Use Case

Use Case

Definition(s)

Use Case

Technique for capturing potential functional requirements that employs the use of one or more scenarios that convey how the system should interact with the end user or another system to achieve a specific goal.
  • NOTE: Typically use cases treat the system as a black box, and the interactions with the system, including system responses, are as perceived from outside of the system. Use cases are popular because they simplify the description of requirements, and avoid the problem of making assumptions about how this functionality will be accomplished
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Traffic Analysis

Traffic Analysis

Definition(s)

Traffic Analysis

Inference of information from observable characteristics of data flow(s), even when the data are encrypted or otherwise not directly available, including the identities and locations of source(s) and destination(s) and the presence, amount, frequency, and duration of occurrence.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Threat Action

Threat Action

Definition(s)

Threat Action

Assault on system security [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
System Software

System Software

Definition(s)

System Software

Special software designed for a specific computer system or family of computer systems to facilitate the operation and maintenance of the computer system and associated programs and data [12]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Supervisory Control and Data Acquisition (SCADA) System

Supervisory Control and Data Acquisition (SCADA) System

Definition(s)

Supervisory Control and Data Acquisition (SCADA) System

Type of loosely coupled distributed monitoring and control system commonly associated with electric power transmission and distribution systems, oil and gas pipelines, and water and sewage systems.
  • NOTE: Supervisory control systems are also used within batch, continuous, and discrete manufacturing plants to centralize monitoring and control activities for these sites.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Spoof

Spoof

Definition(s)

Spoof

Pretending to be an authorized user and performing an unauthorized action [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Sniffing

Sniffing

Definition(s)

Sniffing

See “interception.Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Server

Server

Definition(s)

Server

Device or application that provides information or services to client applications and devices [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Sensors and Actuators

Sensors and Actuators

Definition(s)

Sensors and Actuators

Measuring or actuating elements connected to process equipment and to the control system.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Zone

Security Zone

Definition(s)

Security Zone

Grouping of logical or physical assets that share common security requirements.
  • NOTE: All unqualified uses of the word “zone” in this standard should be assumed to refer to a security zone.
  • NOTE: A zone has a clear border with other zones. The security policy of a zone is typically enforced by a combination of mechanisms both at the zone edge and within the zone. Zones can be hierarchical in the sense that they can be comprised of a collection of subzones
.Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Violation

Security Violation

Definition(s)

Security Violation

Act or event that disobeys or otherwise breaches security policy through an intrusion or the actions of a well-meaning insider.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Services

Security Services

Definition(s)

Security Services

Mechanisms used to provide confidentiality, data integrity, authentication, or no repudiation of information [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Program

Security Program

Definition(s)

Security Program

A combination of all aspects of managing security, ranging from the definition and communication of policies through implementation of best industry practices and ongoing operation and auditing.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Procedures

Security Procedures

Definition(s)

Security Procedures

Definitions of exactly how practices are implemented and executed.
  • NOTE: Security procedures are implemented through personnel training and actions using currently available and installed technology.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Performance

Security Performance

Definition(s)

Security Performance

Program’s compliance, completeness of measures to provide specific threat protection, post-compromise analysis, review of changing business requirements, new threat and vulnerability information, and periodic audit of control systems to ensure security measures remain effective and appropriate.
  • NOTE: Tests, audits, tools, measures, or other methods are required to evaluate security practice performance
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Perimeter

Security Perimeter

Definition(s)

Security Perimeter

Boundary (logical or physical) of the domain in which a security policy or security architecture applies, i.e., the boundary of the space in which security services protect system resources [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Objective

Security Objective

Definition(s)

Security Objective

Aspect of security which to achieve is the purpose and objective of using certain mitigation measures, such as confidentiality, integrity, availability, user authenticity, access authorization, accountability.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Level

Security Level

Definition(s)

Security Level

Level corresponding to the required effectiveness of countermeasures and inherent security properties of devices and systems for a zone or conduit based on assessment of risk for the zone or conduit [13]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Intrusion

Security Intrusion

Definition(s)

Security Intrusion

Security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Function

Security Function

Definition(s)

Security Function

Function of a zone or conduit to prevent unauthorized electronic intervention that can impact or influence the normal functioning of devices and systems within the zone or conduit.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Event

Security Event

Definition(s)

Security Event

Occurrence in a system that is relevant to the security of the system [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Control

Security Control

Definition(s)

Security Control

See “countermeasure.Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Components

Security Components

Definition(s)

Security Components

Assets such as firewalls, authentication modules, or encryption software used to improve the security performance of an industrial automation and control system (See “countermeasure”). Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Audit

Security Audit

Definition(s)

Security Audit

Independent review and examination of a system's records and activities to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures [7]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Architecture

Security Architecture

Definition(s)

Security Architecture

Plan and set of principles that describe the security services that a system is required to provide to meet the needs of its users, the system elements required to implement the services, and the performance levels required in the elements to deal with the threat environment [11].
  • NOTE: In this context, security architecture would be an architecture to protect the control network from intentional or unintentional security events.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security

Security

Definition(s)

Security

  1. measures taken to protect a system.
  2. condition of a system that results from the establishment and maintenance of measures to protect the system.
  3. condition of system resources being free from unauthorized access and from unauthorized or accidental change, destruction, or loss [11].
  4. capability of a computer-based system to provide adequate confidence that unauthorized persons and systems can neither modify the software and its data nor gain access to the system functions, and yet to ensure that this is not denied to authorized persons and systems [14].
  5. prevention of illegal or unwanted penetration of or interference with the proper and intended operation of an industrial automation and control system.
  • NOTE: Measures can be controls related to physical security (controlling physical access to computing assets) or logical security (capability to login to a given system and application.)
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Secret

Secret

Definition(s)

Secret

Condition of information being protected from being known by any system entities except those intended to know it [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Safety Network

Safety Network

Definition(s)

Safety Network

Network that connects safety-instrumented systems for the communication of safety-related information.

Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Router

Router

Definition(s)

Router

Gateway between two networks at OSI layer 3 and that relays and directs data packets through that internetwork. The most common form of router passes Internet Protocol (IP) packets [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Role-based Access Control

Role-based Access Control

Definition(s)

Role-based Access Control

Form of identity-based access control where the system entities that are identified and controlled are functional positions in an organization or process [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard