Definitions[edit | edit source]

Computer security[edit | edit source]

Compromise is

the disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.[1]
the unauthorized disclosure, modification, substitution, or use of sensitive data (e.g., keys, metadata, or other security-related information) or the unauthorized modification of a security-related system, device or process in order to gain unauthorized access.[2]

Compromise is

General[edit | edit source]

Compromise is a

[t]ype of incident where information is disclosed to unauthorized individuals or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.[5]

Intelligence[edit | edit source]

Compromise is

[t]he known or suspected exposure of clandestine personnel, installations, or other assets or of classified information or material, to an unauthorized person.[6]

National security[edit | edit source]

Compromise is

[a]ny occurrence which results or can result in unauthorized persons gaining access to national security information.[7]
[t]he disclosure or release of classified information to unauthorized person(s).[8]

Power grid[edit | edit source]

Compromise is

[t]he misuse or unauthorized modification of a Cyber Asset or supporting system.[9]

Security[edit | edit source]

Compromise is

[a] security violation that has resulted in confirmed or suspected exposure of classified/ sensitive information to an unauthorized person.[10]
disclosure of information to unauthorized persons, or a violation of the security policy of a system, in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object, or the copying of information to unauthorized media may have occurred.[11]

Overview (Computer security)[edit | edit source]

Out-of-date software, unsafe web browsing habits, or lack of appropriate anti-virus systems can all lead to the compromise of computer systems. Criminals and other adversaries often exploit weak identity solutions for individuals, websites, email, and the infrastructure that the Internet utilizes.

The collection of identity-related information across multiple service providers and user accounts, coupled with the sharing of personal information through the growth of social media, increases opportunities for data compromise. For example, personal data used to recover lost passwords (e.g., mother’s maiden name, the name of your first pet, etc.) is often publicly available.

In some cases, service providers have met consumer demand for online services, but they have provided inadequate identity assurances. Service providers have also deemed some highly desirable services that could provide further efficiencies and cost savings too risky to conduct online.

References[edit | edit source]

See also[edit | edit source]

Community content is available under CC-BY-SA unless otherwise noted.