Definition(s)


Attack

Assault on a system that derives from an intelligent threat — i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system [11].

  • NOTE: There are different commonly recognized classes of attack:
    • An “active attack” attempts to alter system resources or affect their operation. A “passive attack” attempts to learn or make use of information from the system but does not affect system resources.
    • An “inside attack” is an attack initiated by an entity inside the security perimeter (an “insider”) – i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization. An “outside attack” is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (including an insider attacking from outside the security perimeter). Potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard

Attack

Attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.

Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards

 

Attack

Attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.

[ISO/IEC 27000:2009].

Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards

Attack

An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.

Extended Definition: The intentional act of attempting to bypass one or more security services or controls of an information system.

From: NCSD Glossary. NTSSI 4009 (2000), CNSSI 4009

Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards

Comments are closed.