Definition(s)
Vulnerability
Flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s integrity or security policy [11].
Source: DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global Standards
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Vulnerability
A weakness that can be exploited by a threat to gain access to an asset.
Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards
Vulnerability
A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.
Extended Definition: Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized.
Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4.
Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Vulnerability
An object, condition or circumstance with the potential for an adverse, harmful or damaging outcome.
Vulnerability is a general expression for more specific terms such as a hazard, effect, impact or threat related to activities, assets or projects.
Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global Standards
Vulnerability
Weakness of an asset or control that can be exploited by one or more threats.
Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Vulnerability
[Vulnerability shall be considered in the analysis and] is defined as any weakness that can be exploited by a threat in order to gain access to an asset and to succeed in a malevolent act against that asset. Vulnerability is determined by evaluating the inability to Deter, Detect, Delay, Respond to, and Recover from a threat in a manner sufficient to limit the likelihood of success of the threat, or to reduce the impacts of the event through such measures as interdiction, response, suppression of effects, emergency management, and resilience.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards
Vulnerability
A weakness that can be exploited by a threat to gain access to an asset, to include building characteristics, equipment properties, personnel behavior, locations of personnel, equipment, or operational and personnel practices.
Source:API STANDARD 780, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, First Edition, May 2013. Global Standards
Vulnerability
Weakness of an asset or control that can be exploited by a threat.
[ISO/IEC 27000:2009]
Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Vulnerability
Physical feature or operational attribute that renders an entity, asset, system, network, or geographic area open to exploitation or susceptible to a given hazard
Sample Usage: Installation of vehicle barriers may remove a vulnerability related to attacks using vehicle-borne improvised explosive devices.
Extended Definition: characteristic of design, location, security posture, operation, or any combination thereof, that renders an entity, asset, system, network, or geographic area susceptible to disruption, destruction, or exploitation.
Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory Guidance
Vulnerability
Any weakness that can be exploited by an adversary to gain access or cause damage to an asset.
- Note: Vulnerabilities include asset characteristics, equipment properties, personnel behaviour, locations of people, equipment, buildings, and operational and personnel practices.
(Source: Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries)
Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional Standards
Vulnerability
Intrinsic properties of something resulting in susceptibility to a risk source (3.5.1.2) that can lead to an event with a consequence (3.6.1.3).
Source: ISO Guide 73:2009(E/F), Risk Management – Vocabulary, First Edition, 2009. Global Standards