organized, disciplined, aggressive, well-funded, and in a growing number of documented cases, extremely sophisticated. Successful attacks on public and private sector information systems can result in great harm to the national and economic security interests of a country.

Indeed, systems sometimes fail without any external provocation, as a result of design flaws, implementation bugs, misconfiguration, and system aging.

Additional threats arise in the system acquisition and code distribution processes. Serious security problems have also resulted from discarded or stolen systems. For large-scale systems consisting of many independent installations (such as the Domain Name System (DNS)), security updates must reach and be installed in all relevant components throughout the entire life cycle of the systems. This scope of updating has proven to be difficult to achieve.

IWThreat

References Edit

  1. NSTC Subcommittee on Biometrics, Biometrics Glossary, at 27 (Sept. 14, 2006) (full-text).
  2. DOE Manual 470.4-7, at 60.
  3. DHS Risk Lexicon, at 36.
  4. ISO/IEC 27000:2014.
  5. Postmarket Management of Cybersecurity in Medical Devices: Draft Guidance for Industry and Food and Drug Administration Staff, at 9-10.
  6. National Cyber Incident Response Plan, at M-1.
  7. Federal Plan for Cyber Security and Information Assurance Research and Development, at 5.
  8. ISO/IEC 27005:2011.
  9. Report on the NS/EP Implications of Intrusion Detection Technology Research and Development, at 6 n.7.
  10. NIST Special Publication 800-82, at B-8.

See also Edit

Around Wikia's network

Random Wiki