Definitions[]
Computer security[]
Compromise is
“ | the disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.[1] | ” |
“ | the unauthorized disclosure, modification, substitution, or use of sensitive data (e.g., keys, metadata, or other security-related information) or the unauthorized modification of a security-related system, device or process in order to gain unauthorized access.[2] | ” |
Compromise is
- "a loss of data confidentiality, integrity or availability."[3]
- "[t]o reduce the trust associated with a key, its metadata, a system, device or process.[4]
General[]
Compromise is a
“ | [t]ype of incident where information is disclosed to unauthorized individuals or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.[5] | ” |
Intelligence[]
Compromise is
“ | [t]he known or suspected exposure of clandestine personnel, installations, or other assets or of classified information or material, to an unauthorized person.[6] | ” |
National security[]
Compromise is
“ | [a]ny occurrence which results or can result in unauthorized persons gaining access to national security information.[7] | ” |
“ | [t]he disclosure or release of classified information to unauthorized person(s).[8] | ” |
Power grid[]
Compromise is
“ | [t]he misuse or unauthorized modification of a Cyber Asset or supporting system.[9] | ” |
Security[]
Compromise is
“ | [a] security violation that has resulted in confirmed or suspected exposure of classified/ sensitive information to an unauthorized person.[10] | ” |
“ | disclosure of information to unauthorized persons, or a violation of the security policy of a system, in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object, or the copying of information to unauthorized media may have occurred.[11] | ” |
Overview (Computer security)[]
Out-of-date software, unsafe web browsing habits, or lack of appropriate anti-virus systems can all lead to the compromise of computer systems. Criminals and other adversaries often exploit weak identity solutions for individuals, websites, email, and the infrastructure that the Internet utilizes.
The collection of identity-related information across multiple service providers and user accounts, coupled with the sharing of personal information through the growth of social media, increases opportunities for data compromise. For example, personal data used to recover lost passwords (e.g., mother’s maiden name, the name of your first pet, etc.) is often publicly available.
In some cases, service providers have met consumer demand for online services, but they have provided inadequate identity assurances. Service providers have also deemed some highly desirable services that could provide further efficiencies and cost savings too risky to conduct online.
References[]
- ↑ Information Security: Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology, at 71.
- ↑ NIST Special Publication 800-152, at 127.
- ↑ Report on Cybersecurity Practices, at 3.
- ↑ NIST Special Publication 800-152, at 127.
- ↑ CNSSI 4009.
- ↑ Department of Defense Dictionary of Military and Associated Terms, at 45.
- ↑ Tempest Glossary, at 2.
- ↑ Intelligence Community Standard 700-01, at 6.
- ↑ Security Guideline for the Electricity Sector: Identifying Critical Cyber Assets, at 3. (full-text).
- ↑ Department of the Interior, Departmental Manual, Part 441, Chapter 1, §1.6(I) (Jan. 8, 2010).
- ↑ DFARS Clause 252.204-7012(a).