X.800
According to X.800, ‘A threat to a system security includes any of the
following: destruction of information and/or other resources; corruption
or modification of information; theft, removal or loss of information
and/or other resources; disclosure of information and interruption of
services’. Another, clearer definition comes from RFC 2828, which defines a
threat as ‘A potential violation of security exists when there is a
circumstance, capability, action, or event that could breach security and
cause harm’. In other words, a threat is a possible danger that might
exploit vulnerability.
RFC 2828
Security attacks (Request for Comments RFC 2828, Internet Security Glossary)
Threat – a potential for violation of security which exists when there is a
circumstance, capability, action, or event that could breach security and cause
harm. That is, threat is a possible danger that might exploit vulnerabilityAttack
– an assault on system security that derives from an intelligent threat; that
is, an intelligent act that is a deliberate attempt (especially in the sense of
a method or technique) to evade security services and violate the security
policy of a system.
No comments:
Post a Comment