threat [English]

Other Languages

Syndetic Relationships

InterPARES Definition

n. ~ 1. A possible danger that may cause damage – 2. Computing · A possible danger to a system or information stored on the system, typically connoting a malicious act that breaches security or exploits a vulnerability.

General Notes

Threat is a specific type of risk that connotes malicious intent, as distinguished from unintentional acts that may cause damage or other risks, such as accident or natural disaster.

Other Definitions

  • Black's 9th 2009 (†382 s.v. threat): An indication of an approaching menace. A person or thing that well cause harm.
  • Dictionary of Computing 1996 (†517 s.v. "threat"): Any action intended to breach the security of information stored in a system by (a) gaining unauthorized access to that information usually without alerting the authorized user, (b) denial of service to the authorized user, (c) spoofing, which aims to confuse by introducing false information, usually as to the identity of the user. Some threats are with premeditated malicious intent but others are opportunistic, e.g., browsing, or occur during a crash. See also vulnerability.
  • NIST Risk Assessment 2012 (†482 p. B-13): Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service

Citations

  • Cloud Security Alliance 2010 (†592 p.6-7): While many issues, such as provider financial stability, create significant risks to customers, we have tried to focus on issues we feel are either unique to or greatly amplified by the key characteristics of Cloud Computing and its shared, on-demand nature. We identify the following threats in our initial document: · Abuse and Nefarious Use of Cloud Computing · Insecure Application Programming Interfaces · Malicious Insiders · Shared Technology Vulnerabilities · Data Loss/Leakage · Account, Service & Traffic Hijacking · Unknown Risk Profile. (†1358)
  • Cloud Security Alliance 2013 (†593 p.6-7): In this most recent edition of this report, experts identified the following nine critical threats to cloud security (ranked in order of severity): 1. Data Breaches, 2. Data Loss, 3. Account Hijacking, 4. Insecure APIs, 5. Denial of Service, 6. Malicious Insiders, 7. Abuse of Cloud Services, 8. Insufficient Due Diligence, 9. Shared Technology Issues. (†1360)
  • CNSS-4009 (†730 p.75): Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (†1754)
  • ISACA Glossary (†743 s.v. threat): Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm. A potential cause of an unwanted incident. (ISO/IEC 13335) (†1806)
  • Modi, et al. 2013 (†595 p.572): (†1370)
  • NIST 2013 (†734 p. B-25): Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. [CNSSI 4009, Adapted] (†1819)
  • RFC 4949 (†591 s.v. "threat"): Tutorial: A threat is a possible danger that might exploit a vulnerability. Thus, a threat may be intentional or not: · "Intentional threat": A possibility of an attack by an intelligent entity (e.g., an individual cracker or a criminal organization). · "Accidental threat": A possibility of human error or omission, unintended equipment malfunction, or natural disaster (e.g., fire, flood, earthquake, windstorm, and other causes listed in (†1350)