Security Incident

Security Incident

Definition(s)

Security Incident

A security event which may compromise an asset and require action. Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards

Security Incident

An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences. Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, ISSG. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Security Incident

A security-related occurrence, threat, or action that has led to or could potentially lead to adversely affecting people, the environment, assets, and economic stability.

Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional Standards  

Security Incident

Adverse event in a system or network or the threat of the occurrence of such an event [10].
  • NOTE: The term “near miss” is sometimes used to describe an event that could have been an incident under slightly different circumstances.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Interest

Security Interest

Definition(s)

Security Interest

“Security interest” means any charge on or right in relation to an interest or a share in an interest that secures
  1. the payment of an indebtedness arising from an existing or future loan or advance of money,
  2. a bond, debenture or other security of a corporation, or
  3. the performance of the obligations of a guarantor under a guarantee given in respect of all or any part of an indebtedness referred to in paragraph (a) or all or any part of a bond, debenture or other security of a corporation, and includes a security given under section 426 of the Bank Act, but does not include an operator’s lien; sûreté.
Source: Canada-Nova Scotia Offshore Petroleum Resources Accord Implementation Act, S.C. 1988, c. 28, Canada, current to May 26, 2013. Legislation Source:  Canada Petroleum Resources Act, R.S.C. 1985, c. 36 (2nd Supp.), current to April 29, 2013. Legislation
Security Intrusion

Security Intrusion

Definition(s)

Security Intrusion

Security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Layers of Protection

Security Layers of Protection

Definition(s)

Security Layers of Protection

Also known as concentric "rings of protection," a concept of providing multiple independent and overlapping layers of protection in depth. For security purposes, this may include various layers of protection such as countersurveillance, counterintelligence, physical security, and cyber security. A second consideration is the balance of the security measures such that equivalent risk exists regardless of the threat's pathway or method.

Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards
Security Level

Security Level

Definition(s)

Security Level

Level corresponding to the required effectiveness of countermeasures and inherent security properties of devices and systems for a zone or conduit based on assessment of risk for the zone or conduit [13]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Management Program

Security Management Program

Definition(s)

Security Management Program

An ongoing process to ensure security threats and associated risks are identified and managed with appropriate mitigation and response procedures to prevent and minimize the impact of security incidents adversely affecting people, the environment, assets, and economic stability.

Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional Standards
Security Notice

Security Notice

Definition(s)

Security Notice

“Security notice” means a notice of a security interest. Source: Canada-Nova Scotia Offshore Petroleum Resources Accord Implementation Act, S.C. 1988, c. 28, Canada, current to May 26, 2013. Legislation Source:  Canada Petroleum Resources Act, R.S.C. 1985, c. 36 (2nd Supp.), current to April 29, 2013. Legislation
Security Objective

Security Objective

Definition(s)

Security Objective

Aspect of security which to achieve is the purpose and objective of using certain mitigation measures, such as confidentiality, integrity, availability, user authenticity, access authorization, accountability.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security of Supply

Security of Supply

Definition(s)

Security of Supply

“Security of supply”, in respect of any period, means the anticipation of self-sufficiency during each of the five calendar years in that period, taking into account the aggregate during each such year of anticipated additions to producing capacity and anticipated adjustments to refining capacity; sécurité des approvisionnements. Source: Canada-Nova Scotia Offshore Petroleum Resources Accord Implementation Act, S.C. 1988, c. 28, Canada, current to May 26, 2013. Legislation
Security Partner

Security Partner

Definition(s)

Security Partner

Parties who, through formal or informal agreements, establish relationships with each other, governments, regulators, enforcement, and public safety agencies and participate in security risk assessments and risk mitigation strategies, including the sharing of information and the securing of petroleum and natural gas industry systems against acts of vandalism, terrorism, or other security threats.

Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional Standards
Security Performance

Security Performance

Definition(s)

Security Performance

Program’s compliance, completeness of measures to provide specific threat protection, post-compromise analysis, review of changing business requirements, new threat and vulnerability information, and periodic audit of control systems to ensure security measures remain effective and appropriate.
  • NOTE: Tests, audits, tools, measures, or other methods are required to evaluate security practice performance
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Perimeter

Security Perimeter

Definition(s)

Security Perimeter

Boundary (logical or physical) of the domain in which a security policy or security architecture applies, i.e., the boundary of the space in which security services protect system resources [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Plan

Security Plan

Definition(s)

Security Plan

A document that describes an owner's/operator's plan to address security issues and related events, including security assessment and mitigation options. This includes security alert levels and response measures to security threats.

Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards
Security Policy

Security Policy

Definition(s)

Security Policy

A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets. Extended Definition: A rule or set of rules applied to an information system to provide security services. Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, NIST SP 800-130, OASIS SAML Glossary 2.0. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Security Policy

Set of rules that specify or regulate how a system or organization provides security services to protect its assets [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Procedures

Security Procedures

Definition(s)

Security Procedures

Definitions of exactly how practices are implemented and executed.
  • NOTE: Security procedures are implemented through personnel training and actions using currently available and installed technology.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Program

Security Program

Definition(s)

Security Program

A combination of all aspects of managing security, ranging from the definition and communication of policies through implementation of best industry practices and ongoing operation and auditing.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Program Management

Security Program Management

Definition(s)

Security Program Management

In the NICE Workforce Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer). From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Security Risk

Security Risk

Definition(s)

Security Risk

The likelihood of a threat successfully exploiting vulnerability and the resulting degree of damage or impact.

Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards
Security Risk Assessment

Security Risk Assessment

Definition(s)

Security Risk Assessment (SRA)

An assessment for the purposes of determining security risk.

Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards

Security Risk Assessment

A SRA is a risk assessment for the purposes of determining security risk.

Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards
Security Services

Security Services

Definition(s)

Security Services

Mechanisms used to provide confidentiality, data integrity, authentication, or no repudiation of information [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Stakeholder

Security Stakeholder

Definition(s)

Security Stakeholder

Parties who have a direct or indirect vested interest in petroleum and natural gas industry systems infrastructure security.
  • Note: Examples include operators, governments, regulators, advocates, landowners, third parties, and members of the general public.
Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional Standards
Security Sweep

Security Sweep

Definition(s)

Security Sweep

A walk-through to visually inspect the facility to identify unattended packages, briefcases, luggage, unauthorized persons, or other security breaches and determine that all restricted areas are secure.

Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards
Security System

Security System

Definition(s)

Security System

A device or multiple devices designed, installed and operated to monitor, detect, observe, or communicate about activity that may pose a security threat.

Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards
Security Violation

Security Violation

Definition(s)

Security Violation

Act or event that disobeys or otherwise breaches security policy through an intrusion or the actions of a well-meaning insider.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Vulnerability Assessment (SVA)

Security Vulnerability Assessment (SVA)

Definition(s)

Security Vulnerability Assessment (SVA)

A secondary evaluation that examines a facility’s characteristics and operations to identify potential threats or vulnerabilities and existing and prospective security measures and procedures designed to protect a facility. Source: API RP 70, Security for Offshore Oil and Natural Gas Operations, Downstream Segment, First Edition, March 2003. Global Standards Source: API RP 70I, Security for Worldwide Offshore Oil and Natural Gas Operations, Upstream Segment, First Edition, May 2004. Global Standards
Security Zone

Security Zone

Definition(s)

Security Zone

Grouping of logical or physical assets that share common security requirements.
  • NOTE: All unqualified uses of the word “zone” in this standard should be assumed to refer to a security zone.
  • NOTE: A zone has a clear border with other zones. The security policy of a zone is typically enforced by a combination of mechanisms both at the zone edge and within the zone. Zones can be hierarchical in the sense that they can be comprised of a collection of subzones
.Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Sediment and Water (S&W)

Sediment and Water (S&W)

Definition(s)

Sediment and Water (S&W)

Dissolved impurities such as salt, water, asphalt and other substances in crude oil, which come out of suspension and sink to the bottom of a container as the oil cools and settles. Source: IADC UBO / MPD Glossary, December 2011. Global Standards
Sediment Oil

Sediment Oil

Definition(s)

Sediment Oil

“Sediment oil” means tank bottoms and other accumulations of liquid hydrocarbons on an oil and gas lease, which hydrocarbons are not merchantable through normal channels. Source: Oil and Gas, New Mexico Administrative Code Title 19, Chapter 15, January 2013. Regulations  
Sedimentation

Sedimentation

Definition(s)

Sedimentation

Separation and settling of solids in a cement slurry. Source: API RP 10B-2, Recommended Practice for Testing Well Cements, First Edition, July 2005 (Reaffirmed: July 2010). Global Standards
Sediments

Sediments

Definition(s)

Sediments

Sediment is insoluble particles in the foam concentrate. Source: IMO MSC.1/Circ.1312, Revised Guidelines for the performance and testing criteria, and surveys of foam concentrates for fixed fire-extinguishing systems, 10 June 2009, International Maritime Organization. Regulatory Guidance  

Sediments

“Sediments” means matter settled out of Ballast Water within a ship. Source: International Convention for the Control and Management of Ships’ Ballast Water and Sediments, 2004. Legislation