Information Security

From CIPedia
Jump to: navigation, search

Definitions

European Definitions

Information Security is the protection of information against unauthorised disclosure, transfer, modification or destruction, whether accidental or intentional. [1]

Other International Definitions

IAEA

Information security is the preservation of the confidentiality, integrity and availability of information. [2]
Note: In addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.

NATO

The protection of information against unauthorised disclosure, transfer, modification or destruction, whether accidental or intentional (INFOSEC). [3]

United Nations

Information security is the protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats. [4]

World Bank

Information security, refers to the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. [5]
In a computing context, the term security implies cybersecurity.

National Definitions

Albania

Siguria e informacionit, do të thotë sigurimi i konfidencialitetit, integritetit dhe disponueshmërisë së informacionit. [6]

Argentina

Seguridad: contemplas los requisitos de Integridad, Confidencialidad y Disponibilidad de las Aplicaciones, por ejemplo asegurando que las aplicaciones disponibles a través de redes de acceso público (ej.: Internet) no puedan ser alteradas en su contenido, infectadas con código ni susceptibles a vulnerabilidades derivadas de malas prácticas de desarrollo. [7]


Australia

Information security (INFOSEC): All measures used to protect official information from compromise, loss of integrity or unavailability. [8]


Austria

Information security or network security are umbrella terms for ICT security, referring to the entire relevant information of an organisation or an enterprise, including information that has not been processed electronically. Hence, it describes the entirety of characteristics of an organisation ensuring the confidentiality, availability and integrity of information. [9]

Informationssicherheit / Netzwerksicherheit ist ein Überbegriff zu IKT-Sicherheit und bezieht sich auf alle relevanten Informationen einer Organisation oder eines Unternehmens einschließlich von nicht elektronisch verarbeiteten Informationen. Es bezeichnet somit die Summe der Eigenschaften einer Organisation, die dem Schutz der Vertraulichkeit, Verfügbarkeit und Integrität der Informationen dienen. [10]

Information may be available as spoken text, paper documents or other directly readable media or as electronically processed data in ICT systems.

Belarus

информационная безопасность – состояние защищенности сбалансированных интересов личности, общества и государства от внешних и внутренних угроз в информационной сфере. [11]
(The state of the protection of balanced interests of the individual, society, and the state from external and internal threats in the information space)

Brazil

Segurança da Informação: proteção dos sistemas de informação contra a negação de serviço a usuários autorizados, assim como contra a intrusão, e a modificação desautorizada de dados ou informações, armazenados, em processamento ou em trânsito, abrangendo, inclusive, a segurança dos recursos humanos, da documentação e do material, das áreas e instalações das comunicações e computacional, assim como as destinadas a prevenir, detectar, deter e documentar eventuais ameaças a seu desenvolvimento. [12]

Information Security is the protection of information systems against denial of service to authorised users, as well as against intrusion and unauthorised modification of data or information stored in processing or in transit, covering even the safety of human resources, documentation and material, of the areas and facilities of communications and computing, as well as to prevent, detect, deter and document any threats to its development.

Croatia

Informacijska sigurnost – stanje povjerljivosti, cjelovitosti i raspoloživosti podataka koje se postiže primjenom odgovarajućih sigurnosnih mjera.

Information security is the state of confidentiality, integrity and availability of information, which is achieved by implementation of stipulated information security measures and standards and by organisational support for jobs of planning, implementation, assessment and update of measures and standards. [13] [14]


Cuba

Seguridad de la información: Preservación de la confidencialidad, integridad y disponibilidad de la información. [15]


Czech Republic

Bezpečností informací zajištění důvěrnosti, integrity a dostupnosti informací. [16]

Security (protection) of confidentiality, integrity and availability of information. [17]

Denmark

Informationssikkerhed er en bred betegnelse for de samlede for - anstaltninger til at sikre informationer i forhold til fortrolighed, integritet (ændring af data) og tilgængelighed. I arbejdet indgår blandt andet organisering af sikkerhedsarbejdet, påvirkning af adfærd, processer for behandling af data, styring af leverandører samt tekniske sikringsforanstaltninger. [18]


Egypt

Information security: The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional. [19]


Finland

Tietoturva, tietoturvallisuus: järjestelyt, joilla pyritään varmistamaan tiedon saatavuus, eheys ja luottamuksellisuus.

Information Security are arrangements aiming at ensuring the availability, integrity and confidentiality of information. -unofficial translation- [20]

Tietoturvallisuus: Tietoturvallisuudella tarkoitetaan tietojen, palvelujen, järjestelmien ja tietoliikenteen suojaamista ja varmistamista niihin kohdistuvien riskien hallitsemiseksi kaikissa turvallisuustilanteissa hallinnollisilla, teknisillä ja muilla toimenpiteillä. [21]

Information security refers to the administrative, technical and other measures that protect and secure information, services, systems and telecommunications and manage their risks in all security situations. [22]
Tietoturvallisuus on myös asiantila, jossa tietojen, tietojärjestelmien ja tietoliikenteen luottamuksellisuuteen, eheyteen ja käytettävyyteen kohdistuvat uhkat eivät aiheuta merkittävää riskiä (Information security is also a condition in which threats against the confidentiality and integrity of information, information systems and telecommunications security do not pose a significant risk).

France

Information systems security: All technical and non-technical protective measures enabling an information system to withstand events likely to compromise the availability, integrity or confidentiality of stored, processed or transmitted data and of the related services that these systems offer or make accessible. [23]

Sécurité des systèmes d’information: Ensemble des mesures techniques et non techniques de protection permettant à un système d’information de résister à des événements susceptibles de compromettre la disponibilité, l’intégrité ou la confidentialité des données stockées, traitées ou transmises et des services connexes que ces systèmes offrent ou qu’ils rendent accessibles. [24]


Germany

IT-Sicherheit (oder Informationssicherheit) ist die Unversehrtheit der Authentizität, Vertraulichkeit, Integrität und Verfügbarkeit eines informationstechnischen Systems und der darin verarbeiteten und gespeicherten Daten. (2016) [25]

IT security is the condition in which availability, integrity and confidentiality of information and Information Technology are ensured by appropriate safeguards. [26]

Georgia

ინფორმაციული უსაფრთხოება – საქმიანობა, რომელიც იცავს ინფორმაციას და ინფორმაციულ სისტემებს მისაწვდომობის, ერთიანობის, აუთენტიფიკაციის, კონფიდენციალურობის და განგრძობადი მუშაობის უზრუნველყოფით. [27]

Information security - an activity that protects information and information systems' access, integrity, authentication, confidentiality, and the continuing of work.
(raw translation - CIPedia looks for a proper translation in English)

Guatemala

Seguridad de la información: La seguridad de la información garantiza la confidencialidad, disponibilidad e integridad de la información, por medio de la aplicación y gestión de controles apropiados que implican la consideración de una amplia gama de amenazas, con el objetivo de garantizar el éxito organizacional y la continuidad, minimizando las consecuencias de los incidentes de seguridad de la información. Fuente: ISO/IEC 27000:2016 [28]


Italy

Information Security: Often complex security measures to ensure integrity, confidentiality and availability of information classified as state secret or blankets and related information and communication systems, for example through user authentication. [29]
It includes the necessary safeguards to detect and counter intrusions.

Jamaica

Information security is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. [30]

Note: The terms information security, computer security and information assurance are understood for these purposes as being interchangeable.

Japan

Information security is to make the IT infrastructure as to be "truly reliable and rigid” concerning 1) sustainable development through the use of IT, 2) achievement higher quality of life of people through the use of IT, 3) security against the threats related to the use of IT. [31]


Mongolia

Information security means the situation where conditions are ensured for the Government to assess objectively the country’s actual internal and external situation and make correct decisions, for government organs and the people to have the necessary information for the exercise of their powers and rights provided by the Constitution and for the dissemination abroad of information about Mongolia. [32]

Montenegro

Informaciona bezbjednost podrazumijeva stanje povjerljivosti, cjelovitosti i dostupnosti podataka. Informaciona bezbjednost se fokusira na podatke bez obzira na njihovu formu: elektronski, štampani ili drugi oblici podataka. [33]

Information security means the condition of confidentiality, integrity and availability of data. Information security focuses on data, regardless of their form: electronic, print or other forms of data.

Netherlands

Informatiebeveiliging is het proces van het vaststellen van de vereiste betrouwbaarheid van informatiesystemen in termen van vertrouwelijkheid, beschikbaarheid en integriteit, alsmede het treffen, onderhouden en controleren van een samenhangend pakket van bijbehorende maatregelen. [34]

Informatiebeveiliging is het behouden van de vertrouwelijkheid, integriteit en beschikbaarheid van informatie. [35]
  • Integriteit is de eigenschap dat de nauwkeurigheid en volledigheid van bedrijfsmiddelen wordt beveiligd.
  • Vertrouwelijkheid is de eigenschap dat informatie niet beschikbaar wordt gesteld of wordt ontsloten aan onbevoegde personen, entiteiten of processen.
  • Beschikbaarheid is het kenmerk dat iets toegankelijk en bruikbaar is op verzoek van een bevoegde entiteit.

Information security is taking and maintaining a coherent set of measures to guarantee the availability, integrity and confidentiality of information.

Het treffen en onderhouden van een samenhangend pakket aan maatregelen om de beschikbaarheid, integriteit en vertrouwelijkheid te borgen. [36]

Informatiebeveiliging is het proces van vaststellen van de vereiste kwaliteit van informatie(systemen) in termen van vertrouwelijkheid, beschikbaarheid, integriteit, onweerlegbaarheid en controleerbaarheid alsook het treffen, onderhouden en controleren van een samenhangend packet van bijbehorende (fysieke, organisatorische en logische) beveiligingsmaatregelen. [37]

Informatiebeveiliging is dat gedeelte van de beveiliging dat betrekking heeft op de verwerking van Bijzondere Informatie in ICT-systemen en netwerken. [38]
Bijzondere Informatie wordt onderscheiden in Staatsgeheimen en in niet-Staatsgeheime Bijzondere Informatie. Er is sprake van een Staatsgeheim als het belang van de Staat of zijn bondgenoten in het geding is en indien kennisname door niet-gerechtigden kan leiden tot schade aan deze belangen. Er is sprake van niet-Staatsgeheime Bijzondere Informatie indien kennisname door nietgerechtigden kan leiden tot nadeel aan het belang van één of meer ministeries.

Norway

IKT-sikkerhet: Hvordan elektroniske nettverk og systemer som behandler data eller kommuniserer med hverandre, og som virksomhetene er avhengig av for å fungere effektivt, skal beskyttes. [39]

ICT security is how business-critical electronic networks and systems that process data or communicate with each other are protected. [40]


Philippines

Information security is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. [41]


Portugal

[Definição] INFOSEC: A aplicação de medidas de segurança para proteger a informação processada, armazenada ou transmitida em Sistemas de Tecnologia da Informação e Comunicações contra a perda de confidencialidade, integridade ou disponibilidade, acidental ou intencional, e para prevenir a perda de integridade ou disponibilidade dos sistemas. [42]

[Definição] Segurança da Informação: Proteção dos sistemas de informação contra o acesso ou a modificação não autorizados da informação, durante o seu armazenamento, processamento ou transmissão, e contra a negação de serviço a utilizadores autorizados ou o fornecimento de serviço a utilizadores não autorizados, incluindo as medidas necessárias para detetar, documentar e contrariar tais ameaças. [43]


Russian Federation

информационная безопасность Российской Федерации (далее - информационная безопасность) - состояние защищенности личности, общества и государства от внутренних и внешних информационных угроз, при котором обеспечиваются реализация конституционных прав и свобод человека и гражданина, достойные качество и уровень жизни граждан, суверенитет, территориальная целостность и устойчивое социально-экономическое развитие Российской Федерации, оборона и безопасность государства [44]
(raw translation) Information security of the Russian Federation (hereinafter - information security) - the state of protection of the individual, society and state from internal and external IT threats, which provide realisation of constitutional rights and freedoms of man and citizen, decent quality and standard of living of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, the defense and security of the state.


информационная безопасность – состояние защищенности личности, организации и государства и их интересов от угроз, деструктивных и иных негативных воздействий в информационном пространстве [45]

Information security (raw translation): the state of protection of the individual, the organization and the state and their interests from threats, destructive and other negative impacts in the information space.


Serbia

информациона безбедност представља скуп мера које омогућавају да подаци којима се рукује путем ИКТ система буду заштићени од неовлашћеног приступа, као и да се заштити интегритет, расположивост, аутентичност и непорецивост тих података, да би тај систем функционисао како је предвиђено, када је предвиђено и под контролом овлашћених лица. [46]


Uganda

Information security is the protection information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. [47]

Ukraine

“information security” must be understood as the kind of protection of a State’s information space that allows the attainment of its national interests and observance of the rights of the individual, society and the State. [48]


United States

FISMA
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide - (A) integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity; (B) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and (C) availability, which means ensuring timely and reliable access to and use of information. [49]

NIST
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. [50]


An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational subunits, showing their alignment with the enterprise’s mission and strategic plans. [51]

Uruguay

Seguridad informática: Conjunto de medidas preventivas y reactivas que tienen como objetivo mantener la confidencialidad, disponibilidad e integridad de la información soportada en medios informáticos. [52]


Other Definitions

East-West Institute (Russia-US)

Cybersecurity is a property of cyber space that is an ability to resist intentional and unintentional threats and respond and recover.

Кибербезопасность: свойство (киберпространства, иберсистемы), противостоять, намеренным и/или, ненамеренным угрозам, а также, реагировать на них и, восстанавливаться после воздействия этих угроз. [53]

Standard Definition

ISO/IEC 27000:2014

Preservation of confidentiality, integrity and availability of information. [54]. In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.


IETF

Information Security: measures that implement and assure security services in information systems, including in computer systems and in communication systems. [55]

Notes

  1. NATO - EU - UN glossary
  2. IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
  3. NATO - EU - UN glossary
  4. NATO - EU - UN glossary
  5. Cyber Security Glossary, World Bank (2015)
  6. PROJEKT LIGJ PËR SIGURINË KIBERNETIKE
  7. Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
  8. Protective Security Policy Framework - Glossary Oct 2017
  9. Austrian Cyber Security Strategy, Federal Chancellery of the Republic of Austria, Vienna (2013)
  10. Österreichische Strategie für Cyber Sicherheit (2013)
  11. Концепция Националъной Безопасности, Министерство Внутренних Дел Рецпублики Беларусъ, 2010
  12. GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)/ Decreto Nº 3.505, de 13 de junho de 2000. Presidência da República, Casa Civil, Subchefia para Assuntos Jurídicos. Institui a Política de Segurança da Informação nos órgãos e entidades da Administração Pública Federal. Brasília, 2000.
  13. Article 2 of the Information Security Act
  14. National Cyber Security Strategy draft (2015)
  15. Glossary of Cyber terms/Glosario de términos, Centro de Seguridad del Ciberespacio
  16. Zákon č. 181/2014 Sb. o kybernetické bezpečnosti a o změně souvisejících zákonů (zákon o kybernetické bezpečnosti)
  17. Cyber Security Explanatory Glossary (2013)
  18. Danish Cyber Security Strategy, 2014
  19. Glossary of the National Telecom Authority (NTA), Egypt
  20. Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
  21. Yhteikunnan Turvallisuusstrategia, Valtioneuvoston periaatepäätös 16.12.2010
  22. Security Strategy for Society, Government Resolution 16.12.2010
  23. Information systems defence and security: France's Strategy
  24. La Stratégie de la France en matière de défense et de sécurité des systèmes d’information (2011)
  25. Cyber-Sicherheitsstrategie für Deutschland 2016
  26. Unpublished working glossary of UP KRITIS and BSI, 2014
  27. cyber_security_politics.docx (2012)
  28. La Estrategia Nacional de Seguridad Cibernética (June 2018)
  29. IL LINGUAGGIO DEGLI ORGANISMI INFORMATIVI Glossario (2013)
  30. Jamaica's National Cyber Security Strategy
  31. The Second National Strategy on Information Security, Japan, 2009
  32. Security Concept of Mongolia EN.pdf The Concept of National Security of Mongolia, Government of Mongolia
  33. Strategija o bezbjednosti 2013-2017 (2012)
  34. Cyber Security Beeld Nederland 2018
  35. NEN-ISO/IEC-27001 en 27002
  36. Zakboekje Preventie Cybercrime (2008
  37. Cybersecuritybeeld Nederland 2016
  38. Algemene Beveiligingseisen voor Defensieopdrachten (ABDO), 2006
  39. Nasjonal strategi for informasjonssikkerhet (2012)
  40. Cyber Security Strategy for Norway (2012)
  41. DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
  42. Glossário Centro National de Cibersegurança Portugal
  43. Glossário Centro National de Cibersegurança Portugal
  44. Указ Президента Российской Федерации от 05.12.2016 № 646 "Об утверждении Доктрины информационной безопасности Российской Федерации"
    (Presidential Decree of 12.5.2016 number 646 "On approval of the Doctrine of the Russian Federation Information Security")
  45. КОНЦЕПЦИЯ СТРАТЕГИИ КИБЕРБЕЗОПАСНОСТИ РОССИЙСКОЙ ФЕДЕРАЦИИ (Draft Cyber Security Strategy 2016)
  46. ЗАКОН О ИНФОРМАЦИОНОЈ БЕЗБЕДНОСТИ (Law on Information Security), Serbia
  47. National Information Security Policy (2011)
  48. Ukraine, Submission to the United Nations General Assembly Resolution A/58/373, 2003
  49. The Federal Information Security Modernization Act of 2014 (FISMA)44 U.S.C. § 3552(b)(2).
  50. NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/NIST SP 800 series
  51. NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
  52. Glossary CERTuy
  53. RUSSIA-­‐U.S. BILATERAL ON CYBERSECURITY: CRITICAL TERMINOLOGY FOUNDATIONS
  54. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  55. IETF RFC449 Internet Security Glossary 2