terms-details.md

A

Acceptable Risk

در حوزه امنیت اطلاعات، ریسک قابل قبول به سطحی از ریسک اشاره دارد که سازمان حاضر است آن را برای دستیابی به اهداف خود بپذیرد. این مفهوم بر اساس این واقعیت است که حذف تمامی ریسک‌ها غیرممکن است. تصمیم‌گیری در مورد ریسک‌های قابل قبول شامل ارزیابی ریسک‌ها و کاهش آنها می‌شود، اما برخی ریسک‌های باقیمانده به دلیل میزان پذیرش ریسک سازمان و منابع و نیازهای عملیاتی آن، قابل پذیرش هستند.

---

Standard Definitions

IETF

A risk that is understood and tolerated by a system's user, operator, owner, or accreditor, usually because the cost or difficulty of implementing an effective countermeasure for the associated vulnerability exceeds the expectation of loss.

DHS

Acceptable risk is the level of risk at which, given costs and benefits associated with risk reduction measures, no action is deemed to be warranted at a given point in time.

Source: DHS [18]

NIST

Acceptable risk: the level of Residual Risk that has been determined to be a reasonable level of potential loss/disruption for a specific IT system.

Source: NIST SP 800-16

European Definitions

• ENISA

Acceptable risk is the level of Residual Risk that has been determined to be a reasonable level of potential loss/disruption for a specific system.

---

Key Concepts

1. ریسک قابل قبول در سازمان‌ها بر اساس معیارهای سازمان و هزینه‌های عملیاتی تعیین می‌شود.

2. Definitions vary across organizations but revolve around the idea of tolerable residual risk.

3. The cost-benefit analysis plays a crucial role in determining acceptable risk.

Accessibility

Accessibility در امنیت اطلاعات به توانایی دسترسی به اطلاعات و منابع سیستم در زمان و مکان مورد نیاز اشاره دارد. این مفهوم در بر گیرنده این است که اطلاعات و خدمات برای کاربران مجاز در دسترس و قابل استفاده باشد، حتی در زمان وقوع شرایط اضطراری یا خرابی سیستم. این موضوع اهمیت ویژه‌ای در سازمان‌ها دارد زیرا دسترسی ناپایدار می‌تواند باعث کاهش بهره‌وری و ایجاد خطرات امنیتی شود.

---

Standard Definitions

IETF

Accessibility refers to the availability of information and services to authorized users when required, ensuring continuity in case of system failure or emergencies.

DHS

The ability of a system or resource to be used or accessed by authorized users whenever needed, particularly during times of emergency or disruption.

NIST

Accessibility is the assurance that authorized users are able to access resources or services as intended without delays, ensuring minimal interruptions.

---

Key Concepts

1. دسترسی باید در تمامی شرایط، حتی در موارد اضطراری، برای کاربران مجاز تضمین شود.
2. Continuity in service and resource availability is crucial for operational efficiency and security.
3. Accessibility failures can lead to security breaches or reduced organizational productivity.

---

Importance of Accessibility

• Ensuring that all critical systems remain accessible during disasters or emergencies helps prevent downtime.
• Accessibility is closely related to availability, as both aim to guarantee system uptime for authorized users.

Accident

Standard Definition

ISA

An accident is an unplanned and undesired loss event.

Non-IS Context

در زمینه‌های غیر امنیت اطلاعات، حادثه به هر رویداد برنامه‌ریزی نشده‌ای اطلاق می‌شود که منجر به پیامدهای ناخواسته یا غیرمنتظره شود، از جمله خطاهای عملیاتی، نقص تجهیزات و سایر وقایع که ممکن است پیامدهای ناچیز یا جدی در زمینه حفاظت یا ایمنی داشته باشند.

IS Context

در حوزه امنیت اطلاعات، حادثه به هر رویداد ناخواسته یا غیرمنتظره‌ای اشاره دارد که باعث بروز اختلال یا آسیب به یک سیستم، داده‌ها یا خدمات می‌شود. این شامل خطاهای عملیاتی، نقص‌های فنی، یا حوادثی است که می‌تواند به از دست دادن اطلاعات یا آسیب به زیرساخت‌های حساس منجر شود.

Active Cyber Prevention

Details to be added...

Adaptation

Details to be added...

Adaptation Assessment

Details to be added...

Adaptation Options

Details to be added...

Adaptation Strategies

Details to be added...

Adaptive Capacity

Details to be added...

Alert

Details to be added...

All Hazards

Details to be added...

Asset

Details to be added...

Attack

Details to be added...

Attack Tool

Details to be added...

Attack Tree

Details to be added...

Attribute

Details to be added...

Authentication

Details to be added...

Authenticity

Details to be added...

Availability

Details to be added...

B

Best Practise

Details to be added...

Biological Hazard

Details to be added...

Blackout

Details to be added...

Brownout

Details to be added...

Bulk Power System

Details to be added...

C

CBRN

Details to be added...

CI

Details to be added...

CII

Details to be added...

CIIP

Details to be added...

CIP

Details to be added...

Capability

Details to be added...

Capacity

Details to be added...

Capacity Building

Details to be added...

Cascading Effect

Details to be added...

Cascading Failure

Details to be added...

Civil

Details to be added...

Civil Military Cooperation

Details to be added...

Civil Protection

Details to be added...

D

Damage

Details to be added...

Danger

Details to be added...

Decision Support

Details to be added...

Defence-in-Depth

Details to be added...

Denial of Service

Details to be added...

Dependability

Details to be added...

Dependency

Details to be added...

Destruction

Details to be added...

Detection

Details to be added...

Digital Service

Details to be added...

Disaster

Details to be added...

Disaster Recovery Plan

Details to be added...

Disaster Resilience

Details to be added...

Disaster Risk

Details to be added...

Disaster Risk Management

Details to be added...

Disaster Risk Reduction

Details to be added...

Disruption

Details to be added...

Distribution

Details to be added...

Distribution System Operator

Details to be added...

Disturbance

Details to be added...

Droughts

Details to be added...

E

ECI

Details to be added...

EPCIP

Details to be added...

Early Warning

Details to be added...

Effect

Details to be added...

Effectiveness

Details to be added...

Electro Magnetic Pulse

Details to be added...

Emergency

Details to be added...

Emergency Management

Details to be added...

Emergency Services

Details to be added...

Essential Service

Details to be added...

European Critical Infrastructure

Details to be added...

European Response Mechanism

Details to be added...

Event

Details to be added...

Exercise

Details to be added...

Exposure

Details to be added...

Extreme Weather Event (EWE)

Details to be added...

F

Failure

Details to be added...

Fault Tree

Details to be added...

Flood

Details to be added...

Functional Dependency

Details to be added...

G

Gateway

Details to be added...

Geographical Dependency

Details to be added...

Geological Hazard

Details to be added...

H

Harm

Details to be added...

Hazard

Details to be added...

Heat Wave

Details to be added...

Hybrid Threat

Details to be added...

Hydrometeorological Hazard

Details to be added...

I

Impact

Details to be added...

Impact Chains

Details to be added...

Incident

European Definitions

European Commission

• ‘Incident’ means an event compromising the availability, authenticity, integrity, or confidentiality of stored, transmitted, or processed data or of the services offered by, or accessible via, network and information systems.

• ‘Incident’ means an event which has the potential to significantly disrupt, or that disrupts, the provision of an essential service, including when it affects the national systems that safeguard the rule of law.

• ‘Incident’ means any event compromising the availability, authenticity, integrity, or confidentiality of stored, transmitted, or processed data or of the related services offered by, or accessible via, network and information systems.

• Incident means any event having the potential to disrupt, or that disrupts, the operations of the critical entity.

• Incident means any event having an actual adverse effect on the security of network and information systems.

ENISA

• Incident is an event that has been assessed as having an actual or potentially adverse effect on the security or performance of a system.

---

United States Definitions

DHS

• Incident is an occurrence, caused by either human action or natural phenomenon, that may cause harm and require action, which can include major disasters, emergencies, terrorist attacks, terrorist threats, wild and urban fires, floods, hazardous materials spills, nuclear accidents, aircraft accidents, earthquakes, hurricanes, tornadoes, tropical storms, war-related disasters, public health and medical emergencies, cyber attacks, cyber failure/accident, and other occurrences requiring an emergency response.

White House

• Cyber incident: An event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information, or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon. For purposes of this directive, a cyber incident may include a vulnerability in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.

Financial Stability Board

• Cyber incident: is defined as a cyber event that jeopardizes the cybersecurity of an information system or the information the system processes, stores, or transmits; or an event that violates security policies, procedures, or acceptable use policies, whether resulting from malicious activity or not.

FISMA

• Incident is an occurrence that (A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.

NIST

• Incident: An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits, or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

---

German Definitions

Germany (Sicherheitsvorfall)

• “Sicherheitsvorfall“ ein Ereignis, das die Verfügbarkeit, Authentizität, Integrität oder Vertraulichkeit gespeicherter, übermittelter oder verarbeiteter Daten oder der Dienste, die über Netz- und Informationssysteme angeboten werden bzw. zugänglich sind, beeinträchtigt.

• “Sicherheitsvorfall“ ein Ereignis, das die Erbringung eines wesentlichen Dienstes erheblich stört oder stören könnte, einschließlich einer Beeinträchtigung der nationalen Systeme zur Wahrung der Rechtsstaatlichkeit.

• “Sicherheitsvorfall“ alle Ereignisse, die tatsächlich nachteilige Auswirkungen auf die Sicherheit von Netz- und Informationssystemen haben.

---

Standard Definitions

ISO/PAS 22399:2007

• Event that might be, or could lead to, an operational interruption, disruption, loss, emergency or crisis.

ISO 22300:2012(en)

• Situation that might be, or could lead to, a disruption, loss, emergency or crisis.

NFPA-1600

• An event that has the potential to cause interruption, disruption, loss, emergency, crisis, disaster, or catastrophe.

---

Farsi Translation

Non-IS Context

در زمینه‌های غیر امنیت اطلاعات، حادثه یا رویداد به هر اتفاق ناخواسته یا غیرمنتظره‌ای اشاره دارد که باعث اختلال در ارائه خدمات حیاتی یا عملکرد یک سیستم می‌شود. این شامل خطاهای عملیاتی، نقص تجهیزات، یا رویدادهایی است که به دلیل عملکرد نامناسب ممکن است بر ایمنی یا قابلیت اطمینان سیستم‌ها تأثیر بگذارد.

IS Context

در حوزه امنیت اطلاعات، حادثه به هر رویدادی اشاره دارد که بر محرمانگی، یکپارچگی، یا دسترسی‌پذیری اطلاعات یا سیستم‌های اطلاعاتی تأثیر منفی داشته باشد. این می‌تواند شامل نقص‌های امنیتی، حملات سایبری، یا هرگونه تهدیدی باشد که به زیرساخت‌های حساس آسیب برساند.

---

Key Points

1. Definitions across different sectors, regions, and standards organizations are consistent in emphasizing that an incident typically involves a compromise in availability, authenticity, integrity, or confidentiality.
2. Both IS and non-IS incidents share common themes of disruption and harm, although the specific details vary according to context (e.g., cyber incidents vs. natural disaster incidents).

Incident Management

Details to be added...

Industrial Automation Control System

Details to be added...

Information Communication Technology

Details to be added...

Information Infrastructure

Details to be added...

Information Security

Details to be added...

Information Sharing

Details to be added...

Information System

Details to be added...

Information System Resilience

Details to be added...

Information Technology

Details to be added...

Information Technology Security

Details to be added...

Infrastructure

Details to be added...

Infrastructure Resilience

Details to be added...

Inoperability

Details to be added...

Integrity

Details to be added...

Interdependency

Details to be added...

Internet Exchange Point

Details to be added...

Interoperability

Details to be added...

L

Likelihood

Details to be added...

Load Shedding

Details to be added...

Logical Dependency

Details to be added...

M

M&S Interoperability

Details to be added...

Measure

Details to be added...

Mitigation

Details to be added...

Mode of Operations

Details to be added...

Modelling

Details to be added...

N

N-1 Criterion

Details to be added...

National Critical Infrastructure

Details to be added...

National Cyber Security Strategy

Details to be added...

National Risk Assessment

Details to be added...

National Risk Registry

Details to be added...

National Safety and Security

Details to be added...

National Security

Details to be added...

Natural Disaster

Details to be added...

Natural Hazard

Details to be added...

Near Miss

Details to be added...

Need-To-Know

Details to be added...

Network

Details to be added...

Network and Information System

Details to be added...

Non-repudiation

Details to be added...

Nowcast

Details to be added...

O

Operational Technology

Details to be added...

Operator of Essential Services

Details to be added...

Organisational Resilience

Details to be added...

P

PCII

Details to be added...

Physical Dependency

Details to be added...

Physical Security

Details to be added...

Point of Contact

Details to be added...

Preparation

Details to be added...

Preparedness

Details to be added...

Prevention

Details to be added...

Proaction

Details to be added...

Probability

Details to be added...

Process Control Systems

Details to be added...

Programmable Logic Controller

Details to be added...

Protected Critical Infrastructure Information

Details to be added...

Protection

Details to be added...

Protection System

Details to be added...

Public Safety

Details to be added...

R

Recovery

Details to be added...

Redundancy

Details to be added...

Reliability

Details to be added...

Residual Risk

Details to be added...

Resilience

Details to be added...

Response

Details to be added...

Risk

Details to be added...

Risk Acceptance

Details to be added...

Risk Analysis

Details to be added...

Risk Assessment

Details to be added...

Risk Criteria

Details to be added...

Risk Estimation

Details to be added...

Risk Evaluation

Details to be added...

Risk Identification

Details to be added...

Risk Management

Details to be added...

Risk Mitigation

Details to be added...

Risk Perception

Details to be added...

Risk Reduction

Details to be added...

Risk Source

Details to be added...

Risk Tolerance

Details to be added...

Risk Transfer

Details to be added...

Risk Treatment

Details to be added...

S

SCADA

Details to be added...

Safety

Details to be added...

Safety Chain

Details to be added...

Scenario

Details to be added...

Security

Details to be added...

Security of Network and Information Systems

Details to be added...

Security of Supply

Details to be added...

Self-reliance

Details to be added...

Sensitivity

Details to be added...

Sensitivity Analysis

Details to be added...

Severity

Details to be added...

Simulation

Details to be added...

Situation Analysis

Details to be added...

Social Resilience

Details to be added...

Societal Resilience

Details to be added...

Societal Security

Details to be added...

Socio-natural Hazard

Details to be added...

Space Weather

Details to be added...

Stakeholder

Details to be added...

Supervisory Control and Data Acquisition

Details to be added...

Supply Chain

Details to be added...

System

Details to be added...

System Resilience

Details to be added...

T

Technological Hazard

Details to be added...

Terrorism

Details to be added...

Threat

Details to be added...

Topology

Details to be added...

Traffic Light Protocol (TLP)

Details to be added...

Transmission

Details to be added...

Transmission System Operator

Details to be added...

U

Uncertainty

Details to be added...

Urban Critical Infrastructure

Details to be added...

Utilities

Details to be added...

V

Vital Interest

Details to be added...

Vital Process

Details to be added...

Vital Services

Details to be added...

Vulnerability

Details to be added...

W

Wicked Problem

Details to be added...