Countermeasure (computer)
Encyclopedia
In Computer Security
a countermeasure is an action
, device
, procedure
, or technique that reduces a threat
, a vulnerability
, or an attack
by eliminating or preventing it, by minimizing the harm
it can cause, or by discovering and reporting it so that corrective action can be taken.
The definition is as IETF RFC 2828 that is the same as CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems
of United States of America
According to the Glossary by InfosecToday, the meaning of countermeasure is:
A synonym is security control
.
In telecommunications, communication countermeasures are defined as Security services
as part of OSI Reference model
by ITU-T X.800 Recommendation.
X.800 and ISO ISO 7498-2 (Information processing systems – Open systems interconnection – Basic Reference Model – Part 2: Security architecture are technically aligned.
The following picture explain the relationships between these concepts and terms:
A resource (both physical or logical) can have one or more vulnerabilities
that can be exploited by a threat
agent in a threat action. The result can potentially compromises the Confidentiality
, Integrity
or Availability
properties of resources (potentially different that the vulnerable one) of the organization and others involved parties (customers, suppliers).
The so called CIA triad is the basis of Information Security
.
The attack can be active when it attempts to alter system resources or affect their operation: so it compromises Integrity or Availability. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources: so it compromises Confidentiality.
A Threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, a fire, or a tornado).
A set of policies concerned with information security management, the Information Security Management Systems (ISMS), has been developed to manage, according to Risk management
principles, the countermeasures in order to accomplish to a security strategy set up following rules and regulations applicable in a country.
See also
External links
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
a countermeasure is an action
Action
Action may refer to:* Action theory , concerning the processes causing intentional human bodily movements* Social actions, person taking account of others* Action , a characteristic of a stringed instrument...
, device
Device
-Computing and electronics:* A component of personal computer hardware* Peripheral, any device attached to a computer that expands its functionality* Electronic component-Other uses:* Appliance, a device for a particular task* Device...
, procedure
Procedure (term)
A procedure is a sequence of actions or operations which have to be executed in the same manner in order to always obtain the same result under the same circumstances ....
, or technique that reduces a threat
Threat (computer)
In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
, a vulnerability
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
, or an attack
Attack (computer)
In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.- IETF :Internet Engineering Task Force defines attack in RFC 2828 as:...
by eliminating or preventing it, by minimizing the harm
HARM
HARM or H.A.R.M. may refer to:* AGM-88 HARM, a high-speed anti-radiation missile* Historic Aircraft Restoration Museum, a museum in Creve Coeur, Missouri, United States...
it can cause, or by discovering and reporting it so that corrective action can be taken.
The definition is as IETF RFC 2828 that is the same as CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems
Committee on National Security Systems
The Committee on National Security Systems is a United States intergovernmental organization that sets policy for the security of the US security systems.-Charter, mission, and leadership:...
of United States of America
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
According to the Glossary by InfosecToday, the meaning of countermeasure is:
- The deployment of a set of security services to protect against a security threat.
A synonym is security control
Security controls
Security controls are safeguards or countermeasures to avoid, counteract or minimize security risks.To help review or design security controls, they can be classified by several criteria, for example according to the time that they act, relative to a security incident:*Before the event, preventive...
.
In telecommunications, communication countermeasures are defined as Security services
Security service (telecommunication)
Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers as defined by ITU-T X.800 Recommendation....
as part of OSI Reference model
OSI model
The Open Systems Interconnection model is a product of the Open Systems Interconnection effort at the International Organization for Standardization. It is a prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers. Similar...
by ITU-T X.800 Recommendation.
X.800 and ISO ISO 7498-2 (Information processing systems – Open systems interconnection – Basic Reference Model – Part 2: Security architecture are technically aligned.
The following picture explain the relationships between these concepts and terms:
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
| An Attack: | |Counter- | | A System Resource: |
| i.e., A Threat Action | | measure | | Target of the Attack |
| +----------+ | | | | +-----------------+ |
| | Attacker |<||<
| |
| | i.e., | Passive | | | | | Vulnerability | |
| | A Threat |<>||<> | |
| | Agent | or Active | | | | +-------|||-------+ |
| +----------+ Attack | | | | VVV |
| | | | | Threat Consequences |
+ - - - - - - - - - - - - + + - - - - + + - - - - - - - - - - -+
A resource (both physical or logical) can have one or more vulnerabilities
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
that can be exploited by a threat
Threat (computer)
In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
agent in a threat action. The result can potentially compromises the Confidentiality
Confidentiality
Confidentiality is an ethical principle associated with several professions . In ethics, and in law and alternative forms of legal resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to...
, Integrity
Integrity
Integrity is a concept of consistency of actions, values, methods, measures, principles, expectations, and outcomes. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions...
or Availability
Availability
In telecommunications and reliability theory, the term availability has the following meanings:* The degree to which a system, subsystem, or equipment is in a specified operable and committable state at the start of a mission, when the mission is called for at an unknown, i.e., a random, time...
properties of resources (potentially different that the vulnerable one) of the organization and others involved parties (customers, suppliers).
The so called CIA triad is the basis of Information Security
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
.
The attack can be active when it attempts to alter system resources or affect their operation: so it compromises Integrity or Availability. A "passive attack" attempts to learn or make use of information from the system but does not affect system resources: so it compromises Confidentiality.
A Threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, a fire, or a tornado).
A set of policies concerned with information security management, the Information Security Management Systems (ISMS), has been developed to manage, according to Risk management
Risk management
Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities...
principles, the countermeasures in order to accomplish to a security strategy set up following rules and regulations applicable in a country.
See also
- Attack (computer)Attack (computer)In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.- IETF :Internet Engineering Task Force defines attack in RFC 2828 as:...
- CountermeasureCountermeasureA countermeasure is a measure or action taken to counter or offset another one. As a general concept it implies precision, and is any technological or tactical solution or system designed to prevent an undesirable outcome in the process...
- Computer securityComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
- Computer insecurityComputer insecurityComputer insecurity refers to the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those looking to improve security, and those looking to circumvent security.-Security and systems design:...
- Common Vulnerabilities and ExposuresCommon Vulnerabilities and ExposuresThe Common Vulnerabilities and Exposures or CVE system provides a reference-method for publicly-known information-security vulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland...
(CVE) - Common Vulnerability Scoring SystemCVSSCommon Vulnerability Scoring System is an industry standard for assessing the severity of computer system security vulnerabilities. It attempts to establish a measure of how much concern a vulnerability warrants, compared to other vulnerabilities, so efforts can be prioritized...
(CVSS) - Exploit (computer security)Exploit (computer security)An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
- Full disclosureFull disclosureIn computer security, full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity...
- Information SecurityInformation securityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
- ISMS
- IT riskIT riskInformation technology risk, or IT risk, IT-related risk, is a risk related to information technology. This relatively new term due to an increasing awareness that information security is simply one facet of a multitude of risks that are relevant to IT and the real world processes it...
- Metasploit
- Month of BugsMonth of BugsMonth of Bugs is an increasingly popular strategy used by security researchers to draw attention to the lax security procedures of commercial software corporations. The tenet is these corporations have shown themselves to be unresponsive and uncooperative to security alerts and that "responsible...
- Security controlSecurity controlsSecurity controls are safeguards or countermeasures to avoid, counteract or minimize security risks.To help review or design security controls, they can be classified by several criteria, for example according to the time that they act, relative to a security incident:*Before the event, preventive...
- Security service (telecommunication)Security service (telecommunication)Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers as defined by ITU-T X.800 Recommendation....
- threatThreat (computer)In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
- vulnerabilityVulnerability (computing)In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
- Vulnerability managementVulnerability management"Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities" This practice generally refers to software vulnerabilities in computing systems.- Vulnerability Management Programs :...
- w3afW3afw3af is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications...
External links