| Anything tangible or intangible that has value to the organization. There are many types of assets, and some of which include obvious things, such as: persons, machineries, utilities, patents, software and services. The term could also include less obvious things, such as: information and characteristics (e.g., organization’s reputation and public image, as well as skill and knowledge).
|Any kind of malicious activity that attempts to achieve unauthorized access, collection, disabling, prevention, destroy or sabotage of the information system resources or the information itself
|It is the function of defining and verifying access rights/privileges to resources related to organization’s information and technical assets security in general and to access control in particular. Maintaining authorized restrictions on access to and disclosure of information, including means of protecting privacy/personal information.
|Any system or network whose failure, unauthorized change to operation thereof, unauthorized access thereto, or to data stored or processed thereby may result in a negative impact on the organization’s businesses and services’ availability, or cause negative economic, financial, security, or social impacts on the national level.
|Intentional exploitation of computer systems, networks, and organizations whose work depends on digital ICT, in order to cause damage.
|The interconnected network of IT infrastructure, including Internet, communications networks, computer systems and Internet-connected devices, as well as associated hardware and control devices. The term can also refer to a virtual world or domain such as a simple concept.
|Risks to organizational operations (Including vision, mission, functions, image or reputation), organizational assets, individuals, other organizations, or the nation due to the potential of unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems.