Estar, o
poner, en duda algo que antes era claro y seguro.
DRAE.
Diccionario de la Lengua Española.
Soslayar o
violar los mecanismos o procedimientos
de seguridad de un sistema, recurso o activo con el resultado de
desproteger a los mismos. [Ribagorda:1997]
1. Resultado
de un incumplimiento o violación de las medidas de seguridad, por el que
determinada información ha quedado desprotegida.
2. Documento
en el que una persona reconoce haber sido instruida en las medidas de seguridad
vigentes y se compromete a aplicarlas.
[CESID:1997]
To bring
somebody/something/yourself into danger or under suspicion, especially by
acting in a way that is not very sensible.
Oxford Advanced
Learner's Dictionary.
compromise of
security that leads to the accidental or unlawful destruction, loss,
alteration, unauthorized disclosure of, or access to protected data
transmitted, stored or otherwise processed [ISO-27050:2015]
Disclosure of
information to unauthorized persons, or a violation of the security policy of a
system in which unauthorized intentional or unintentional disclosure,
modification, destruction, or loss of an object may have occurred. [CNSSI_4009:2010]
(I) A security
violation in which a system resource is exposed, or is potentially exposed, to
unauthorized access. (Compare: data compromise, exposure, violation.)
[RFC4949:2007]
1. (I) A security
incident in which information is exposed to potential unauthorized access, such
that unauthorized disclosure, alteration, or use of the information might have
occurred. (Compare: security compromise, security incident.)
2. (O) /U.S. DoD/
A "compromise" is a "communication or physical transfer of information
to an unauthorized recipient." [DoD5]
3. (O) /U.S.
Government/ "Type of [security] incident where information is disclosed to
unauthorized individuals or a violation of the security policy of a system in
which unauthorized intentional or unintentional disclosure, modification,
destruction, or loss of an object may have occurred." [C4009]
[RFC4949:2007]
The unauthorized
disclosure, modification, substitution or use of sensitive data (e.g., keying
material and other security related information). [NIST-SP800-57:2007]
the unauthorised
disclosure, modification, substitution, or use of CSPs or the unauthorised
modification or substitution of PSPs.
CSP - critical
security parameter - security related information whose disclosure or
modification can compromise the security of a cryptographic module.
EXAMPLE: Secret
and private cryptographic keys, authentication data such as passwords, PINs,
certificates or other trust anchors.
NOTE. A CSP may
be plaintext or encrypted.
PSP - public
security parameter
security related
public information whose modification can compromise the security of a
cryptographic module.
EXAMPLE: Public
cryptographic keys, public key certificates, self-signed certificates, trust
anchors, and one time passwords associated with a counter.
[ISO-19790:2006]
Compromise
denotes a situation when -due to a breach of security or adverse activity (such
as espionage, acts of terrorism, sabotage or theft)- classified information has
lost its confidentiality, integrity or availability, or supporting services and
resources have lost their integrity or availability. This includes loss,
disclosure to unauthorised individuals (e.g. through espionage or to the media)
unauthorised modification, destruction in an unauthorised manner, or denial of
service.
the unauthorized
disclosure, modification, substitution, or use of sensitive data (including
plaintext cryptographic keys and other CSPs). [FIPS-140-2:2001]
Also referred to
as data compromise, or data breach. Intrusion into a computer system where
unauthorized disclosure/theft, modification, or destruction of cardholder data
is suspected.
https://www.pcisecuritystandards.org/security_standards/glossary.php
The unauthorized
access to, disclosure, destruction, removal, modification, use or interruption
of assets or information.
http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578
Également dénommé
«compromission des données» ou «atteinte à la protection des données».
Intrusion dans un système informatique lorsque lon soupçonne une
divulgation/un vol, une modification ou la destruction non autorisés des
données du titulaire de carte.
http://fr.pcisecuritystandards.org/
Temas relacionados