Conjunto de
disposiciones encaminadas a protegerse de los riesgos posibles sobre el sistema
de información, con el fin de asegurar sus objetivos de seguridad. Puede
tratarse de medidas de prevención, de disuasión, de protección, de detección y
reacción, o de recuperación. [ENS:2010]
Actions, devices,
procedures, or techniques that meet or oppose(i.e., counters) a threat, a
vulnerability, or an attack by eliminating or preventing it, by minimizing the
harm it can cause, or by discovering and reporting it so that corrective action
can be taken.
NIST SP 800-53: Actions,
devices, procedures, techniques, or other measures that reduce the
vulnerability of an information system. Synonymous with security controls and
safeguards.
[CNSSI_4009:2010]
Puede ser
usado para referirse a algún tipo de Control. El término Contramedida es muy
usado cuando se refiere a medidas que incrementan la Resistencia, Tolerancia a
fallos o Confiabilidad de un Servicio TI. [ITIL:2007]
action, measure, or device
that reduces an identified risk
Annotation: A countermeasure
can reduce any component of risk -threat, vulnerability, or consequence
DHS Risk
Lexicon, September 2008
(I) An action, device,
procedure, or technique that meets or opposes (i.e., counters) a threat, a
vulnerability, or an attack by eliminating or preventing it, by minimizing the
harm it can cause, or by discovering and reporting it so that corrective action
can be taken. [RFC4949:2007]
Can be used to refer to any
type of Control. The term Countermeasure is most often used when referring to
measures that increase Resilience, Fault Tolerance or Reliability of an IT
Service. [ITIL:2007]
Action, device, procedure,
technique, or other measure that reduces the vulnerability of an information
system.[FIPS-200:2006]
Anything which effectively
negates or mitigates an adversary's ability to exploit vulnerabilities.
http://www.ioss.gov/docs/definitions.html
Any action, device,
procedure, technique, or other measure that mitigates risk by reducing the
vulnerability of, threat to, or impact on a system. [TDIR:2003]
a technical or non-technical
security measure which contributes to meeting the security objective(s) of a
Target of Evaluation. [ITSEM:1993]
Peut faire référence à
n’importe quel type de contrôle. Le terme “Contre-mesure” est souvent utilisé
pour faire référence à des mesures qui augmente la Résilience, la Tolérance de
panne ou la Fiabilité d’un service des TI. [ITIL:2007]