Glossary

Filter:
# A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
Vulnerability
  • A weakness in automated system security procedures, administrative controls, internal controls, and so forth, that could be exploited by a threat to gain unauthorized access to information or disrupt critical processing. (AFR 700-10;; AFR 205-16;; AR 380-380;) 2. A weakness in system security procedures, hardware design, internal controls, etc. , which could be exploited to gain unauthorized access to classified or sensitive information. (NCSC-WA-001-85;) 3. A weakness in the physical layout, organization, procedures, personnel, management, administration, hardware, or software that may be exploited to cause harm to the ADP system or activity. The presence of a vulnerability does not in itself cause harm; a vulnerability is merely a condition or set of conditions that may allow the ADP system or activity to be harmed by an attack. (OPNAVINST 5239. 1A;) 4. An assertion primarily concerning entities of the internal environment (assets); we say that an asset (or class of assets) is vulnerable (in some way, possibly involving an agent or collection of agents); we write: V(i,e) where: e may be an empty set. (ET;) 5. Susceptibility to various threats. (RM;) 6. A set of properties of a specific internal entity that, in union with a set of properties of a specific external entity, implies a risk. (MK;) 7. The characteristics of a system which cause it to suffer a definite degradation (incapability to perform the designated mission) as a result of having been subjected to a certain level of effects in an unnatural (manmade) hostile environment. (JP 1-02) (AF MAN 33-270)