EN ISO 22300-2018 en Security and resilience - Vocabulary.pdf

1、BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06Security and resilience Vocabulary (ISO 22300:2018)BS EN ISO 22300:2018EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO 22300 March 2018 ICS 01.040.03; 03.100.01 Supersedes EN ISO 22300:2014English Version Secur

2、ity and resilience - Vocabulary (ISO 22300:2018) Scurit et rsilience - Vocabulaire (ISO 22300:2018) Sicherheit und Resilienz - Terminologie (ISO 22300:2018) This European Standard was approved by CEN on 22 January 2018. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which

3、stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This Europ

4、ean Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are

5、 the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Rom

6、ania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels 2018 CEN All rights of exploitation in an

7、y form and by any means reserved worldwide for CEN national Members. Ref. No. EN ISO 22300:2018 ENational forewordThis British Standard is the UK implementation of EN ISO 22300:2018. It is identical to ISO 22300:2018. It supersedes BS EN ISO 22300:2014, which is withdrawn.The UK participation in its

8、 preparation was entrusted to Technical Committee SSM/1, Societal security management.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for i

9、ts correct application. The British Standards Institution 2018 Published by BSI Standards Limited 2018ISBN 978 0 580 95688 1ICS 03.100.01; 01.040.03Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standard

10、s Policy and Strategy Committee on 31 March 2018.Amendments/corrigenda issued since publicationDate Text affectedBRITISH STANDARDBS EN ISO 22300:2018EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO 22300 March 2018 ICS 01.040.03; 03.100.01 Supersedes EN ISO 22300:2014English Version Security

11、 and resilience - Vocabulary (ISO 22300:2018) Scurit et rsilience - Vocabulaire (ISO 22300:2018) Sicherheit und Resilienz - Terminologie (ISO 22300:2018) This European Standard was approved by CEN on 22 January 2018. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which sti

12、pulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European

13、 Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are th

14、e national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romani

15、a, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels 2018 CEN All rights of exploitation in any f

16、orm and by any means reserved worldwide for CEN national Members. Ref. No. EN ISO 22300:2018 EBS EN ISO 22300:2018EN ISO 22300:2018 (E) 3 European foreword This document (EN ISO 22300:2018) has been prepared by Technical Committee ISO/TC 292 “Security and resilience” in collaboration with Technical

17、Committee CEN/TC 391 “Societal and citizen security” the secretariat of which is held by NEN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by September 2018, and conflicting national standards sha

18、ll be withdrawn at the latest by September 2018. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights. This document supersedes EN ISO 22300:2014. Accordin

19、g to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Gr

20、eece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO 22300:2018 has been approved by CEN as EN ISO 22300:

21、2018 without any modification. BS EN ISO 22300:2018ISO 22300:2018(E)Foreword iv1 Scope . 12 Normative references 13 Terms and definitions . 1Bibliography .35 ISO 2018 All rights reserved iiiContents PageBS EN ISO 22300:2018ISO 22300:2018(E)ForewordISO (the International Organization for Standardizat

22、ion) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be r

23、epresented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.The procedures used to d

24、evelop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the

25、ISO/IEC Directives, Part 2 (see www .iso .org/ directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified du

26、ring the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the

27、 voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www .iso .org/ iso/ forewor

28、d .html.This document was prepared by Technical Committee ISO/TC 292, Security and resilience.This second edition cancels and replaces the first edition (ISO 22300:2012), which has been technically revised.The main changes compared to the previous edition are that terms have been added from recent p

29、ublished documents and documents transferred to ISO/TC 292.iv ISO 2018 All rights reservedBS EN ISO 22300:2018INTERNATIONAL STANDARD ISO 22300:2018(E)Security and resilience Vocabulary1 ScopeThis document defines terms used in security and resilience standards.2 Normative referencesThere are no norm

30、ative references in this document.3 Terms and definitionsISO and IEC maintain terminological databases for use in standardization at the following addresses: IEC Electropedia: available at h t t p :/ www .electropedia .org/ ISO Online browsing platform: available at h t t p s :/ www .iso .org/ obp3.

31、1activityprocess (3.180) or set of processes undertaken by an organization (3.158) (or on its behalf) that produces or supports one or more products or services (3.181)EXAMPLE Accounts, call centre, IT, manufacture, distribution.3.2affected arealocation that has been impacted by a disaster (3.69)Not

32、e 1 to entry: The term is more relevant to immediate evacuations (3.80).3.3after-action reportdocument (3.71) which records, describes and analyses the exercise (3.83), drawing on debriefs and reports from observers (3.154), and derives lessons from itNote 1 to entry: The after-action report documen

33、ts the results from the after-action review (3.197).Note 2 to entry: An after-action report is also called a final exercise report.3.4alertpart of public warning (3.183) that captures attention of first responders and people at risk (3.166) in a developing emergency (3.77) situation3.5all clearmessa

34、ge or signal that the danger is over3.6all-hazardsnaturally occurring event (3.82), human induced event (both intentional and unintentional) and technology caused event with potential impact (3.107) on an organization (3.158), community (3.42) or society and the environment on which it depends ISO 2

35、018 All rights reserved 1BS EN ISO 22300:2018ISO 22300:2018(E)3.7alternate worksitework location, other than the primary location, to be used when the primary location is not accessible3.8appropriate law enforcement and other government officialsgovernment and law enforcement personnel (3.169) that

36、have specific legal jurisdiction over the international supply chain (3.127) or portions of it3.9area at risklocation that could be affected by a disaster (3.69)Note 1 to entry: The term is more relevant to preventative evacuations (3.80).3.10assetanything that has value to an organization (3.158)No

37、te 1 to entry: Assets include but are not limited to human, physical, information (3.116), intangible and environmental resources (3.193).3.11attacksuccessful or unsuccessful attempt(s) to circumvent an authentication solution (3.19), including attempts to imitate, produce or reproduce the authentic

38、ation elements (3.17)3.12attribute data management systemADMSsystem that stores, manages and controls access of data pertaining to objects (3.151)3.13auditsystematic, independent and documented process (3.180) for obtaining audit evidence and evaluating it objectively to determine the extent to whic

39、h the audit criteria are fulfilledNote 1 to entry: The fundamental elements of an audit include the determination of the conformity (3.45) of an object (3.151) according to a procedure (3.179) carried out by personnel (3.169) not being responsible for the object audited.Note 2 to entry: An audit can

40、 be an internal audit (first party) or an external audit (second party or third party), and it can be a combined audit or a joint audit.Note 3 to entry: Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization (3.158) itself for management (3.135) rev

41、iew (3.197) and other internal purposes, and can form the basis for an organizations declaration of conformity. Independence can be demonstrated by the freedom from responsibility for the activity (3.1) being audited.Note 4 to entry: External audits include those generally called second- and third-p

42、arty audits. Second-party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations such as those providing certification/registration of conformity

43、or government agencies.Note 5 to entry: When two or more management systems (3.137) are audited together, this is termed a combined audit.Note 6 to entry: When two or more auditing organizations cooperate to audit a single auditee, this is termed a joint audit.Note 7 to entry: “Audit evidence” and “

44、audit criteria” are defined in ISO 19011.Note 8 to entry: ISO 28000 specifies the requirements (3.190) for a security management (3.227) system.2 ISO 2018 All rights reservedBS EN ISO 22300:2018ISO 22300:2018(E)SOURCE: ISO 9000:2015, 3.13.1, modified Note 5 to entry has been replaced and Notes 6 to

45、8 to entry have been added.3.14auditorperson who conducts an audit (3.13)SOURCE: ISO 19011:2011, 3.83.15authentic material goodmaterial good (3.139) produced under the control of the legitimate manufacturer, originator of the goods (3.98) or rights holder (3.198)3.16authenticationprocess (3.180) of

46、corroborating an entity (3.79) or attributes with a specified or understood level of assurance3.17authentication elementtangible object (3.151), visual feature or information (3.116) associated with a material good (3.139) or its packaging that is used as part of an authentication solution (3.19)3.1

47、8authentication functionfunction performing authentication (3.16)3.19authentication solutioncomplete set of means and procedures (3.179) that allows the authentication (3.16) of a material good (3.139) to be performed3.20authentication toolset of hardware and/or software system(s) that is part of an

48、 anti-counterfeiting solution and is used to control the authentication element (3.17)3.21authoritative sourceofficial origination of an attribute which is also responsible for maintaining that attribute3.22authorized economic operatorparty involved in the international movement of goods (3.98) in w

49、hatever function that has been approved by or on behalf of a national customs administration as conforming to relevant supply chain (3.251) security standardsNote 1 to entry: “Authorized economic operator” is a term defined in the World Customs Organization (WCO) (3.277) Framework of Standards.Note 2 to entry: Authorized economic operators include, among others, manufacturers, importers, exporters, brokers, carriers, consolidators, intermediaries, ports, airports, terminal operators, integrated operators, warehouses and distributors.3.23a