Risk Assessment

From CIPedia
Jump to navigation Jump to search

Definitions

European Definitions

Council of Europe

Risk assessment is the combination of vulnerability analysis and risk analysis. [1]

The determination and presentation (usually in quantitative form) of the potential hazards, and the likelihood and the extent of harm that may result from these hazards.

EU

(EU) 2022/2557
‘Risk assessment ’ means the overall process for determining the nature and extent of a risk by identifying and analysing potential relevant threats, vulnerabilities and hazards which could lead to an incident and by evaluating the potential loss or disruption of the provision of an essential service caused by that incident. [2]


CBRN Glossary
Overall process of:
* hazard identification (identification of a risk source capable of causing adverse effects to humans or the environment),
* hazard characterization (quantitative evaluation of the nature of the adverse health effects associated with the hazard),
* exposure assessment (evaluation of the likely exposure of man and/or the environment to risk sources), and
* risk characterisation (estimation, including attendant uncertainties, of the probability of occurrence and severity of known or potential adverse health effects in a given population). [3]


1313/2013/EC
Risk assessment means the overall cross-sectoral process of risk identification, risk analysis, and risk evaluation undertaken at national or appropriate sub-national level. [4]



ENISA

Risk Assessment is a scientific and technologically based process consisting of three steps, risk identification, risk analysis and risk evaluation. [5]


European Project Definitions

CIPRNet project

The CIPRNet project [6] uses the following definition:

Risk assessment is the overall process of risk identification, risk analysis and risk evaluation.


Other International Definitions

CARICOM

Risk assessment is a methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend. [7]


IAEA

Risk assessment is
(1) the overall process of systematically identifying, estimating, analysing and evaluating risk for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.
(2) the overall process of systematically identifying, estimating, analysing and evaluating risk. [8]


NATO CEP / EAPC

A process of evaluating threats to the vulnerabilities of an asset to give an expert opinion on the probability of loss or damage and its impact, as a guide to taking action. [9]


UNDRR

A methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend. [10]

According to UNISDR, risk assessments (and associated risk mapping) include:

  • a review of the technical characteristics of hazards such as their location,intensity, frequency and probability;
  • the analysis of exposure and vulnerability including the physical social, health, economic and environmental dimensions;
  • and the evaluation of the effectiveness of prevailing and alternative coping capacities in respect to likely risk scenarios.

This series of activities is sometimes known as a risk analysis process.

Évaluation des risques: Méthodologie pour déterminer la nature et l’étendue des risques à travers une analyse dis risques potentiels et l’évaluation des conditions existantes de la vulnérabilité qui, associées, pourrait affecter les populations, établissements, servies, subsistance. [11]


Оценка риска: Методика определения природы и масштаба риска посредством анализа потенциальных угроз и оценки существующих условий уязвимости, которые потенциально могут нанести вред подверженным угрозе людям, имуществу, средствам к существованию и окружающей среде, от которой они зависят. [12]


Evaluación del riesgo: Una metodología para determinar la naturaleza y el grado de riesgo a través del análisis de posibles amenazas y la evaluación de las condiciones existentes de vulnerabilidad que conjuntamente podrían dañar potencialmente a la población, la propiedad, los servicios y los medios de sustento expuestos, al igual que el entorno del cual dependen. [13]


تقييم المخاطر : منهجية تحديد طبيعة ومستوى المخاطر عن طريق تحليل الأخطار المحتملة وتقييم الظروف الحالية لمدى القابلية للتضرر، والتى معاً قد تحدث أضرار للأفراد والممتلكات والخدمات وسبل المعيشة والبيئة التى يعتمدون عليها [14]


Pengkajian risiko: Sebuah metodologi untuk menentukan sifat dan cakupan risiko dengan menganalisis potensi ancaman bahaya dan mengevaluasi kondisikondisi kerentanan yang ada yang bersama-sama berpotensi untuk merugikan/merusak penduduk yang terpapar serta harta benda, layanan, penghidupan dan lingkungan tempat mereka bergantung. [15]


Pagtatasa sa Peligro: Pamamaraan upang matukoy ang kalikasan at saklaw ng peligro sa pamamagitan ng pagsusuri sa mga potensyal na panganib at pag-aaral sa umiiral na mga kondisyon ng bulnerabilidad (kahinaan) na magkasama’y matinding makakapinsala sa nakalantad na mga tao, ariarian, serbisyo, kabuhayan at sa kapaligiran kung-saan sila umaasa (depend). [16]


[17] ارزيابي خطرپذيري
روشي براي تعيين طبيعت و دامنه خطرپذيري از طريق تحليل مخاطرات بالقوه و تحليل وضعيت هاي موجود
آسيب پذيري كه با هم بالقوه مي توانند به مردم در معرض مخاطره، دارايي ها و مايملك، خدمات، معيشت ه
و محيطي را كه به آن وابسته اند آسيب برسانند، مي گويند.



National Definitions

Argentina

Evaluación de Riesgos: Se entiende por evaluación de riesgos a la evaluación de las amenazas y vulnerabilidades relativas a la información y a las instalaciones de procesamiento de la misma, la probabilidad de que ocurran y su potencial impacto en la operatoria del Organismo. [18]



Australia

Overall process of risk identification, risk analysis and risk evaluation. [19]



Austria

„Risikobewertung“ den gesamten Prozess zur Bestimmung der Art und des Ausmaßes eines Risikos, bei dem potenzielle entsprechende Bedrohungen, Schwachstellen und Gefahren, die zu einem Sicherheitsvorfall führen könnten, ermittelt und analysiert und die durch den Sicherheitsvorfall verursachten potenziellen Verluste oder Störungen bei der Erbringung eines wesentlichen Dienstes bewertet werden. [20]


Risikobewertung sind den gesamten sektorübergreifenden Prozess der Risikoermittlung, Risikoanalyse und Risikobeurteilung auf nationaler oder geeigneter subnationaler Ebene. [21]



Belgium

“Risicobeoordeling”: het gehele proces ter bepaling van de aard en omvang van een risico door potentiële relevante dreigingen, kwetsbaarheden en gevaren die tot een incident kunnen leiden, in kaart te brengen en te analyseren, en door het verlies of de verstoring van een essentiële dienst die dat incident zou kunnen veroorzaken in te schatten. [22]

«Évaluation des risques», l’ensemble du processus permettant de déterminer la nature et l’étendue d’un risque en déterminant et en analysant les menaces, les vulnérabilités et les dangers potentiels pertinents qui pourraient conduire à un incident et en évaluant la perte ou la perturbation potentielle de la fourniture d’un service essentiel causée par cet incident. [23]

„Risikobewertung“ den gesamten Prozess zur Bestimmung der Art und des Ausmaßes eines Risikos, bei dem potenzielle entsprechende Bedrohungen, Schwachstellen und Gefahren, die zu einem Sicherheitsvorfall führen könnten, ermittelt und analysiert und die durch den Sicherheitsvorfall verursachten potenziellen Verluste oder Störungen bei der Erbringung eines wesentlichen Dienstes bewertet werden. [20]


Risicobeoordeling: het algemeen sectoroverschrijdend proces van het in kaart brengen, analyseren en beoordelen van risico's op nationaal of een passend subnationaal niveau. [24]


Évaluation des risques: l'ensemble des processus transsectoriels d'identification, d'analyse et d'évaluation des risques mis en œuvre au niveau national ou au niveau infranational approprié. [25]



Bosnia and Herzegovina

Ocjena Rizika: Metodologija kojom se utvrđuje koji mogu nastati, vjerovatnoća njihovog nastanka, posljedice koje mogu izazvati i kojom se iznalaze strategije za eliminiranje ili smanjenje rizika. [26]


Procjena rizika je ukupan proces identifikacije rizika, analize rizika, i Evaluacije rizika. (ISO 31010) [27]


Procjene opasnosti određuju vjerovatnoću nastanka određene opasnosti određenog intenziteta. [28]



Bulgaria

„оценка на риска“ означава цялостният процес, въз основа на който се определят естеството и степента на риска, като се идентифицират и анализират съответните потенциални заплахи, уязвими места и опасности, които биха могли да доведат до настъпването на инцидент, и като се оценява вероятната щета или нарушаване на предоставянето на основна услуга, които могат да бъдат причинени от посочения инцидент. [29]


Oценка на риска означава цялостен междусекторен процес за установяване, анализ и оценка на рисковете, който е предприет на национално или подходящо поднационално равнище. [30]



Canada

The overall process of risk identification, risk analysis and risk evaluation. [31]

Ensemble du processus d’identification de risques, d’analyse de risques et d’examen de risques. [32]



Cape Verde

Avaliação de riscos: Metodologia para determinar a natureza e extensão do risco, analisando os potenciais riscos e avaliando as condições existentes de vulnerabilidade que, juntos, poderiam potencialmente prejudicar as pessoas, bens e, serviços expostos, os meios de subsistência e o meio ambiente do qual dependem. [33]



Colombia

Evaluación del riesgo: Proceso de comparar el riesgo estimado contra criterios de riesgo dados, para determinar la importancia del riesgo. [34]




Croatia

„Procjena rizika ” znači cjelokupni postupak utvrđivanja prirode i opsega rizika utvrđivanjem i analizom potencijalnih relevantnih prijetnji, ranjivosti i opasnosti koje bi mogle dovesti do incidenta te evaluacijom mogućeg gubitka ili poremećaja u pružanju ključne usluge uzrokovanog tim incidentom. [35]


Procjena rizika: znači cjelokupni međusektorski proces utvrđivanja, analize i evaluacije rizika izvršen na nacionalnoj ili odgovarajućoj podnacionalnoj razini. [36]



Cyprus

«εκτίμηση κινδύνων»: η συνολική διαδικασία για τον προσδιορισμό της φύσης και της έκτασης ενός κινδύνου μέσω εντοπισμού και ανάλυσης πιθανών σχετικών απειλών, τρωτών σημείων και κινδύνων που θα μπορούσαν να οδηγήσουν σε περιστατικό και μέσω αξιολόγησης της δυνητικής απώλειας ή διαταραχής της παροχής βασικής υπηρεσίας που προκαλείται από το εν λόγω περιστατικό. [37]


εκτίμηση κινδύνων: η συνολική διατομεακή διαδικασία εντοπισμού, ανάλυσης και αξιολόγησης κινδύνων που πραγματοποιείται σε εθνικό ή σε ενδεδειγμένο κατώτερο του εθνικού επίπεδο. [38]



Czech Republic

„Posouzením rizik “ celkový postup určení povahy a rozsahu rizika identifikací a analýzou možných relevantních hrozeb, zranitelných míst a nebezpečí, které by mohly vést k incidentu, a hodnocením možné ztráty nebo narušení poskytování základní služby způsobené tímto incidentem. [39]


Posuzování rizika: Celkový proces identifikace rizik, analýzy rizik a hodnocení rizik. [40]

Risk assessment is the overall process of risk identification, risk analysis and risk assessment. [41]


Posouzením rizik celkový meziodvětvový proces zjišťování rizik, analýzy rizik a hodnocení rizik prováděný na celostátní nebo odpovídající nižší úrovni. [42]



Denmark

»Risikovurdering«: den samlede proces med henblik på at bestemme arten og omfanget af en risiko ved at identificere og analysere potentielle relevante trusler, sårbarheder og farer, der kunne føre til en hændelse, og ved at evaluere det potentielle tab eller den potentielle forstyrrelse af leveringen af en væsentlig tjeneste forårsaget af denne hændelse. [43]


Risikovurdering: den overordnede tværsektorielle proces, hvor risici identificeres, analyseres og vurderes på nationalt eller på et relevant subnationalt niveau. [44]



Estonia

„Riskianalüüs“ – üldine protsess, mille eesmärk on määrata kindlaks riski olemus ja ulatus, tehes kindlaks intsidendini viia võivad võimalikud asjakohased ohud ja nõrgad kohad, analüüsides neid ohte ja nõrku kohti ning hinnates sellest intsidendist tingitud potentsiaalset elutähtsa teenuse osutamise katkemist või häiret. [45]


Riskihindamine: üldine valdkondadevaheline riskide kindlakstegemise, analüüsi ja hindamise protsess riiklikul või asjakohasel piirkondlikul tasandil hindamiseks. [46]<



Finland

’Riskinarvioinnilla ’ kokonaisprosessia, jonka avulla määritetään riskin luonne ja laajuus tunnistamalla ja analysoimalla sellaiset mahdolliset asiaankuuluvat uhat, heikkoudet ja vaarat, jotka voivat johtaa poikkeamaan, ja arvioidaan mahdollinen kyseisen poikkeaman aiheuttama keskeisen palvelun tarjonnan menetys tai häiriytyminen. [47]


Riskinarvioinnilla: tarkoitetaan kattavaa eri alojen välistä prosessia, jossa riskit tunnistetaan, analysoidaan ja arvioidaan kansallisella tai asianmukaisella paikallisella tasolla. [48]



France

«Évaluation des risques», l’ensemble du processus permettant de déterminer la nature et l’étendue d’un risque en déterminant et en analysant les menaces, les vulnérabilités et les dangers potentiels pertinents qui pourraient conduire à un incident et en évaluant la perte ou la perturbation potentielle de la fourniture d’un service essentiel causée par cet incident. [23]


Évaluation des risques: l'ensemble des processus transsectoriels d'identification, d'analyse et d'évaluation des risques mis en œuvre au niveau national ou au niveau infranational approprié. [49]



Gambia

Risk assessment: Overall process of risk identification, risk analysis and risk evaluation. [50]



Germany

„Risikobewertung“ den gesamten Prozess zur Bestimmung der Art und des Ausmaßes eines Risikos, bei dem potenzielle entsprechende Bedrohungen, Schwachstellen und Gefahren, die zu einem Sicherheitsvorfall führen könnten, ermittelt und analysiert und die durch den Sicherheitsvorfall verursachten potenziellen Verluste oder Störungen bei der Erbringung eines wesentlichen Dienstes bewertet werden. [20]


Risikobewertung sind den gesamten sektorübergreifenden Prozess der Risikoermittlung, Risikoanalyse und Risikobeurteilung auf nationaler oder geeigneter subnationaler Ebene. [51]


Risikoabschätzung ist das Verfahren zur Abschätzung des Risikos. [52]


Die Risikoabschätzung ist ein Verfahren zur Abschätzung des Risikos. [53]



Greece

«εκτίμηση κινδύνων»: η συνολική διαδικασία για τον προσδιορισμό της φύσης και της έκτασης ενός κινδύνου μέσω εντοπισμού και ανάλυσης πιθανών σχετικών απειλών, τρωτών σημείων και κινδύνων που θα μπορούσαν να οδηγήσουν σε περιστατικό και μέσω αξιολόγησης της δυνητικής απώλειας ή διαταραχής της παροχής βασικής υπηρεσίας που προκαλείται από το εν λόγω περιστατικό. [37]


εκτίμηση κινδύνων: η συνολική διατομεακή διαδικασία εντοπισμού, ανάλυσης και αξιολόγησης κινδύνων που πραγματοποιείται σε εθνικό ή σε ενδεδειγμένο κατώτερο του εθνικού επίπεδο. [54]



Hungary

„Kockázatértékelés ”: átfogó eljárás, amely valamely kockázat jellegének és mértékének meghatározására irányul, olyan potenciális releváns fenyegetések, sebezhetőségek és veszélyek azonosításával és elemzésével, amelyek eseményt idézhetnek elő, valamint az alapvető szolgáltatás nyújtása tekintetében felmerülő, az említett esemény által okozott potenciális veszteség vagy zavar értékelésével. [55]


Kockázatértékelés: a kockázatok azonosításának, a kockázatelemzésnek és a kockázatértékelésnek nemzeti, vagy a megfelelő szubnacionális szinten végzett átfogó, ágazatközi folyamata. [56]



India

Risk assessment is an analysis of system assets and vulnerabilities to establish an expected loss from certain events based on estimated probabilities of the occurrence of those events. [57]


Risk Assessment: A methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend. [58]



Ireland

Ciallaíonn “measúnú riosca” an próiseas foriomlán chun cineál agus méid riosca a chinneadh trí bhagairtí, leochaileachtaí agus guaiseacha ábhartha féideartha, a bhféadfadh teagmhas a bheith mar thoradh orthu, a shainaithint agus a anailísiú, agus trí chaillteanas nó suaitheadh féideartha soláthair seirbhíse fíor-riachtanaí a d’fhéadfadh tarlú mar gheall ar an teagmhas sin a mheasúnú. [59]


Risk assessment is a systematic process of identifying and evaluating, either qualitatively or quantitatively, the risk resulting from specific hazards. [60]


Risk assessment means the overall cross-sectoral process of risk identification, risk analysis, and risk evaluation undertaken at national or appropriate sub-national level. [61]



Italy

«Valutazione del rischio »: l’intero processo volto a determinare la natura e la portata di un rischio individuando e analizzando potenziali minacce, vulnerabilità e pericoli pertinenti che potrebbero causare un incidente e valutando la potenziale perdita o perturbazione della fornitura di un servizio essenziale causata da tale incidente. [62]


Valutazione del rischio: l'intero processo intersettoriale di individuazione, analisi e stima dei rischi a livello nazionale o al livello subnazionale appropriato. [63]



Japan

リスク評価: 価値あるシステム資源とそれらの試算に対する脅威を体系的に識別し、見積もられる頻度と発生時の費用に基づいて損失的露出(すなわち、損失の可能性)を限定し、(オプションとして)「露出全体を最小化するために、対策に資源配分する方法」を推奨する過程.

(Cyber) A process that systematically identifies valuable system resources and threats to those resources, quantifies loss exposures (i.e., loss potential) based on estimated frequencies and costs of occurrence, and (optionally) recommends how to allocate resources to countermeasures so as to minimize total exposure. [64]



Kiribati

Aanga n tutuo: Taian kawai ake a n kona ni moantaai ni kaota te kanganga imwain rikina n aron makenakin taabo ae e na kona n roko iai te iabuti man taari, aio n ikotaki ma aomata ao tabo n aron te kaawa, auti, maneaba , autin te tautaeka, nnen taian ran ao ran mai iaan tare, aroka ma kaai. [65]

Risk assessment: The technical steps to determine the amount of climate change risk.



Latvia

“Riska novērtējums” ir viss process, ko veic, lai noteiktu riska veidu un apmēru, identificējot un analizējot iespējamus attiecīgos draudus, neaizsargātību un apdraudējumus, kas varētu novest pie incidenta, un novērtējot potenciālos attiecīgā incidenta izraisītos zaudējumus vai traucējumus pamatpakalpojuma sniegšanā. [66]


Riska novērtējums: ir vispārējs, dažādas nozares aptverošs riska noteikšanas, riska analīzes un riska novērtēšanas process, ko veic valsts vai attiecīgā vietējā līmenī. [67]



Lithuania

Rizikos vertinimas – bendras procesas siekiant nustatyti rizikos pobūdį ir mastą nustatant ir analizuojant atitinkamas potencialias grėsmes, pažeidžiamumus ir pavojus, dėl kurių galėtų kilti incidentas, ir įvertinant potencialų esminės paslaugos teikimo nutrūkimą arba sutrikimą, kurį sukėlė tas incidentas. [68]


Ankstyvasis perspėjimas: laiku ir veiksmingai pateikiama informacija, pagal kurią galima imtis veiksmų, kad būtų išvengta nelaimės arba sumažinta jos rizika ir išvengta neigiamų jos padarinių arba jie būtų sušvelninti, ir sudarytos palankesnės sąlygos veiksmingam reagavimui būtinai parengčiai užtikrinti. [69]



«Évaluation des risques», l’ensemble du processus permettant de déterminer la nature et l’étendue d’un risque en déterminant et en analysant les menaces, les vulnérabilités et les dangers potentiels pertinents qui pourraient conduire à un incident et en évaluant la perte ou la perturbation potentielle de la fourniture d’un service essentiel causée par cet incident. [23]


Luxembourg

«Évaluation des risques», l’ensemble du processus permettant de déterminer la nature et l’étendue d’un risque en déterminant et en analysant les menaces, les vulnérabilités et les dangers potentiels pertinents qui pourraient conduire à un incident et en évaluant la perte ou la perturbation potentielle de la fourniture d’un service essentiel causée par cet incident. [23]


Évaluation des risques: l'ensemble des processus transsectoriels d'identification, d'analyse et d'évaluation des risques mis en œuvre au niveau national ou au niveau infranational approprié. [70]



Malta

"Valutazzjoni tar-riskju" tfisser il-proċess ġenerali sabiex tiġi ddeterminata n-natura u l-firxa ta' riskju billi jidentifika u janalizza theddid, vulnerabbiltajiet u perikli rilevanti potenzjali li jistgħu jwasslu għal inċident u billi jevalwa t-telf jew it-tfixkil potenzjali tal-forniment ta' servizz essenzjali kkawżat minn dak l-inċident. [71]


Valutazzjoni tar-riskju: tfisser il-proċess transsettorjali globali ta' identifikazzjoni tar-riskji, analiżi tar-riskji, u evalwazzjoni tar-riskji li jsir fuq livell nazzjonali jew livell subnazzjonali adatt. [72]



Mexico

Evaluación de riesgo: El proceso de estimar la probabilidad de que ocurra un acontecimiento y la magnitud probable de los efectos adversos (en la seguridad, salud, ecología o financieros), durante un periodo específico. [73]



Netherlands

“Risicobeoordeling”: het gehele proces ter bepaling van de aard en omvang van een risico door potentiële relevante dreigingen, kwetsbaarheden en gevaren die tot een incident kunnen leiden, in kaart te brengen en te analyseren, en door het verlies of de verstoring van een essentiële dienst die dat incident zou kunnen veroorzaken in te schatten. [22]


Risicobeoordeling: het algemeen sectoroverschrijdend proces van het in kaart brengen, analyseren en beoordelen van risico's op nationaal of een passend subnationaal niveau. [74]


[Dutch] Het gehele proces van risico-identificatie, risicoanalyse en risico-evaluatie. [75]


[Dutch] Risicobeoordeling: wetenschappelijk gefundeerd proces, bestaande uit vier stappen, te weten gevareninventarisatie, gevarenkarakterisatie, blootstellingschatting en risicokarakterisatie. [76]


[HEALTH sector]
Risico-inschatting: De wetenschappelijke analyse van bekende of potentiële ongewenste gezondheidseffecten die het gevolg zijn van blootstelling aan gevaar. Het proces bestaat uit de volgende stappen: (1) identificatie van gevaar, (2) karakterisering van het gevaar, (3) inschatting van de blootstelling, en (4) karakterisering van het risico. Bij de definitie zijn inbegrepen kwantitatieve risicoschatting, waarbij de nadruk ligt op getalsmatige onderbouwing, en ook kwalitatieve uitdrukking van risico, evenals een indicatie van de aanwezige onzekerheden.

Risk Assessment: The scientific evaluation of known or potential adverse health effects resulting from human exposure hazards. The process consists of the following steps: (1) hazard identification, (2) hazard characterization, (3) exposure assessment, and (4) risk characterization. The definition includes quantitative risk assessment, which emphasizes reliance on numerical expressions of risk, and also qualitative expressions of risk, as well as an indication of the attendant uncertainties). [77]



Norway

Risikoanalysene i NRB består av: (1) Valg av uønskede hendelser for utvikling av scenarioer, (2) Vurdering av sannsynligheten for at scenarioet vil inntreffe, (3) Kartlegging av sårbahet ved systemer som berøres, (4) Konsekvenser hendelsen eventuelt vil få,(5) Vurdering av usikkerheten. [78]

The risk analyses in the National Risk Assessment (NRA) consist of: (1) Selection of adverse events for the development of scenarios, (2) Assessment of the likelihood that the scenario will occur, (3) Survey of vulnerability in the systems that are affected, (4) The consequences the event may have, (5) Assessment of uncertainty. [79]



Oman

A Risk Assessment is the process by which risks are identified and the impact of those risks determined. [80]



Philippines

Risk Assessment:
(a) The process of identifying risks to organizational operations including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system;
(b) Part of risk management, incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. [81]


Risk Assessment: The review of the risks associated with a particular event or action. [82]

It is applied to projects, information technology, security issues and any action where risks may be analysed on a quantitative and qualitative basis. Risk analysis is a component of risk management.

Poland

„Ocena ryzyka ” oznacza ogólny proces mający na celu określenie charakteru i zakresu ryzyka poprzez identyfikację i analizę potencjalnych odpowiednich zagrożeń, podatności na zagrożenia i niebezpieczeństw, które mogłyby prowadzić do incydentu, oraz poprzez ocenę potencjalnej straty lub potencjalnego zakłócenia świadczenia usługi kluczowej spowodowanych tym incydentem. [83]


Szacowanie ryzyka – całościowy proces identyfikacji, analizy i oceny ryzyka. [84]


Risk assessment means the total risk analysis, which consists of: risk identification and determination of extent of risks, as well as the risk assessment process. [85]


Ocena ryzyka: oznacza całościowy, przekrojowy proces identyfikacji ryzyka, analizy ryzyka i szacowanie ryzyka podejmowany na szczeblu krajowym lub odpowiednim niższym szczeblu. [86]



Portugal

«Avaliação dos riscos», o processo geral levado a cabo para determinar a natureza e o alcance um risco, através da identificação e análise de potenciais ameaças, vulnerabilidades e perigos pertinentes suscetíveis de provocar um incidente, bem como através da avaliação da potencial perda ou perturbação da prestação de um serviço essencial causada por esse incidente. [87]


Avaliação de riscos: o processo global e transetorial de identificação, análise e avaliação de riscos realizado a nível nacional ou ao nível subnacional adequado. [88]


[Definição] Avaliação do Risco: Identificação das ameaças e vulnerabilidades e realização da análise de risco conexa, ou seja, a análise da probabilidade e do impacto. [89]



Republic of Trinidad & Tobago

A methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend. [90]



Romania

„Evaluarea riscurilor” înseamnă procesul global prin care se determină natura și amploarea unui risc prin identificarea și analiza potențialelor amenințări, vulnerabilități și pericole relevante care ar putea conduce la un incident și prin evaluarea potențialelor pierderi sau perturbări ale furnizării unui serviciu esențial provocate de incidentul respectiv. [91]


Evaluarea riscurilor: înseamnă procesul intersectorial global de identificare, analiză și evaluare a riscurilor, desfășurat la nivel național sau la un nivel subnațional corespunzător. [92]



Slovakia

„Posúdenie rizika “ je celkový proces na určenie povahy a rozsahu rizika identifikáciou a analýzou potenciálnych relevantných hrozieb, zraniteľností a nebezpečenstiev, ktoré by mohli viesť k incidentu, a vyhodnotením potenciálnej straty alebo narušenia poskytovania základnej služby spôsobeného uvedeným incidentom. [93]


Posúdenie rizík: znamená celkový medzisektorový proces zisťovania rizík, analýzy rizík a hodnotenia rizík vykonávaný na vnútroštátnej úrovni alebo vhodnej úrovni, ktorá je nižšia, ako vnútroštátna úroveň. [94]



Slovenia

„Ocena tveganja “ pomeni celotni postopek za določitev narave in obsega tveganja, in sicer s prepoznavanjem in analiziranjem morebitnih relevantnih groženj, ranljivosti in nevarnosti, ki bi lahko privedle do incidenta, ter z vrednotenjem možnosti izgube ali motenj, ki jih ta incident povzroči pri opravljanju bistvene storitve. [95]


Ocena tveganja" pomeni celoten medsektorski postopek ugotavljanja, analize in evalvacije tveganja na nacionalni ali ustrezni podnacionalni ravni. [96]



Spain

«Evaluación de riesgos»: el proceso general dirigido a determinar la naturaleza y el alcance de un riesgo mediante la identificación y el análisis de potenciales amenazas, vulnerabilidades y peligros pertinentes que puedan dar lugar a un incidente y mediante la evaluación de las posibles pérdidas o perturbaciones en la prestación de un servicio esencial causadas por dicho incidente. [97]


Valuación de riesgos: el proceso general intersectorial de identificación, análisis y evaluación de riesgos realizado en el nivel nacional o en el correspondiente nivel subnacional. [98]



Sweden

Riskbedömning: den övergripande processen för att fastställa arten och omfattningen av en risk genom att identifiera och analysera potentiella relevanta hot, sårbarheter och faror som skulle kunna leda till en incident och genom att utvärdera den potentiella förlusten eller störningen i samband med tillhandahållandet av en samhällsviktig tjänst till följd av den incidenten. [99]


Riskbedömning: den samlade sektorsövergripande processen för att identifiera, analysera och utvärdera risker som genomförs på nationell eller lämplig subnationell nivå. [100]



Switzerland

Die Risikobeurteilung umfasst den Prozess der Risikoanalyse und Risikobewertung. [101]

L’évaluation des risques englobe le processus de l’analyse et de l’appréciation des risques. [102]

La valutazione dei rischi comprende il processo di analisi dei rischi e di ponderazione dei rischi. [103]



United Kingdom (UK)

Risk Assessment is a structured and auditable process of identifying potentially significant events, assessing their likelihood and impacts, and then combining these to provide an overall assessment of risk, as a basis for further decisions and action. [104]


Risk Assessment is an analysis of risks and their mpacts to provide information for decision making. [105]

Often, risk assessment will consider a particular impacted [party], like a building or population. The process usually includes identifying hazards which could have an impact; and assessing the likelihoods and severities of impacts.

Risk assessment means the overall cross-sectoral process of risk identification, risk analysis, and risk evaluation undertaken at national or appropriate sub-national level. [106]



United Arab Emirates

Risk Assessment: The process of assessing security-related risks from internal and external threats to an entity, its assets, or personnel. [107]



United States

DHS
Risk Assessment is a product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making. [108]


NFPA-1600
Process of hazard identification, probability analysis, vulnerability analysis, and impacts analysis. [109]


NIST
The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. [110]



Standard Definition

ISO/IEC 27000:2014, ISO 31000:2009 and ISO 22301:2012

The standard defines risk assessment as

Risk Assessment is the "overall process of risk identification, risk analysis and risk evaluation. [111] [112] [113] (based on the ISO Guide 73:2009 [114])


Other Definitions

Ontario (Canada)

Risk assessment is a methodology to determine the nature and extent of risk by analyzing potential hazards and the evaluation of vulnerabilities and consequences. [115]

Évaluation des risques: méthodologie visant à déterminer la nature et l’étendue des risques au moyen de l’analyse des risques potentiels et de l’évaluation des vulnérabilités et des conséquences. [115]


World Economic Forum

The process which an organization is engaged in to analyse, evaluate and understand the spectrum of risks, their potential likelihood and their severity in order to enable it to act to mitigate unacceptable risk to the organization. [116]


See also

Notes

References

  1. GLOSSAIRE MULTILINGUE DE LA GESTION DU RISQUE pour usagers francophones (2007)/European Centre of Technological Safety (TESEC) - TESEC-EUR-OPA 2001)
  2. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [EN]
  3. European Commission's CBRN Glossary, 2012
  4. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - EN
  5. ENISA Risk Glossary
  6. http://www.ciprnet.eu/
  7. Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
  8. IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
  9. NATO EAPC(SCEPC) lexicon 2003.
  10. 2009 UNISDR Terminology on Disaster Risk Reduction
  11. UNISDR glossary
  12. UNISDR glossary
  13. UNISDR glossary
  14. UNISDR glossary
  15. UNISDR glossary in Bahasa
  16. UNISDR glossary in Tagalog
  17. Internationally agreed glossary of basic terms related to Disaster Management in Farsi
  18. Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
  19. Australia AS NZS 5050 (2010)
  20. 20.0 20.1 20.2 https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [DE]
  21. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - DE
  22. 22.0 22.1 https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [NL]
  23. 23.0 23.1 23.2 23.3 https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [FR]
  24. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - NL
  25. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - FR
  26. GLOSAR POJMOVA
  27. RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama
  28. RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama
  29. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [BG]
  30. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - BG
  31. Derived from ISO 31000:2009
  32. Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
  33. Avaliação das Necessidades Pós- Desastre (PDNA) ERUPÇÃO VULCÂNICA NO FOGO 2014-2015, Cape Verde
  34. Glosario MINTIC – ICT Ministry of Colombia; source: NTC-ISO /IEC 27001
  35. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [HR]
  36. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - HR
  37. 37.0 37.1 https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [EL]
  38. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism – EL
  39. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [CS]
  40. Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
  41. Výkladový slovník kybernetické bezpečnosti (2013)
  42. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - CS
  43. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [DA]
  44. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - DA
  45. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [ET]
  46. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - ET
  47. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [FI]
  48. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - FI
  49. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - FR
  50. THE GAMBIA NATIONAL CYBERSECURITY STRATEGY (2019)
  51. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - DE
  52. Glossar BBK
  53. Glossar, Das Bundesamt für Bevölkerungsschutz und Katastrophenhilfe (BBK)
  54. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism – EL
  55. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [HU]
  56. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - HU
  57. India's DGQA Cyber Security Policy (2015)
  58. National Disaster Management Plan (NDMP)- (2016)
  59. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [GA}
  60. A FRAMEWORK FOR MAJOR EMERGENCY MANAGEMENT (APPENDICES)
  61. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism
  62. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [IT]
  63. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - IT
  64. RFC2828 (Japanese translation)
  65. Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008
  66. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [LV]
  67. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - LV
  68. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [LT]
  69. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - LT
  70. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - FR
  71. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [MT]
  72. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - MT
  73. GUÍA PARA LA PRESENTACIÓN DEL ESTUDIO DE RIESGO MODALIDAD ANALISIS DE RIESGO, Mexico
  74. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - NL
  75. Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015
  76. Wet onafhankelijke risicobeoordeling Nederlandse Voedsel- en Warenautoriteit
  77. Patiëntveiligheid Definitielijst (2005)
  78. DSB, National Risikobild 2014
  79. DSB, National Risk Analysis 2014
  80. Oman CERT Glossary
  81. DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
  82. NHS Cyber security glossary
  83. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [PL]
  84. U S TAWA z dnia o krajowym systemie cyberbezpieczeństwa / Polish (draft) law on the national cybersecurity system (2018)
  85. CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND, 2013
  86. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - PL
  87. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [PT]
  88. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - PT
  89. Glossário Centro National de Cibersegurança Portugal
  90. Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
  91. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [RO]
  92. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - RO
  93. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [SK]
  94. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - SK
  95. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [SL]
  96. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - SL
  97. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [ES]
  98. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - ES
  99. https://eur-lex.europa.eu/eli/dir/2022/2557/oj DIRECTIVE (EU) 2022/2557 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC [SV]
  100. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - SV
  101. Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
  102. Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
  103. Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
  104. Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
  105. The National Adaptation Programme: Making the country resilient to a changing climate, UK Government (2013)
  106. DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism
  107. Abu Dhabi Safety and Security Planning Manual
  108. DHS Risk Lexicon 2010 Edition, September 2010
  109. NFPA-1600
  110. NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
  111. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  112. ISO/IEC 31000:2009, Risk management -- Principles and guidelines
  113. ISO 22301:2012 Societal security -- Business continuity management systems --- Requirements
  114. ISO Guide 73:2009 Risk management -- Vocabulary
  115. 115.0 115.1 Province of Ontario’s Emergency Management Glossary of Terms
  116. WEF Partnering for Cyber Resilience Guidelines (2012)