Risk

From CIPedia
Jump to navigation Jump to search

Contents

Definitions

European Definitions

Council of Europe

Risk is the estimated probability that damage will occur to life, property, or the environment if a specified dangerous event occurs. [1]



European Commission

Risk means any circumstance or event having a potential adverse effect on the resilience of critical entities. [2]


The possibility of loss, damage or injury having regard to the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and the likelihood that a specific vulnerability will be exploited by a particular threat. [3]


The probability of adverse effects caused by a hazardous phenomenon or substance in an organism, a population, or an ecological system. [4]


Risk means any reasonably identifiable circumstance or event having a potential adverse effect on the security of network and information systems. [5]


ENISA

Risk is the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization (derived from ISO/IEC PDTR 13335-1). [6]



CLIMATE-ADAPT

Risk is the combination of the probability of an event and its negative consequences. [7]

Comment: This definition closely follows the definition of the ISO/IEC Guide 73. The word "risk" has two distinctive connotations: in popular usage the emphasis is usually placed on the concept of chance or possibility, such as in "the risk of an accident"; whereas in technical settings the emphasis is usually placed on the consequences, in terms of "potential losses" for some particular cause, place and period. It can be noted that people do not necessarily share the same perceptions of the significance and underlying causes of different risks.

European Project Definitions

CIPRNet project

The CIPRNet project [8] uses the following definition:

Risk is the effect of uncertainty on objectives.


International Definitions

CARICOM

The combination of the probability of an event and its negative consequences. [9]


IAEA

Risk is the potential that a given threat will exploit the vulnerabilities of an asset, or group of assets, and thereby cause harm to the organization. [10]

Risk is measured in terms of a combination of the [likelihood]] of an event and the severity of its consequences.

NATO CEP / EAPC

The possibility of loss, damage or injury. [11]

The level of risk is a condition of two factors: (1) the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and (2) the likelihood that a specific vulnerability will be exploited by a particular threat.

OECD

“Digital security risk” describes a category of risk related to the use, development and management of the digital environment in the course of any activity. [12]

This risk can result from the combination of threats and vulnerabilities in the digital environment. It can undermine the achievement of economic and social objectives by disrupting the confidentiality, integrity and availability of the activities and/or the environment. Digital security risk is dynamic in nature. It includes aspects related to the digital and physical environments, the people involved in the activity and the organisational processes supporting it.

UNDRR

Risk is the combination of the probability of an event and its negative consequences. [13]


Risque: La combinaison de la probabilité d’un événement et de ses conséquences negatives. [14]


Риск: Сочетание вероятности события и его негативных последствий [15]


Riesgo: La combinación de la probabilidad de que se produzca un evento y sus consecuencias negativas. [16]


مخاطرة )وجمعها مخاطر( : حصيلة احتمالية وقوع الحدث والعواقب السلبية المصاحبة له. [17]


Risiko: Gabungan antara kemungkinan terjadinya suatu peristiwa dan dampak-dampak negatif yang ditimbulkannya. [18]


Peligro: Isang mapanganib na kaganapan, substansya, aktibidad ng tao, o kondisyon na maaaring kumitil ng buhay, puminsala sa katawan at kalusugan, sumira ng ariarian, magwasak ng kabuhayan at mga serbisyo, bumulabog ng lipunan at ekonomya at magwasak ng kapaligiran. [19]


Peligro: Ang probabilidad ng isang pangyayari at ang negatibong mga epekto nito. [20]


[21] خطرپذيري
تركيب و آميزه اي از احتمال يك رخداد و پيامدهاي منفي آن



UNDHA

Risk: Expected losses (of lives, persons injured, property damaged, and economic activity disrupted) due to a particular hazard for a given area and reference period. [22]

Based on mathematical calculations, risk is the product of hazard and vulnerability.

Riesgo: Cálculo matemático de pérdidas (de vidas, personas heridas, propiedad dañada y actividad económica detenida) durante un periodo de referencia en una región dada para un peligro en particular. [22]


Risque: Espérance mathématique de pertes en vies humaines, blessés, dommages aux biens et atteinte à l'activité économique au cours d'une période de référence et dans une région donnée, pour un aléa particulier. [22]



Intergovernmental Panel on Climate Change (IPCC)

The potential for consequences where something of value is at stake and where the outcome is uncertain, recognizing the diversity of values. Risk is often represented as probability of occurrence of hazardous events multiplied by the impacts if these events or trends occur. Risk results from the interaction of vulnerability, exposure, and hazard. [23]


National Definitions

Argentina

Riesgo: Combinación de la probabilidad de ocurrencia de un evento y sus consecuencias o impacto. [24]



Australia

The chance of something happening that will have an impact on objectives. It is measured in terms if likelihood and consequence. [25]

[26] provides three other Australian definitions of risk.

Austria

Risiko: alle mit vernünftigem Aufwand feststellbaren Umstände oder Ereignisse, die potenziell nachteilige Auswirkungen auf die Sicherheit von Netz- und Informationssystemen haben. [27]



Belgium

(cyber) Risico: elke redelijkerwijs vast te stellen omstandigheid of gebeurtenis met een mogelijk schadelijk effect op de beveiliging van netwerk- en informatiesystemen. [28]

Risque: toute circonstance ou tout événement raisonnablement identifiable ayant un impact négatif potentiel sur la sécurité des réseaux et des systèmes d'information. [29]

Risiko: alle mit vernünftigem Aufwand feststellbaren Umstände oder Ereignisse, die potenziell nachteilige Auswirkungen auf die Sicherheit von Netz- und Informationssystemen haben. [30]


Risico is de combinatie van de kans op het voorkomen van een bepaalde gebeurtenis en de bijhorende gevolgen. [31]



Bermuda

Risk: potential that a given cyber-threat will exploit the vulnerabilities of an information system to cause harm. [32]


Bosnia and Herzegovina

Rizik je kombinacija posledica nekog događaja opasnosti) i pripadajućih faktora/ vjerovatnoće njenog nastanka. (ISO 31010) [33]



Brazil

Risco: efeito da incerteza nos objetivos. [34]
Risk is the uncertainty effect on goals.


Risco:
1. Medida de dano potencial ou prejuízo econômico expressa em termos de probabilidade estatística de ocorrência e de intensidade ou grandeza das conseqüências previsíveis.
2. Probabilidade de ocorrência de um acidente ou evento adverso, relacionado com a intensidade dos danos ou perdas, resultantes dos mesmos.
3. Probabilidade de danos potenciais dentro de um período especificado de tempo e/ou de ciclos operacionais.
4. Fatores estabelecidos, mediante estudos sistematizados, que envolvem uma probabilidade significativa de ocorrência de um acidente ou desastre.
5. Relação existente entre a probabilidade de que uma ameaça de evento adverso ou acidente determinado se concretize e o grau de vulnerabilidade do sistema receptor a seus efeitos. [35]

Risk:
1. Measure of potential damage or economic loss expressed in terms of statistical probability of occurrence and intensity or magnitude of foreseeable consequences.
2. Likelihood of an accident or adverse event, related to the intensity of the damages or losses, resulting from them.
3. Probability of potential damages within a specified period of time and / or operating cycles.
4. Factors established through systematized studies that involve a significant probability of an accident or disaster occurring.
5. Existing relationship between the likelihood that a threat of an adverse event or a particular accident will materialize and the degree of vulnerability of the system Receiver to its effects.



Bulgaria

ǸǰǹDz“ ǶǯǵǨǿǨǪǨ ǸǨǯǻǴǵǶ ǻǹǺǨǵǶǪǰǴǶ ǶǩǹǺǶȇǺǭdzǹǺǪǶ ǰdzǰ ǹȂǩǰǺǰǭ, DzǶǭǺǶ ǴǶǮǭ ǬǨ ǰǴǨ ǵǭǩdzǨǫǶǷǸǰȇǺǵǶ ǪȂǯǬǭDZǹǺǪǰǭ ǪȂǸǽǻ ǹǰǫǻǸǵǶǹǺǺǨ ǵǨ ǴǸǭǮǰǺǭ ǰ ǰǵǼǶǸǴǨǾǰǶǵǵǰǺǭ ǹǰǹǺǭǴǰ. [36]



Burkina-Faso

Risque: Combinaison de la probabilité de l’occurrence d’un événement et ses conséquences. (from: ISO/IEC 27002:2005) [37]



Canada

Risk is the combination of the likelihood and the consequence of a specified hazard being realized.

Risqué: combinaison de la possibilité qu’un aléa donné se produise et des conséquences potentielles pouvant y être associées. [38] [39]

Risk refers to the vulnerability, proximity or exposure to hazards, which affects the likelihood of adverse impact.

Risque: combinaison de la conséquence d’un accident et de sa fréquence d’occurrence. [40]



Cape Verde

Risco: Combinação da probabilidade de um evento e as suas consequências negativas. [41]

O risco é o resultado do impacto específico de um perigo nas condições pré-existentes de vulnerabilidade. A palavra risco tem duas conotações distintas: no uso popular, a ênfase é geralmente colocada sobre o conceito de oportunidade ou possibilidade, como em “o risco de um acidente”; enquanto em configurações técnicas a ênfase é geralmente colocada sobre as consequências, em termos de “perdas potenciais” para alguma causa, local e período particular. Pode-se notar que as pessoas não necessariamente compartilham as mesmas percepções sobre o significado e as causas subjacentes a diferentes riscos.

Chile

Riesgo: Se define como el número de pérdidas humanas, heridos, daños a las propiedades y efectos sobre la actividad económica debido a la ocurrencia de un desastre, es decir el producto del riesgo específico, y los elementos en riesgo. [42]



Colombia

Riesgo:
(1) Algo que podría suceder y afectar el logro de los objetivos organizacionales (GTC 176).
(2) Efecto de la incertidumbre sobre los objetivos (GTC137 2011).
(3) Posibilidad de que suceda algún evento que tendrá un impacto sobre los objetivos institucionales o del proceso. (Guía de Admón. de Riesgos DAFP Septiembre 2011). [43]


Costa Rica

Riesgo: Medida del grado en el que una entidad se ve amenazada por una circunstancia o evento potencial y típicamente una función de los impactos adversos que surgirían si ocurriera la circunstancia o el evento; y la probabilidad de que ocurra. [44]


Croatia

Rizik: znaĀi bilo koja razumno prepoznatljiva okolnost ili događaj koji ima potencijalan negativni uĀinak na sigurnost mrežnih i informacijskih sustava. [45]



Cuba

Riesgo Posibilidad: de que una amenaza concreta pueda explotar una vulnerabilidad para causar una pérdida o daño en un activo de información. Suele considerarse como una combinación de la probabilidad de un evento y sus consecuencias. [46]


Cyprus

Κίνδυνος: κάθε εύλογα διαπιστώσιμη περίσταση ή γεγονός με δυνητική δυσμενή επίπτωση στην ασφάλεια συστημάτων δικτύου και πληροφοριών. [47]



Czech Republic

Riziko: (1) Nebezpečí, možnost škody, ztráty, nezdaru. (2) Účinek nejistoty na dosažení cílů. (3) Možnost, že určitá hrozba využije zranitelnosti aktiva nebo skupiny aktiv a způsobí organizaci škodu. [48]

Risk is either defined as: (1) Danger, possibility of damage, loss, failure. (2) Effect of uncertainty to achieve objectives. (3) Possibility that a certain threat would utilize vulnerability of an asset or group of assets and cause damage to an organization. [49]


Rizikem: jakákoli v pňimĎňenĎ rozpoznatelná okolnost nebo událost, která by mohla mít negativní dopad na bezpeĀnost sítí a informaĀních systémů. [50]



Denmark

Risiko: enhver rimeligt identificerbar omstændighed eller begivenhed, der har en potentiel negativ indvirkning på sikkerheden i net- og informationssystemer. [51]



Risiko er en potentiel hændelse (såsom brand, sammenstyrtning og udslip) eller kombination af en potentiel hændelse og et objekt (såsom forsamlingslokale, beboelsesejendom, lagerhal, motorvej og festival), som kan føre til skader på personer, ejendom eller miljø. [52]



El Salvador

Riesgo: Es la probabilidad que se presente un nivel de consecuencias económicas, sociales o ambientales en un sitio particular y durante un período de tiempo definido. Se obtiene de relacionar la amenaza con la vulnerabilidad de los elementos expuestos. [53]



Estonia

Risk: mõistlikult tuvastatav asjaolu või sündmus, mis võib kahjustada võrgu- ja infosüsteemide turvalisust;. [54]


Eswatini

Risk: The potential that a given cyber threat will exploit the vulnerabilities of an information system and cause harm. [55]


Finland

Riski: kielteisen seikan tai tapahtuman todennäköisyyden ja vaikutusten yhdistelmä.

Risk is the combination of probability and consequences of a negative circumstance or event. -unofficial translation- [56]


Riskillä: mitä tahansa kohtuullisesti tunnistettavissa olevaa tilannetta tai tapahtumaa, joka saattaa vaikuttaa haitallisesti verkko- ja tietojärjestelmien turvallisuuteen. [57]



France

Risque: toute circonstance ou tout événement raisonnablement identifiable ayant un impact négatif potentiel sur la sécurité des réseaux et des systèmes d'information;. [58]



Gambia

Risk: Effect of uncertainty on objectives. [59]

These Objectives can have different aspects (such as financial, health and safety, information security, andenvironmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process). Risk should becharacterized by reference to potential events and consequences, or a combination of these, and expressed in terms of a combination of the consequences of an information security event and the associated likelihood.

Germany

Likelihood of a serious danger which (a) constitutes a threat to human life, (b) will impair the health of a large number of people, or (c) affects economic activity, public services and technical infrastructures and may cause damage to the environment, in particular animals and plants, the soil, the water, the atmosphere and cultural and material assets. [60]


Risiko: alle mit vernünftigem Aufwand feststellbaren Umstände oder Ereignisse, die potenziell nachteilige Auswirkungen auf die Sicherheit von Netz- und Informationssystemen haben. [61]


Risiko: Maß für die Wahrscheinlichkeit des Eintritts eines bestimmten Schadens an einem Schutzgut unter Berücksichtigung des potenziellen Schadensausmaßes. [62]


Risiko ist ein mögliches Event, das zu einem Schaden oder Verlust führen oder das Erreichen von Zielen beeinträchtigen könnte. [63]


Risiko wird häufig definiert als die Kombination (also dem Produkt) aus der Häufigkeit, mit der ein Schaden auftritt und dem Ausmaß dieses Schadens. Der Schaden wird häufig als Differenz zwischen einem geplanten und ungeplanten Ergebnis dargestellt. Risiko ist eine spezielle Form der Unsicherheit oder besser Unwägbarkeit. [64]



Greece

Κίνδυνος νοείται η πιθανότητα εκδήλωσης ενός φυσικού φαινομένου ή τεχνολογικού συμβάντος ή και λοιπών καταστροφών σε συνδυασμό με την ένταση των καταστροφών, που μπορεί να προκληθούν στους πολίτες, στα αγαθά, στις πλουτοπαραγωγικές πηγές και στις υποδομές μιας περιοχής.

(Risk is the combination of the occurrence likelihood of a natural hazard or a technological event or other disasters and the severity of the damages that can be caused to citizens, to assets, to productive sources and to infrastructures of a region) [65]


Κίνδυνος: κάθε εύλογα διαπιστώσιμη περίσταση ή γεγονός με δυνητική δυσμενή επίπτωση στην ασφάλεια συστημάτων δικτύου και πληροφοριών. [66]



Guatemala

Riesgo: El riesgo está asociado con el potencial que las amenazas explotarán vulnerabilidades de un activo de información o grupo de activos de información causando daños a una organización. Fuente: ISO Guide 73:2009 [67]


Riesgo: Probabilidad de la presencia o manifestación de evento natural o antropogénico, de orden político, económico, social, sanitario o ambiental que afecte negativamente la Seguridad de la Nación, provocando pérdidas físicas, socioeconómicas y ambientales como efecto de la sinergia o complementariedad de una amenaza y una vulnerabilidad. [68]



Haiti

Risque: probabilité d'occurrence d'un événement avec des conséquences négatives potentielles qui peuvent affecter les biens ou les intérêts de la nation. [69]

Généralement, c’est un incertain et difficile à résoudre et de nature complexe, et ayant parfois dans certains cas des causes multiples qui mettent éventuellement en danger l'intégrité d'un pays dans un ou plusieurs aspects de la vie nationale.

Hungary

Kockázat: minden olyan észszerűen azonosítható körülmény vagy esemény, amely kedvezőtlen hatást gyakorolhat a hálózati és információs rendszerek biztonságára. [70]



India

Risk is the potential of damage to a system or associated assets that exists as a result of the combination of security threat and vulnerability. [71]


Risk: The combination of the probability of an event and its negative consequences. [72]



Ireland

Risk is the combination of the likelihood of a hazardous event and its potential impact. [73]


Risk means any reasonably identifiable circumstance or event having a potential adverse effect on the security of network and information systems. [74]



Italy

Rischio: ogni circostanza o evento ragionevolmente individuabile con potenziali effetti pregiudizievoli per la sicurezza della rete e dei sistemi informativi. [75]


Rischio: Sebbene spesso impiegato come sinonimo di pericolo e minaccia, il termine indica un danno potenziale per la sicurezza nazionale che deriva da un evento (tanto intenzionale che accidentale) riconducibile ad una minaccia e dalla sua interazione con le vulnerabilità del sistema-Paese o di suoi settori ed articolazioni. [76]

Minacce, vulnerabilità ed impatto costituiscono, quindi, le variabili principali in funzione delle quali viene valutata l’esistenza di un rischio ed il relativo livello ai fini della sua gestione, ossia dell’adozione delle necessarie contromisure (tanto preventive che reattive).

Rischio: Il rischio può essere definito come il valore atteso di perdite (vite umane, feriti, danni alle proprietà e alle attività economiche) dovute al verificarsi di un evento di una data intensità, in una particolare area, in un determinato periodo di tempo. [77]


Rischio: impatto negativo complessivo di un evento, che include sia la probabilità che le conseguenze dell’evento. Nel caso di infrastrutture critiche informatizzate, il rischio sussiste sia a livello fisico che a livello informatico con influenza reciproca dei due settori. [78]


Rischio - Possibilità che si verichi un fatto negativo, un danno, che qualcosa non abbia l'esito voluto. Pericolo, repentaglio. [79]

Nella matematica attuariale, scarto tra la possibilità di verificarsi di un certo evento e la frequenza con cui l'evento si verifica. Rischio (R): è il valore atteso delle perdite umane, dei feriti, dei danni alle proprietà e delle perturbazioni alle attività economiche dovuti al verificarsi di un particolare fenomeno di una data intensità. Il rischio totale è associato ad un particolare elemento a rischio E e ad una data intensità I è il prodotto: R(E;I) = H(I) V (I;E) W (E). Gli eventi che determinano i rischi si suddividono in prevedibili (idrogeologico, vulcanico) e non prevedibili (sismico, chimico industriale, incendi boschivi).

Japan

リスク: 特定の脅威が特定の脆弱性を攻略し、特定の有害な結果をもたらす確率として表明される損失の期待値.

(Cyber) Risk is an expectation of loss expressed as the probability that a articular threat will exploit a particular vulnerability with a articular harmful result. [80]


リスク : 発生しうる状況またはイベントによって、あるものが脅かされる程度 の尺度であり、通常、
(i) 当該の状況またはイベントが発生した場合 にもたらされると考えられる悪影響と、
(ii) 発生の可能性との計算式 (関数)によって求められる。 [81]

Risk: A measure of the extent to which things are threatened, depending on the circumstances or events that can occur, and usually is:
(i) the adverse effects that are likely to result if the situation or event occurred,
(ii) the probability of occurrence.


(States of) Jersey

Risk: the combination of the probability of an event and its negative consequences. [82]



Kingdom of Saudi Arabia

Risk: A measure of the extent to which an organization is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. [83]

(NISTIR 7298r2 Glossary of Key Information Security Terms)

Kiribati

Kanganga: Baika a kona n riki imwiin ana mwakuri te angbuaka n te aro are e kona n iai ana urubwai ke akeaBaika aika a kona n riki ae kona n iai ana urubai nakon baai ke akea. [84]

Risk: The chance of something happening that will have a negative or positive impact on goals.


Latvia

Risks: ir jebkāds racionāli identificĆjams apstāklis vai notikums, kas var nelabvĆlĞgi ietekmĆt tĞklu un informācijas sistĆmu droŐĞbu. [85]



Lithuania

Rizika – pagrĢstai nustatoma aplinkybĊ ar Ģvykis, galintis turĊti neigiamą poveikĢ tinklų ir informacinių sistemų saugumui. [86]



Luxembourg

Risque: toute circonstance ou tout événement raisonnablement identifiable ayant un impact négatif potentiel sur la sécurité des réseaux et des systèmes d'information. [87]


Risque: Effet de l’incertitude sur l’atteinte des objectifs. [88]



Malta

Riskju: tfisser kwalunkwe ċirkostanza jew avveniment raġonevolment identifikabbli li jista' jkollu effett negattiv fuq is-sigurtà tan-netwerks u tas-sistemi tal-informazzjoni. [89]



Mexico

Riesgo: Situación que puede conducir a una consecuencia negativa no deseada. [90]


Riesgo: ​La posibilidad de que una amenaza aproveche una vulnerabilidad y cause una pérdida o daño sobre los activos de TIC, las infraestructuras críticas o los activos de información. [91]



Nepal

Risk: The combination of the probability of an event and its negative consequences. [92]



Netherlands

Risk is the annual loss expectancy (ALE) by the manifestation of threats.

Risico is de jaarlijks te verwachten schade door het manifesteren van bedreigingen. [93]


Risico: elke redelijkerwijs vast te stellen omstandigheid of gebeurtenis met een mogelijk schadelijk effect op de beveiliging van netwerk- en informatiesystemen. [94]


[Dutch] Risico: De vermenigvuldiging van de kans op het ontstaan van brand en het effect daarvan. [95]


[HEALTH sector]
Risico: Een functie van de mogelijkheid op een ongewenst effect en de grootte van dat effect, voortvloeiend uit geva(a)r(en).

Risk: a function of the probability of an adverse effect and the magnitude of that effect, consequential to hazard(s). [96]



Norway

Risiko handler alltid om hva som kan skje i framtida og er derfor forbundet med usikkerhet. Usikkerheten knitter seg til om en bestemt uønsket hendelse vil inntreffe og hva konsekvensene av denne hendelsen vil bli. [97]

Risk is always about what might happen in the future, and therefore there is always a degree of uncertainty associated with it. The uncertainty is related to whether a specific adverse event will occur and to the consequences the event will have. [98]



Oman

Risk is the product of the level of threat with the level of vulnerability. [99]

Risk establishes the likelihood of a successful attack.

Poland

Ryzyko – kombinacja prawdopodobieństwa wystąpienia zdarzenia niepożądanego i jego konsekwencji. [100]


Ryzyko: oznacza każdą dającą się racjonalnie określić okoliczność lub zdarzenie, które ma potencjalny niekorzystny wpływ na bezpieczeństwo sieci i systemów informatycz nych. [101] [102]



Portugal

Risco: uma circunstância ou um evento, razoavelmente identificáveis, com um efeito adverso potencial na segurança das redes e dos sistemas de informação. [103]



Risco: Possibilidade de uma ameaça específica explorar as vulnerabilidades internas e externas de uma organização ou de um dos sistemas por ela utilizados, causando assim danos à organização e respetivos ativos corpóreos ou incorpóreos. [104]



Republic of Trinidad & Tobago

The combination of the probability of an event and its negative consequences. [105]


Romania

Risc: înseamnă orice circumstanță sau eveniment ce poate fi identificat în mod rezonabil care are un efect potențial negativ asupra securității rețelelor și a sistemelor informatice. [106]


Risc: Estimarea matematică a pierderilor umane şi materiale, pe o perioadă de referinţă şi într-o zonă dată, cauzate de un dezastru; probabilitatea de a avea de înfruntat un pericol, un necaz, de a ajunge într-o primejdie sau de a avea de înfruntat sau de suportat o pagubă; potenţial pericol. [107]


Risc (în sens larg): posibilitatea de a se expune primejdiei, de a avea de înfruntat un necaz sau de suportat o pagubă.

Risc (în sens restrâns): probabilitatea şi proporţiile unor pagube potenţiale [108]



Saint Lucia

Risk: The probability of harmful consequences, or expected losses (deaths, injuries, property, livelihoods, economic activity disrupted or environment damaged) resulting from interactions between natural or human-induced hazards and vulnerable conditions. [109]


Risk: A measure of the expected losses due to a hazard event of a particular magnitude occurring in a given area over a specific time period. [110]



Senegal

Risques: sont les conséquences d'une atteinte aux données, sans atteinte au système d'information et/ou les conséquences d'une atteinte au système d'information. [111]



Serbia

ризик значи могућност нарушавања информационе безбедности, односно могућност нарушавања тајности, интегритета, расположивости, аутентичности или непорецивости података или нарушавања исправног. [112]



Singapore

Risk: In the Singapore Government context, risk is defined as the effect of uncertainty on objectives. [113]



Slovakia

Riziko: je kaŬdá primerane rozpoznateľná okolnosť alebo udalosť, ktorá môŬe mať nepriaznivý vplyv na bezpeĀnosť sietí a informaĀných systémov. [114]


Riziko: Potenciálna možnosť narušenia bezpečnosti systému, objektu alebo procesu. Je to pravdepodobnosť vzniku krízového javu a jeho dôsledku. [115]



Slovenia

Tveganje: pomeni vsako razumno doloĀljivo okoliŐĀino ali dogodek, ki ima lahko negativen uĀinek na varnost omreŬja in informacijskih sistemov. [116]



South Africa

Risk is usually associated with the human inability to cope with a particular situation. In terms of disaster management it can be defined as the probability of harmful consequences, or expected losses death, injury, damage to property and the environment, jobs, disruption of economic activity or social systems. [117]

Hazards will affect communities differently in terms of ability and resources with which to cope. Poorer communities will be more at risk than others.

Spain

Riesgo: toda circunstancia o hecho razonablemente identificable que tenga un posible efecto adverso en la seguridad de las redes y sistemas de información. [118]


Riesgo (peligro): Factor o exposición que puede influir sobre la salud de forma adversa. [119]


Riesgo (probabilidad): Probabilidad de que ocurra un hecho, por ejemplo, que in individuo enferme o fallezca, dentro de un periodo de tiempo o edad determinados. [120]


Riesgo: contingencia o proximidad de un daño. [121]


Sweden

Risk: en rimligen identifierbar omständighet eller händelse med en potentiell negativ inverkan på säkerheten i nätverks- och informationssystem. [122]



Switzerland

Das Risiko ist ein Mass für die Grösse einer Gefährdung und beinhaltet die Eintrittswahrscheinlichkeit und das Schadensausmass eines unerwünschten Ereignisses. [123]

Le « risque » permet de déterminer l’étendue d’une mise en danger et englobe la fréquence ou probabilité et l’ampleur des dommages d’un [[Incident}événement]] indésirable. [124]

Il rischio è un metro di misura per le dimensioni di una minaccia e implica la frequenza o la probabilità d’insorgenza e l'entità dei danni di un evento indesiderato. [125]

Der Begriff Risiko dient beim Schutz kritischer Infrastrukturen als Modell sowohl zur Beurteilung von Sicherheitsfragen als auch zum Vergleich verschiedener Gefährdungen anhand gleicher Kriterien. Das Risikomodell beruht grundsätzlich auf zwei Faktoren:

  • Eintrittswahrscheinlichkeit eines Ereignisses;
  • Schadensausmass an Bevölkerung und deren Lebensgrundlagen.

Risiken lassen sich demzufolge als Produkt darstellen, das durch die Eintrittswahrscheinlichkeit eines Ereignisses und dessen Schadensausmasses bestimmt ist.

Tanzania

Risk: is the probability of harmful consequences or expected losses (deaths, injuries, property, livelihoods, economic activity disrupted or environment damaged) resulting from interactions between natural or human-induced hazards and vulnerable conditions. [126]



Türkiye

Tehditlerin bir veya birden çok bilgi varlığındaki açıklığı kullanarak zarar yaratma potansiyelini. [127]

Risk: The potential risk of causing damage by using vulnerabilities in one or more information entities. [128]



United Arab Emirates

Risk: The effect of uncertainty on objectives. It includes both positive and negative impacts on objectives. [129]



United Kingdom (UK)

(cyber) Risk is the potential that a given cyber threat will exploit the vulnerabilities of an information system and cause harm. [130]


Risk is a measure of the significance of a potential emergency in terms of its assessed likelihood and impact. [131]


Risk combines the chance that an event will occur with how large its impact could be, in social, economic or environmental terms. [132]

For example: the costs of damage, number of people affected or areas of land affected by a specific climate effect.

Risk means any reasonably identifiable circumstance or event having a potential adverse effect on the security of network and information systems. [133]



United States

DHS
The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. [134]
NIST
The level of impact on organizational operations (including mission,functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [135]


Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. [136]



Standard Definitions

IETF

An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. [137]


ISO/IEC 27000:2014

Effect of uncertainty on objectives. [138] (based on the ISO Guide 73:2009[139])
  • An effect is a deviation from the expected — positive or negative.
  • Uncertainty is the state, even partial, of deficiency of information related to, understanding or * knowledge of, an event (2.25), its consequence, or likelihood.
  • Risk is often characterized by reference to potential events and consequences, or a combination of these.
  • Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
  • In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives.
  • Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets and thereby cause harm to an organization.


ISO/IEC 31000:2009

Risk: Effect of uncertainty on objectives. [140] [141]


Other Definitions

CRID

Riesgo: probabilidad de que un evento ocurra. [142]

Cálculo matemático de pérdidas (de vidas, personas heridas, propiedad dañada y actividad económica detenida) durante un período de referencia en una región dada para un peligro en particular. Riesgo es el producto de la amenaza y la vulnerabilidad/ CRID Centro Regional de Información sobre Desastres, América Latina y el Caribe. Lista de términos.]

EM-DAT

Risk is the expected losses (of lives, persons injured, property damaged and economic activity disrupted) due to a particular hazard for a given area and reference period. Based on mathematical calculations, risk is the product of hazard and vulnerability. [143]



Ontario (Canada)

Risk is the product of the probability of the occurrence of a hazard and its consequences. [144]


Risque: produit de la probabilité qu’un danger se produise et de ses conséquences. [144]


OWASP

Risk is the possibility of a negative or undesirable occurance. [145]

There are two independent parts of risk: Impact and Likelihood. To reduce risk, one can reduce the impact, reduce the likelihood, or both. Risk can also be accepted (meaning that the full impact of the negative outcome will be borne by the entity at risk). The impact and likelihood of a risk are usually combined to create an estimate of its Severity.

Dictionary

Risico: Kans op schade of verlies in een computersysteem, gecombineerd met de gevolgen die deze schade heeft voor de organisatie. Een voorbeeld van schade kan bijvoorbeeld zijn dat mensen informatie zien die ze niet hadden mogen zien. Of dat men niet meer zeker weet of gegevens nog kloppen. Bij gevolgen voor de organisatie kan men denken aan financiële schade of het verlies van de goede naam van de organisatie. [146]



See also

Notes

References

  1. GLOSSAIRE MULTILINGUE DE LA GESTION DU RISQUE pour usagers francophones (2007)/European Centre of Technological Safety (TESEC) - TESEC-EUR-OPA 2001)
  2. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the resilience of critical entities COM/2020/829 final
  3. EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
  4. European Commission's CBRN Glossary, 2012
  5. DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
  6. ENISA Risk Glossary
  7. European Climate Adaptation Platform (CLIMATE-ADAPT) Glossary
  8. http://www.ciprnet.eu/
  9. Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
  10. IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
  11. NATO EAPC(SCEPC) lexicon 2003.
  12. Digital Security Risk Management for Economic and Social Prosperity
  13. 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
  14. UNISDR glossary
  15. UNISDR glossary
  16. UNISDR glossary
  17. UNISDR glossary
  18. UNISDR glossary in Bahasa
  19. UNISDR glossary in Tagalog
  20. UNISDR glossary in Tagalog
  21. Internationally agreed glossary of basic terms related to Disaster Management in Farsi
  22. 22.0 22.1 22.2 Internationally agreed glossary of basic terms related to Disaster Management
  23. Mach, K.J., S. Planton and C. von Stechow (eds.). Climate Change 2014: Synthesis Report. Contribution of Working Groups I, II and III to the Fifth Assessment Report of the Intergovernmental Panel on Climate Change. Annex II: Glossary. [Core Writing Team, R.K. Pachauri and L.A. Meyer (eds.)]. IPCC, Geneva, Switzerland, pp. 117-130.
  24. Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
  25. Glossary of the Government of Queensland
  26. Australian Emergency Management Glossary, Emergency Management Australia (1998)
  27. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - DE
  28. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - NL
  29. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FR
  30. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - DE
  31. Actualisatie en verfijning klimaatscenario’s tot 2100 voor Vlaanderen, MIRA/2015/01, januari 2015
  32. Bermuda Cybersecurity Strategy 2018-2022
  33. RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama
  34. GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)
  35. GLOSSÁRIO DE DEFESA CIVIL ESTUDOS DE RISCOS E MEDICINA DE DESASTRES, Ministério da Integração Nacional, Brazil
  36. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - BG
  37. CIRT-BF Glossary
  38. An Emergency Management Framework for Canada (Second Edition)
  39. Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
  40. Guide Analyse de risques d'accidents technologiques majeurs (2002)
  41. Avaliação das Necessidades Pós- Desastre (PDNA) ERUPÇÃO VULCÂNICA NO FOGO 2014-2015, Cape Verde
  42. GUÍA ANÁLISIS DE RIESGOS NATURALES PARA EL ORDENAMIENTO TERRITORIAL Subsecretaría de Desarrollo Regional y Administrativo (SUBDERE) Primera Edición, Junio 2011
  43. Glosario Policia Colombia
  44. Estrategia Nacional de Ciberseguridad de Costa Rica (2023-2027)
  45. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - HR
  46. Glossary of Cyber terms/Glosario de términos, Centro de Seguridad del Ciberespacio
  47. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union – EL
  48. Výkladový slovník kybernetické bezpečnosti (2013)
  49. Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
  50. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - CS
  51. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - DA
  52. HÅNDBOG I RISIKOBASERET DIMENSIONERING, Beredskabsstyrelsen, Denmark (2004)
  53. Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador
  54. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - ET
  55. ESWATINI NATIONAL CYBERSECURITY STRATEGY 2020 - 2025 (2020)
  56. Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
  57. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FI
  58. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FR
  59. THE GAMBIA NATIONAL CYBERSECURITY STRATEGY (2019)
  60. Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
  61. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - DE
  62. Glossar BBK
  63. BSI Glossary
  64. BSI Glossary
  65. General Civil Protection Plan "Xenocrates"(Γενικό σχέδιο Πολιτικής Προστασίας "Ξενοκράτης")
  66. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union – EL
  67. La Estrategia Nacional de Seguridad Cibernética (June 2018)
  68. Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala
  69. LIVRE BLANC SUR LA SÉCURITÉ ET LA DÉFENSE NATIONALE POUR LE DÉVELOPPEMENT ÉCONOMIQUE ET SOCIAL DURABLE D’HAÏTI, Juin 2015
  70. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - HU
  71. India's DGQA Cyber Security Policy (2015)
  72. National Disaster Management Plan (NDMP)- (2016)
  73. A FRAMEWORK FOR MAJOR EMERGENCY MANAGEMENT (APPENDICES)
  74. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
  75. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - IT
  76. IL LINGUAGGIO DEGLI ORGANISMI INFORMATIVI Glossario (2013)
  77. Dipartimento della Protezione Civile Glossario
  78. PROTEZIONE DELLE INFRASTRUTTURE CRITICHE INFORMATIZZATE La realtà Italiana (2004)
  79. GLOSSARIO DI PROTEZIONE CIVILE Regione Sicilia
  80. RFC2828 (Japanese translation)
  81. 重要インフラのサイバーセキュリティを 向上させるためのフレームワーク (2014)
  82. States of Jersey Future-proofing Jersey: Building Resilience for the 21st Century (2015)
  83. Saudi Arabian Monetary Authority (2017)
  84. Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008
  85. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - LV
  86. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - LT
  87. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FR
  88. Glossaire
  89. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - MT
  90. GUÍA PARA LA PRESENTACIÓN DEL ESTUDIO DE RIESGO MODALIDAD ANALISIS DE RIESGO, Mexico
  91. Estragia Nacional de Ciberseguridad (November 2017)
  92. Climate Change and Community Based Adaptation Planning Training Manual, Government of Nepal (2015)
  93. Zakboekje Preventie Cybercrime (2008)
  94. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - NL
  95. Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015
  96. Patiëntveiligheid Definitielijst (2005)
  97. DSB, National Risikobild 2014
  98. DSB, National Risk Analysis 2014
  99. Oman CERT Glossary
  100. U S TAWA z dnia o krajowym systemie cyberbezpieczeństwa / Polish (draft) law on the national cybersecurity system (2018)
  101. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - PL
  102. Strategia Cyberbezpieczeństwa Rzeczypospolitej Polskiej na lata 2017-2022
  103. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - PT
  104. Decisão do Conselho n.º 2013/488/EU, de 23 de setembro de 2013, relativa às regras de segurança aplicáveis à proteção das informações classificadas da UE
  105. Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
  106. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - RO
  107. GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
  108. GLOSSAIRE MULTILINGUE DE LA GESTION DU RISQUE pour usagers francophones (2007)
  109. Disaster Risk Reduction Country Profile for Saint Lucia: August 2012
  110. Government of Saint Lucia Disaster Management Policy Framework for Saint Lucia, 2004
  111. STRATÉGIE NATIONALE DE CYBERSÉCURITÉ DU SÉNÉGAL (SNC2022)
  112. ЗАКОН О ИНФОРМАЦИОНОЈ БЕЗБЕДНОСТИ (Law on Information Security), Serbia
  113. Foresight: A Glossary, Civil Service College, Singapore
  114. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - SK
  115. BEZPEČNOSTNÁ RADA SLOVENSKEJ REPUBLIKY
  116. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - SL
  117. Disaster Management Definitions Western Cape Government
  118. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - ES
  119. Glosario Mapama, government Spain
  120. Glosario Mapama, government Spain
  121. GLOSSAIRE MULTILINGUE DE LA GESTION DU RISQUE pour usagers francophones (2007)/Real Academia Española
  122. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - SV
  123. Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
  124. Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
  125. Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
  126. United Republic of Tanzania Guidelines for Management of Environmental Emergencies 2014
  127. 2016-2019 UlUSAL SİBER GÜVENLİk STRATEJİSİ (Sept. 2016)
  128. Turkey's National Cyber Security Strategy 2016-2019 (2016)
  129. Abu Dhabi Safety and Security Planning Manual
  130. National Cyber Security Strategy 2016, HM Government
  131. Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
  132. The National Adaptation Programme: Making the country resilient to a changing climate, UK Government (2013)
  133. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
  134. DHS Risk Lexicon 2010 Edition, September 2010
  135. NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/FIPS 200
  136. NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013) / FIPS 200
  137. IETF RFC449 Internet Security Glossary 2
  138. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  139. ISO Guide 73:2009 Risk management -- Vocabulary
  140. ISO/IEC 31000:2009, Risk management -- Principles and guidelines
  141. ISO 22301:2012 Societal security -- Business continuity management systems --- Requirements
  142. GLOSSAIRE MULTILINGUE DE LA GESTION DU RISQUE pour usagers francophones (2007)
  143. EM-DAT disaster database glossary
  144. 144.0 144.1 Province of Ontario’s Emergency Management Glossary of Terms
  145. OWASP Glossary
  146. Cybersecurity Woordenboek 2021