![]() | An Attack: | |Counter- | | A System Resource: | The term "threat" relates to some other basic security terms as shown in the following diagram: + - + + - + + -+ A set of properties of a specific external entity (which may be either an individual or class of entities) that, in union with a set of properties of a specific internal entity, implies a risk (according to a body of knowledge).g In threat analysis, a threat is defined as an ordered pair,, suggesting the nature of these occurrences but not the details (details are specific to events). ![]() An undesirable occurrence that might be anticipated but is not the result of a conscious act or decision. ![]() An assertion primarily concerning entities of the external environment (agents) we say that an agent (or class of agents) poses a threat to one or more assets we write: T(e i) where: e is an external entity i is an internal entity or an empty set. Examples are flooding, sabotage and fraud. Types of computer systems related adverse events (i. For example, the threat of fire exists at all facilities regardless of the amount of fire protection available. ![]() Threats exist because of the very existence of the system or activity and not because of any specific weakness. The presence of a threat does not mean that it will necessarily cause actual harm. Any circumstance or event with the potential to cause harm to the ADP system or activity in the form of destruction, disclosure, and modification of data, or denial of service. Any circumstance or event with the potential to cause harm to a system in the form of destruction, disclosure, modification or data, and/or denial of service. Categorize and classify threats as follows: Categories Classes Human Intentional Unintentional Environmental Natural Fabricated 2. National Information Assurance Training and Education Center gives a more articulated definition of threat: The means through which the ability or intent of a threat agent to adversely affect an automated system, facility, or operation can be manifest. The key consideration is that threats apply the force (water, wind, exploit code, etc.) against an asset that can cause a loss event to occur. A tornado is a threat, as is a flood, as is a hacker. The Open Group defines threat as: Anything that is capable of acting in a manner resulting in harm to an asset and/or organization for example, acts of God (weather, geological events,etc.) malicious actors errors failures.įactor analysis of information risk defines threat as: threats are anything (e.g., object, substance, human, etc.) that are capable of acting against an asset in a manner that can result in harm. National Information Assurance Glossary defines threat as:Īny circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service.ĮNISA gives a similar definition: Any circumstance or event with the potential to adversely impact an asset through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability. This is differentiated from a threat actor who is an individual or group that can perform the threat action, such as exploiting a vulnerability to actualise a negative impact.Ī more comprehensive definition, tied to an Information assurance point of view, can be found in " Federal Information Processing Standards (FIPS) 200, Minimum Security Requirements for Federal Information and Information Systems" by NIST of United States of America Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. the possibility of a computer malfunctioning, or the possibility of a natural disaster event such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event. hacking: an individual cracker or a criminal organization) or an " accidental" negative event (e.g. In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.Ī threat can be either a negative " intentional" event (i.e. Information on making articles more accessible can be found at WikiProject Accessibility. Relevant discussion may be found on the talk page. This article's accessibility is in question. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |