Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Glossary

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z  |  Symbols

Threat

Acronym(s):

None

Definition(s):

  Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.
Source(s): FIPS 200 (Adapted from CNSSI 4009)

  Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Source(s): CNSSI 4009-2015 (NIST SP 800-30 Rev. 1)
NIST SP 800-128 (CNSSI 4009)
NIST SP 800-137 (Adapted from CNSSI 4009)
NIST SP 800-161 (NIST SP 800-53 Rev. 4, CNSSI 4009)
NIST SP 800-171 (Updates to version published June 2015) (Adapted from CNSSI 4009)
NIST SP 800-37 Rev. 1 (Adapted from CNSSI 4009)
NIST SP 800-39 (CNSSI 4009)
NIST SP 800-53 Rev. 4 (Adapted from CNSSI 4009)
NIST SP 800-53A Rev. 4 (CNSSI 4009)

  An activity, deliberate or unintentional, with the potential for causing harm to an automated information system or activity.
Source(s): NIST SP 800-16

  Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Source(s): NIST SP 800-18 Rev. 1 (Adapted from CNSSI 4009)
NIST SP 800-82 Rev. 2 (NIST SP 800-53)

  An entity or event with the potential to harm a system.
Source(s): NIST SP 800-21 Second edition (NIST SP 800-12)

  Any circumstance or event with the potential to harm an information system through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. Threats arise from human actions and natural events.
Source(s): NIST SP 800-27 Rev. A

  A possible danger to a computer system, which may result in the interception, alteration, obstruction, or destruction of computational resources, or other disruption to the system.
Source(s): NIST SP 800-28 Version 2

  Any circumstance or event with the potential to cause harm to an information system in the form of destruction, disclosure, adverse modification of data, and/or denial of service.
Source(s): NIST SP 800-32 (CNSSI 4009)

  The potential for a threat-source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability.
Source(s): NIST SP 800-47

  Any circumstance or event with the potential to adversely impact agency operations (including mission function, image, or reputation), agency assets or individuals through an information system via unauthorized access, destruction, disclosure, modification of data, and/or denial of service.
Source(s): NIST SP 800-57 Part 2 (NIST SP 800-53)

  Any circumstance or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, modification of data or denial of service.
Source(s): NIST SP 800-57 Part 3 Rev. 1

  Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Source(s): NIST SP 800-60 Vol 1 Rev. 1 (Adapted from CNSSI 4009)

  The potential source of an adverse event.
Source(s): NIST SP 800-61 Rev. 2

  Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service.
Source(s): NIST SP 800-30 (CNSSI 4009)

  The potential for a “threat source” (defined below) to exploit (intentional) or trigger (accidental) a specific vulnerability.
Source(s): NIST SP 800-33

Synonym(s):

None

See Also: