An indication, circumstance, or event with the potential to cause the loss of or damage to an asset. Threat can also be defined as the capability and intent of an adversary to undertake actions that would be detrimental to critical assets.
Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards
A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
Extended Definition: Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence.
Adapted from: DHS Risk Lexicon, NIPP, CNSSI 4009, NIST SP 800-53 Rev 4.
Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
A security vulnerability/risk resulting from an informed intent (such as terrorism) to inflict harm or loss.
Threats are controlled through protective countermeasures (barriers) to minimise vulnerability and risk exposure.
Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global Standards
Potential cause of an unwanted incident, which may result in harm to a system or organization.
Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Threat is defined as any indication, circumstance, or event with the potential to cause loss of, or damage to, an asset. It can also be defined as the intention and capability of a threat to undertake actions that would be detrimental to valued assets. Sources of threats may be categorized as: criminals (e.g. white collar, cyber, organized, opportunists); activists (pressure groups, single-issue zealots); terrorists (international or domestic); disgruntled personnel.
Any indication, circumstance, or event with the potential to cause the loss of or damage to an asset. Threat can also be defined as the capability and intent of a threat to undertake actions that would be detrimental to critical assets. Threat encompasses any individual, group, organization, or government that conducts activities or has the intention and capability to conduct activities detrimental to critical assets. A threat could include intelligence services of host nations, or third-party nations, political and terrorist groups, criminals, rogue employees, cyber criminals, and private interests.
Potential cause of an unwanted incident, which may result in harm to a system, individual or organization
NOTE Adapted from ISO/IEC 27000:2009.
Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Natural or man-made occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment, and/or property.
Sample Usage: Analysts suggested that the greatest threat to the building was from specific terrorist attacks.
Annotation: Threat as defined refers to an individual, entity, action, or occurrence; however, for the purpose of calculating risk, the threat of an intentional hazard is generally estimated as the likelihood of an attack (that accounts for both the intent and capability of the adversary) being attempted by an adversary; for other hazards, threat is generally estimated as the likelihood that a hazard will manifest.
THREAT SHIFTING *:
Definition: response of adversaries to perceived countermeasures or obstructions, in which the adversaries change some characteristic of their intent to do harm in order to avoid or overcome the countermeasure or obstacle
Sample Usage: Installing barriers around only one of several neighboring government buildings may result in threat shifting, where the adversaries will target one of the remaining unprotected buildings.
- Threat shifting can occur in one or more of several domains: the time domain (e.g., a delay in attack or illegal entry to conduct additional surveillance, etc.), the target domain (selecting a different, less-protected target), the resource domain (adding resources to the attack in order to reduce uncertainty or overcome countermeasures), or the planning/attack method domain (changing the weapon or path, for example, of the intended attack or illegal entry).
- Threat shifting is commonly cited as a reason for countermeasure failure or ineffectiveness – particularly in the case of target shifting. For example, when police occupy one street corner, the drug dealers simply go a few blocks away. This assumes that threat-shifting is frictionless for the adversary, which frequently is the case.
- However, threat shifting is not always frictionless for the adversary – and therefore can be of some value to the defenders. The adversaries may delay their attack, consume additional resources, undertake complexity, expose themselves to additional counter-surveillance and counter-terrorism scrutiny, and/or shift to a less consequential target.
- Threat shifting can, in some cases, increase risk by steering an adversary to an attack that is more likely to succeed or of greater consequence.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
The intention and capability of an adversary to undertake actions that will be detrimental to people, the environment, assets, and economic stability.
Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional Standards
Potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm .
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard