Estar, o
poner, en duda algo que antes era claro y seguro.
DRAE.
Diccionario de la Lengua Española.
Soslayar o
violar los mecanismos o procedimientos
de seguridad de un sistema, recurso o activo con el resultado de
desproteger a los mismos. [Ribagorda:1997]
1. Resultado de un incumplimiento o violación de las medidas de
seguridad, por el que determinada información ha quedado desprotegida.
2. Documento
en el que una persona reconoce haber sido instruida en las medidas de seguridad
vigentes y se compromete a aplicarlas.
[CESID:1997]
To bring
somebody/something/yourself into danger or under suspicion, especially by
acting in a way that is not very sensible.
Oxford Advanced Learner's
Dictionary.
compromise of
security that leads to the accidental or unlawful destruction, loss,
alteration, unauthorized disclosure of, or access to protected data
transmitted, stored or otherwise processed [ISO-27050:2015]
Disclosure of information to
unauthorized persons, or a violation of the security policy of a system in
which unauthorized intentional or unintentional disclosure, modification,
destruction, or loss of an object may have occurred. [CNSSI_4009:2010]
(I) A security
violation in which a system resource is exposed, or is potentially exposed, to
unauthorized access. (Compare: data compromise, exposure, violation.)
[RFC4949:2007]
1. (I) A security incident
in which information is exposed to potential unauthorized access, such that
unauthorized disclosure, alteration, or use of the information might have
occurred. (Compare: security compromise, security incident.)
2. (O) /U.S. DoD/ A
"compromise" is a "communication or physical transfer of information
to an unauthorized recipient." [DoD5]
3. (O) /U.S. Government/
"Type of [security] incident where information is disclosed to
unauthorized individuals or a violation of the security policy of a system in
which unauthorized intentional or unintentional disclosure, modification,
destruction, or loss of an object may have occurred." [C4009]
[RFC4949:2007]
The unauthorized disclosure,
modification, substitution or use of sensitive data (e.g., keying material and
other security related information). [NIST-SP800-57:2007]
the unauthorised
disclosure, modification, substitution, or use of CSPs or the unauthorised
modification or substitution of PSPs.
CSP - critical security
parameter - security related information whose disclosure or modification can
compromise the security of a cryptographic module.
EXAMPLE: Secret and private
cryptographic keys, authentication data such as passwords, PINs, certificates
or other trust anchors.
NOTE. A CSP may be plaintext
or encrypted.
PSP - public security
parameter
security related public
information whose modification can compromise the security of a cryptographic
module.
EXAMPLE: Public
cryptographic keys, public key certificates, self-signed certificates, trust
anchors, and one time passwords associated with a counter.
[ISO-19790:2006]
Compromise
denotes a situation when -due to a breach of security or adverse activity (such
as espionage, acts of terrorism, sabotage or theft)- classified information has
lost its confidentiality, integrity or availability, or supporting services and
resources have lost their integrity or availability. This includes loss,
disclosure to unauthorised individuals (e.g. through espionage or to the media)
unauthorised modification, destruction in an unauthorised manner, or denial of
service.
the unauthorized disclosure,
modification, substitution, or use of sensitive data (including plaintext
cryptographic keys and other CSPs). [FIPS-140-2:2001]
Also referred to as “data
compromise,” or “data breach.” Intrusion into a computer system where
unauthorized disclosure/theft, modification, or destruction of cardholder data
is suspected.
https://www.pcisecuritystandards.org/security_standards/glossary.php
The unauthorized access to,
disclosure, destruction, removal, modification, use or interruption of assets
or information.
http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578
Également dénommé
«compromission des données» ou «atteinte à la protection des données».
Intrusion dans un système informatique lorsque l’on soupçonne une
divulgation/un vol, une modification ou la destruction non autorisés des
données du titulaire de carte.
http://fr.pcisecuritystandards.org/