Difference between revisions of "Risk Management"
(→See also) |
(→New Zealand) |
||
(139 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
==Definitions== | ==Definitions== | ||
− | === | + | === European Definitions === |
+ | ==== [[Council of Europe]] ==== | ||
+ | {{definition|Risk management is the process whereby decisions are made and actions implemented to eliminate or reduce the effects of identified [[hazard|hazards]]. <ref>[http://www.europhras.org/Site/anderedokumente/GMLGR5L_6_12_07.pdf GLOSSAIRE MULTILINGUE DE LA GESTION DU RISQUE pour usagers francophones (2007)/European Centre of Technological Safety (TESEC) - TESEC-EUR-OPA 2001)]</ref>}}<br/><br/> | ||
+ | ==== [[EU]]==== | ||
+ | {{definition|[CBRN] The process, distinct from [[Risk Assessment]], of weighing policy alternatives, in consultation with all interested parties, considering risk assessment and other factors relevant for the health protection of workers and consumers, the protection of the environment and for the promotion of fair trade practices, and, if needed, selecting appropriate [[prevention]] and [[control]] options. <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref>}}<br /> | ||
+ | ====[[ENISA]]==== | ||
+ | {{definition|Risk Management is the process, distinct from [[Risk Assessment|risk assessment]], of weighing policy alternatives in consultation with interested parties, considering risk assessment and other legitimate factors, and selecting appropriate [[prevention]] and control options. <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/glossary ENISA Risk Glossary]</ref>}}<br /> | ||
+ | === Other International Definitions === | ||
+ | ==== [[CARICOM]]==== | ||
+ | {{definition|Risk management is the systematic approach and practice of managing uncertainty to minimise potential [[harm]] and loss. <ref>[http://www.cdema.org/index.php?option=com_joomdoc&task=doc_download&gid=28&Itemid=231 Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024]</ref>}} | ||
+ | <br/> | ||
− | === | + | ==== [[NATO|NATO CEP / EAPC]] ==== |
− | ==== UNISDR ==== | + | {{definition|A deliberate process of understanding [[risk]] and deciding upon and implementing actions to reduce risk to a defined level, which is an acceptable level of [[risk]] at an acceptable cost. This approach is characterised by identifying, measuring, and controlling risks to a level commensurate with an assigned level. <ref>NATO EAPC(SCEPC) lexicon.</ref>}} |
− | + | <br /> | |
+ | |||
+ | ==== [[UNISDR]] ==== | ||
+ | {{definition|The systematic approach and practice of managing uncertainty to minimize potential [[harm]] and [[loss]]. <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref>}} | ||
+ | |||
+ | <big>According to UNISDR, risk management comprises [[Risk Assessment|risk assessment]] and [[Risk Analysis|analysis]], and the implementation of strategies and specific actions to control, reduce and transfer risks. It is widely practiced by organizations to minimise risk in investment decisions and to address operational risks such as those of business disruption, production failure, environmental damage, social impacts and damage from fire and natural hazards. Risk management is a core issue for sectors such as water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.</big><br /> | ||
+ | <br/> | ||
+ | {{definition|Gestion des risques: Approche systémique et pratique managériale pour limiter les dommages et les pertes potentiels. <ref>[http://unisdr.org/files/7817_UNISDRTerminologyFrench.pdf UNISDR glossary]</ref>}}<br/> | ||
+ | {{definition|Управление риском: Системный подход и практические действия, направленные на устранение неопределенности для снижения потенциального вреда и ущерба. <ref>[http://unisdr.org/files/7817_UNISDRTerminologyRussian.pdf UNISDR glossary]</ref>}}<br/> | ||
+ | {{definition|Gestión del riesgo: El enfoque y la práctica sistemática de gestionar la incertidumbre para minimizar los daños y las pérdidas potenciales. <ref>[http://unisdr.org/files/7817_UNISDRTerminologySpanish.pdf UNISDR glossary]</ref>}}<br/> | ||
+ | {{definition| إدارة المخاطر : المنهج النمطي والممارسات لإدارة مخاطر محتملة للتقليل من احتمالات الضرر والخسارة. <ref>[http://www.unisdr.org/files/7817_UNISDRTerminologyArabic.pdf UNISDR glossary]</ref>}}<br/> | ||
+ | {{definition|Manajemen risiko: Pendekatan dan praktik sistematis dalam mengelola ketidakpastian untuk meminimalkan potensi kerusakan dan kerugian. <ref>[http://www.preventionweb.net/files/7817_isdrindonesia.pdf UNISDR glossary in Bahasa]</ref>}}<br/> | ||
+ | {{definition|Pengurusan Risiko: Pendekatan dan pelaksanaan sistematik dalam menguruskan ketidakpastian bagi meminimumkan kerosakan dan kerugian. <ref>[http://www.preventionweb.net/files/7817_isdrmalaysiaterminology.pdf UNISDR glossary in Malay]</ref>}}<br/> | ||
+ | {{definition|Pamamahala sa Peligro: Ang sistematkong pamamaraan at praktika ng pamamahala ng kawalang-katiyakan para mabawasan ang posibilidad ng pinsala at kawalan. <ref>[http://www.preventionweb.net/files/7817_isdrphillipinesterminology.pdf UNISDR glossary in Tagalog]</ref>}}<br/> | ||
+ | {{definition|<ref>[https://www.preventionweb.net/files/7817_unisdr2009terminologypersianedition.pdf Internationally agreed glossary of basic terms related to Disaster Management in Farsi]</ref>مديريت خطرپذيري<br/>رويكردي نظامند و به كاربستن مديريت عدم قطعيت براي به حداقل رساندن بالقوه آسيب و زيان }}<br/><br/> | ||
=== National Definitions === | === National Definitions === | ||
− | ==== | + | ==== [[Argentina]] ==== |
− | + | {{definition|Gestión de Riesgos: Actividades coordinadas para dirigir y controlar una organización en lo que concierne al riesgo. <ref>[http://servicios.infoleg.gob.ar/infolegInternet/anexos/215000-219999/219163/norma.htm Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)]</ref>}}NOTA. La gestión de riesgos usualmente incluye la evaluación de riesgos, el tratamiento de riesgos, la aceptación de riesgos y la comunicación de riesgos.<br/><br/> | |
+ | |||
+ | ==== [[Australia]] ==== | ||
+ | {{definition|Risk management is the systematic application of management policies, procedures and practices to the tasks of [[Risk Identification| identifying]], analyzing, [[Risk Evaluation|evaluating]], treating and monitoring risk. <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}} | ||
+ | <br /> | ||
+ | |||
+ | {{definition|Coordinated activities to direct and control an organization with regard to risk. <ref> [http://www.risknz.org.nz/files/3114/0868%2F4596%2F5050-2010.pdf Australia AS NZS 5050 (2010)]</ref>}}<br /> | ||
+ | {{definition|Risk management - The implementation of strategies to avoid unacceptable consequences. In the context of climate change adaptation and mitigation are the two broad categories of action that might be taken to avoid unacceptable consequences. <ref>[http://www.oecd.org/env/cc/36736773.pdf ADAPTATION TO CLIMATE CHANGE: KEY TERMS, E. Levina and D. Terpak, OECD (2006) - derived from (Australian Greenhouse Office. 2003)]</ref>}}<br /><br/> | ||
+ | |||
+ | ==== [[Canada]] ==== | ||
+ | {{definition| Risk management is the use of policies, practices and resources to analyze, assess and control risks to health, safety, environment and the economy.<br /><br />Gestion des risques: Recours à des politiques, à des pratiques et à des ressources pour analyser, évaluer et contrôler les risques pour la santé, la sécurité, l’environnement et l’économie. <ref>[http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition) ]</ref> <ref name="canada">[http://publications.gc.ca/collections/collection_2012/tpsgc-pwgsc/S52-2-281-2012.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}} | ||
+ | <br /> | ||
+ | {{definition|Gestion des risques: Mesures prises pour garantir ou améliorer la sécurité d’une installation et de son fonctionnement (OCDE, 1992). <ref name="canada_fr">[http://www.mddelcc.gouv.qc.ca/evaluations/documents/guide-risque-techno.pdf Guide Analyse de risques d'accidents technologiques majeurs (2002)]</ref>}}<br /><br/> | ||
+ | |||
+ | ====[[Capo Verde|Cape Verde]]==== | ||
+ | {{definition|Gestão de risco: Abordagem sistemática e prática de gestão de incertezas para minimizer potenciais danos e perdas. <ref>[https://www.un.cv/files/RelatorioPDNA_PT.PDF Avaliação das Necessidades Pós- Desastre (PDNA) ERUPÇÃO VULCÂNICA NO FOGO 2014-2015, Cape Verde]</ref>}} A gestão de riscos compreende a avaliação de riscos e análise e da implementação de estratégias e acções específicas para controlar, reduzir e transferir riscos (redução de riscos). É bastante praticada por organizações para minimizar o risco nas decisões de investimento e para enfrentar os riscos operacionais, tais como de interrupção de negócios, falha de produção, danos ambientais, impactos sociais e danos causados pelo fogo e desastres naturais. A gestão de riscos é uma questão central para sectores tais como o de abastecimento de água, energia e agricultura, cuja produção é directamente afectado por eventos climáticos extremos.<br/><br/> | ||
+ | ==== [[Chile]] ==== | ||
+ | {{definition|Gestión del riesgo: Proceso social complejo que conduce al planeamiento y aplicación de políticas, estrategias, instrumentos y medidas orientadas a impedir, reducir, prever y controlar los efectos adversos de fenómenos peligrosos sobre la población, los bienes y servicios y el ambiente. <ref>[http://www.gorecoquimbo.gob.cl/gorecoquimbo/site/artic/20150511/asocfile/20150511104931/libro_guia_de_analisis_de_riesgos_naturales_para_el_ordenamiento_territorial_.pdf GUÍA ANÁLISIS DE RIESGOS NATURALES PARA EL ORDENAMIENTO TERRITORIAL Subsecretaría de Desarrollo Regional y Administrativo (SUBDERE) Primera Edición, Junio 2011]</ref>}}Acciones integradas de reducción de riesgos a través de actividades de prevención, mitigación, preparación para, y atención de emergencias y recuperación post impacto. <br/><br/> | ||
+ | |||
+ | ==== [[Colombia]] ==== | ||
+ | {{definition|Manejo de Riesgos: Actividades integradas para evitar o mitigar los efectos adversos en las personas, los bienes, los servicios y el medio ambiente, mediante la planeación de la prevención y la preparación para la atención de la población potencialmente afectada. <ref>[https://www.policia.gov.co/glosario Glosario Policia Colombia]</ref>}}<br /> | ||
+ | {{definition|Administratión del Riesgo: Conjunto de elementos de control que al interrelacionarse, permiten a la Institución evaluar aquellos eventos negativos tanto internos como externos, que pueden afectar o impedir el logro de sus objetivos institucionales o los eventos positivos, que permiten identificar oportunidades para un mejor cumplimiento de su función. <ref>[https://www.policia.gov.co/glosario Glosario Policia Colombia]</ref>}}<br /><br/> | ||
+ | ====[[Cuba]]==== | ||
+ | {{definition|Gestión del Riesgo: Aproximación sistemática, basada en la valoración de las amenazas y las vulnerabilidades, para la determinación de las contra-medidas necesarias para la protección de la información o los servicios y recursos que la soportan. <ref>[http://www.cscuba.cu/es/glosario-de-terminos/A Glossary of Cyber terms/Glosario de términos, Centro de Seguridad del Ciberespacio]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Czech Republic]] ==== | ||
+ | {{definition|Řízení rizik: Koordinované činnosti pro vedení a řízení organizace s ohledem na rizika. <ref> [http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)]</ref> <br/><br/>Risk management are coordinated activities to manage and control an organization in view of the [[Risk|risks]]. <ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} | ||
+ | <br /><br/> | ||
+ | ==== [[El Salvador]] ==== | ||
+ | {{definition|Gestión de riesgos: Proceso social complejo que conduce al planeamiento y aplicación de políticas, estrategias, instrumentos y medidas orientadas a impedir, reducir, prever y controlar los efectos adversos de fenómenos peligrosos sobre la población, los bienes y servicios y el ambiente. Acciones integradas de reducción de riesgos a través de actividades de prevención, mitigación, preparación para, y atención de emergencias y recuperación post impacto.<ref>[http://www.marn.gob.sv/glosario-de-riesgo/ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador]</ref>}}<br/><br/> | ||
+ | |||
+ | ====[[Finland]]==== | ||
+ | {{definition|Riskienhallinta: järjestelmällinen toiminta, joka sisältää riskianalyysin sekä tarvittavien toimenpiteiden suunnittelun, toteutuksen, seurannan ja korjaavat toimenpiteet.<br/><br/>Risk management is a systematic action which includes [[Risk Analysis|risk analysis]] as well as the planning, execution and follow-up of operations needed and the corrective operations. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /><br/> | ||
+ | ==== [[Gambia]] ==== | ||
+ | {{definition|Risk management: Set of coordinated activities to direct and control an organization with regard to [[risk]]. <ref>[http://www.moici.gov.gm/sites/default/files/2019-09/20160726%20Gambia%20Strategy%20-%20Cybersecurity%20Strategy_final_with_Gambia_cover_page.pdf THE GAMBIA NATIONAL CYBERSECURITY STRATEGY (2019)]</ref>}}<br /><br/> | ||
+ | |||
+ | ==== [[Germany]] ==== | ||
+ | {{definition|The totality of measures to minimise the [[risk]] situation, weighing up the strategic alternatives (optional courses of action) in consultation with the parties concerned and according due consideration to the [[Risk Assessment]] and other factors worthy of consideration. <ref>[http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.]</ref>}} | ||
+ | <br /> | ||
+ | {{definition|Risikomanagement: Kontinuierlich ablaufendes, systematisches Verfahren zum zielgerichteten Umgang mit [[Risk|Risiken]], das die Analyse und Bewertung von Risiken sowie die Planung und Umsetzung von Maßnahmen, insbesondere zur Risikovermeidung, -minimierung und -akzeptanz, beinhaltet. <ref>[http://www.bbk.bund.de/SharedDocs/Downloads/BBK/DE/Publikationen/Praxis_Bevoelkerungsschutz/Band_8_Praxis_BS_BBK_Glossar.pdf Glossar BBK]</ref>}}<br/> | ||
+ | ====[[Germany]]==== | ||
+ | {{definition|Risikomanagement: alle Aktivitäten mit Bezug auf die strategische und operative Behandlung von Risiken bezeichnet, also alle Tätigkeiten, um Risiken für eine Institution zu identifizieren, zu steuern und zu kontrollieren. <ref>[https://www.bsi.bund.de/DE/Themen/Cyber-Sicherheit/Empfehlungen/cyberglossar/Functions/glossar.html?cms_lv2=9817306 BSI Glossary]</ref>}} <br /><br/> | ||
+ | |||
+ | ==== [[Guatemala]] ==== | ||
+ | {{definition|Gestión de Riesgos: Estrategias de prevención, preparación, mitigación, respuesta y recuperación ante eventos de orden natural o antropogénico, social y tecnológico, que puedan afectar a la población, sus bienes y entorno. <ref>[http://stcns.gob.gt/docs/2016/Plan_Estrategico/PESN%202016-2020.pdf Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala]</ref>}}<br/><br/> | ||
+ | |||
+ | ====[[India]]==== | ||
+ | {{definition|Risk management ''(in ICT)'' is the total process of identifying, controlling, and eliminating or minimizing uncertain [[event|events]] that may affect IT system resources. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /> | ||
+ | {{definition|Risk Management: The systematic approach and practice of managing uncertainty to minimize potential harm and loss. <ref>[https://ndma.gov.in/images/policyplan/dmplan/National%20Disaster%20Management%20Plan%20May%202016.pdf National Disaster Management Plan (NDMP)- (2016)]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Ireland]] ==== | ||
+ | {{definition|Risk management are actions taken to reduce the probability of an [[event]] occurring or to mitigate its [[Consequence|consequences]]. <ref>[http://www.justice.ie/en/JELR/Appendices2D.pdf/Files/Appendices2D.pdf A FRAMEWORK FOR MAJOR EMERGENCY MANAGEMENT (APPENDICES)]</ref>}} <br /><br/> | ||
+ | |||
+ | ==== [[Japan]] ==== | ||
+ | {{definition|リスク管理 : システム資源に影響を与える可能性がある不確実なイベントを識別、統制し、根絶もしくは最小化する過程. <br/><br/>(Cyber) Risk management is the process of identifying, controlling, and eliminating or minimizing uncertain [[event|events]] that may affect system resources. <ref>[http://www.ipa.go.jp/security/rfc/RFC2828EN.html RFC2828 (Japanese translation) ]</ref>}}<br/> | ||
+ | {{definition|(リスク管理 : リスクを特定、アセスメントし、リスクに対応するプロセス。 <ref>[https://www.ipa.go.jp/files/000038957.pdf 重要インフラのサイバーセキュリティを 向上させるためのフレームワーク (2014)]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Kiribati]] ==== | ||
+ | {{definition|Babaire aika a kakatauraoaki imwain kanganga aika a kona na riki ni irekereke ma bibitakin kanoan te bong. <ref>[http://www.president.gov.ki/wp-content/uploads/2014/08/KAPII-Bi-Lingual-Glossary-CLIMATE-CHANGE-TERMS.pdf Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008]</ref><br/><br/>Risk management involves doing conscious, planned activities to address climate risk. }}<br/><br/> | ||
+ | ====[[Kuwait]]==== | ||
+ | {{definition|دارة املخاطر:هي عملية م�صتمرة لتحديد املخاطر املحتملة وحتليلها وتقييم مدى تأثريها وإبقائها عند م�صتوى مقبول، وهي عملية متكن امل ؤ�ص�صات من حتديد ال�صيا�صات وال�صوابط الأكرث تكيفا مع حماية أ�صول امل ؤ�ص�صة. <ref>[https://citra.gov.kw/sites/ar/LegalReferences/Cyber%20Security.pdf الاستراتيجية الوطنية للأمن السيبراني لدولة الكويت (2017-2020)]</ref><br/><br/>Risk management: it is a continuous process of identifying potential risks, analysis and evaluation of their impact and maintained the risk at an acceptable level. Risk management enables organizations to define policies and controls which are the most likely to protect the assets. <ref>[https://citra.gov.kw/sites/en/LegalReferences/English%20Cyber%20Security%20Strategy.pdf National Cyber Security Strategy 2017-2020]</ref>}} | ||
+ | <br /><br/> | ||
+ | |||
+ | ==== [[Liberia]] ==== | ||
+ | {{definition|Risk Management: Identifying vulnerabilities in a network and developing a strategy to protect against attack. <ref>[http://www.lta.gov.lr/doc/ICT%20_%20Telecom%20Policy%20Main%20Body.pdf Government of Liberia’s Policy for the Telecommunications and Information Communications Technology (ICT) sectors]</ref>}}<br /><br /> | ||
+ | ==== [[Luxembourg]] ==== | ||
+ | {{definition|Gestion des risques: Activités coordonnées dans le but de diriger et piloter une organisation en prenant en compte les risques. <ref>[https://cybersecurite.public.lu/fr/glossaire.html Glossaire]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Netherlands]]==== | ||
+ | {{definition|Risicomanagement: inzichtelijk en systematisch inventariseren, beoordelen en – door het treffen van maatregelen – beheersbaar maken van [[risk|risico’s]] en kansen, die het bereiken van de doelstellingen van de organisatie bedreigen dan wel bevorderen, op een zodanige wijze dat verantwoording kan worden afgelegd over de gemaakte keuzes. <ref>[https://wetten.overheid.nl/BWBR0033512 Beveiligingsvoorschrift Rijksdienst 2013]</ref>}}<br/> | ||
+ | |||
+ | {{definition|Risk management is the process that aims to identify and control the [[risk]].<br/><br/>Risicomanagement is het proces dat beoogt risico's te inventariseren en te beheersen. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref>}}<br/> | ||
+ | |||
+ | {{definition|[HEALTH sector]<br/>Risico management/manipulatie: Het proces van afweging van beleidsalternatieven om geschatte risico’s te accepteren, minimaliseren of reduceren en de geschikte mogelijkheden te selecteren en uitvoeren. <br/><br/>Risk management: The process of weighing policy alternatives to accept, minimize or reduce assessed [[Risk|risks]] and to select and implement appropriate options. <ref>[https://www.medischcontact.nl/web/file?uuid=56770c4f-4440-4b02-b568-177eb7b1ab9f&owner=1e836119-cfd1-4e33-a731-da3efbb2a701&contentid=23865 Patiëntveiligheid Definitielijst (2005)]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[New Zealand]]/[[AOTEAROA]] ==== | ||
+ | {{definition|Risk management is the process of analysing exposure to [[risk]], and determining how to manage that exposure. <ref name="CIMS">[http://www.civildefence.govt.nz/assets/Uploads/publications/CIMS-2nd-edition.pdf The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)]</ref>}} | ||
+ | The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk).<br /><br/> | ||
+ | |||
+ | ==== [[Norway]] ==== | ||
+ | {{definition|Risikostyring er hele prosessen med å definere hvilke områder og uønskede hendelser man skal gjøre risikoanalyser av, gjennomføre risikoanalysene, evaluere risikoresultatene (om risikonivået er forsvarlig eller ikke) og iverksette eventuelle risikoreduserende tiltak. <ref>[https://www.dsb.no/globalassets/dokumenter/rapporter/nrb_2014.pdf DSB, National Risikobild 2014]</ref><br/><br/>Risk management is the entire process of defining in what areas and for what adverse [[Event|events]] [[Risk Analysis|risk analyses]] should be conducted, conducting the risk analyses, evaluating the risk results (whether the level of [[risk]] is justifiable or not) and implementing any risk-reduction measures. <ref>[http://www.dsbinfo.no/DSBno/2015/Andre/NationalRiskAnalysis2014/ DSB, National Risk Analysis 2014]</ref>}}<br/><br/> | ||
+ | ==== [[Peru]] ==== | ||
+ | {{definition|Gestión del Riesgo de Desastres (GRD): Es un proceso social cuyo fin último es la prevención, la reducción y el control permanente de los factores de riesgo de desastre en la sociedad, así como la adecuada preparación y respuesta ante situaciones de desastre, considerando las políticas nacionales con especial énfasis en aquellas relativas a material económica, ambiental, de seguridad, defensa nacional y territorial de manera sostenible. <ref>[http://dimse.cenepred.gob.pe/simse/cenepred/docs/glosario-terminos-grd-cenepred.pdf El Centro Nacional de Estimación, Prevención y Reducción del Riesgo de Desastres - CENEPRED, Glosario de Términos, Peru]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Philippines]] ==== | ||
+ | {{definition|Risk Management: The process of managing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/> | ||
+ | {{definition|Risk Management: The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: 1. the conduct of a risk assessment; 2. the implementation of a risk mitigation strategy; and 3. Employment of techniques and procedures for the continuous monitoring of the security state of the information system. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/> | ||
+ | {{definition|Risk Management is the process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/> | ||
+ | {{definition|Risk Management: The identification, analysis, assessment, control, and avoidance, minimisation, or elimination of unacceptable risks. <ref>[https://digital.nhs.uk/services/data-and-cyber-security-protecting-information-and-data-in-health-and-care/cyber-and-data-security-policy-and-good-practice-in-health-and-care/cyber-and-data-security-resources/cyber-security-glossary NHS Cyber security glossary]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Poland]] ==== | ||
+ | {{definition|Zarządzanie ryzykiem – skoordynowane działania w zakresie zarządzania [[Cyber Security|cyberbezpieczeństwem]] w odniesieniu do oszacowanego [[Risk|ryzyka]]. <ref name=Poland>[http://bip.kprm.gov.pl/download/75/30991/RM-10-64-18.pdf U S TAWA z dnia o krajowym systemie cyberbezpieczeństwa / Polish (draft) law on the national cybersecurity system (2018)]</ref>}}<br /> | ||
+ | |||
+ | ====[[Portugal]] ==== | ||
+ | {{definition|[Definição]Tratamento do Risco: Atenuação, eliminação, redução (mediante uma combinação adequada de medidas técnicas, materiais, organizativas e processuais), transferência ou monitorização do risco. <ref>[https://www.cncs.gov.pt/recursos/glossario/ Glossário Centro National de Cibersegurança Portugal]</ref>}}<br /><br/> | ||
+ | ==== [[Republic of Trinidad & Tobago]] ==== | ||
+ | {{definition|The systematic approach and practice of managing uncertainty to minimize potential [[harm]] and loss. <ref>[http://www.odpm.gov.tt/sites/default/files/Comprehensive%20Disaster%20Management%20Policy%20Framework%20for%20Trinidad%20and%20Tobago.pdf Comprehensive Disaster Management Policy Framework for Trinidad and Tobago]</ref>}}<br /> | ||
+ | ==== [[Romania]] ==== | ||
+ | {{definition|Managementul riscurilor: Proces sistematic şi riguros de identificare, analiză, planificare, control şi comunicare a riscurilor. Fiecare risc identificat trece, secvenţial, prin celelalte funcţiuni, în mod continuu, concurent şi iterativ. <ref>[http://www.editura.mai.gov.ro/documente/biblioteca/2006/Glosar%20de%20termeni%20din%20domeniul%20ordinii%20publice/GLOSAR%20OP.pdf GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE]</ref>}}Riscurile sunt uzual urmărite, în paralel cu identificarea şi analizarea unora noi, iar planurile de atenuare pentru un risc pot conduce la descoperirea altor riscuri. <br/><br/>{{definition|Risk management (''in ICT'') is a complex, continuous and flexible identification, evaluation and fighting of [[Cyber Security|cyber security]] [[Risk|risks]], based on the use of complex tools and techniques to prevent losses of any kind.<br/><br/>Managementul riscului: un proces complex, continuu şi flexibil de identificare, evaluare şi contracarare a riscurilor la adresa securităţii cibernetice, bazat pe utilizarea unor tehnici şi instrumente complexe, pentru prevenirea pierderilor de orice natură. <ref>[https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/StrategiaDeSecuritateCiberneticaARomaniei.pdf Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică]</ref>}} <br /><br/> | ||
+ | |||
+ | ==== [[Serbia]] ==== | ||
+ | {{definition|управљање ризиком је систематичан скуп мера који укључује планирање, организовање и усмеравање активности како би се обезбедило да ризици остану у прописаним и прихватљивим оквирима. <ref>[http://www.parlament.gov.rs/upload/archive/files/cir/pdf/predlozi_zakona/3515-15.pdf ЗАКОН О ИНФОРМАЦИОНОЈ БЕЗБЕДНОСТИ (Law on Information Security), Serbia]</ref>}}<br><br> | ||
+ | |||
+ | ====[[Singapore]] ==== | ||
+ | {{definition|Risk Management: Coordinated activities to direct and control an organisation with regard to risk. <ref>[https://www.cscollege.gov.sg/Knowledge/Documents/eBooks/Foresight--A%20Glossary.pdf Foresight: A Glossary, Civil Service College, Singapore]</ref>}}<br /><br/> | ||
+ | ==== [[Spain]] ==== | ||
+ | {{definition|Gestión de Riesgos: Actividades coordinadas para dirigir y controlar una organización con respecto a los riesgos. <ref>[https://publicaciones.defensa.gob.es/media/downloadable/files/links/c/e/ce_149.pdf CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)]</ref>}}<br/> | ||
+ | {{definition|Gestión del riesgo (Risk Management): (OTAN) Aproximación sistemática, basada en la valoración de las amenazas y las vulnerabilidades, para la determinación de las contra-medidas necesarias para la protección de la información o los servicios y recursos que la soportan. <ref>[https://publicaciones.defensa.gob.es/media/downloadable/files/links/c/e/ce_149.pdf CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)]</ref>}}<br/><br/> | ||
+ | ==== [[Switzerland]]==== | ||
+ | {{definition|Unter Risikomanagement werden die koordinierten Aktivitäten zur Steuerung und Lenkung einer Organisation in Bezug auf [[risk|Risiken]], d. h. auf Auswirkungen von Unsicherheiten auf die Ziele der Organisation verstanden. <ref>[http://www.bevoelkerungsschutz.admin.ch/internet/bs/de/home/themen/ski/leitfaden.parsysrelated1.85483.DownloadFile.tmp/leitfadenski2015de.pdf Leitfaden Schutz kritischer Infrastrukturen 2015 pointing at ISO 31000]</ref>}} <br/> | ||
+ | {{definition|On entend par gestion des risques l’ensemble des activités coordonnées dans le but de diriger et d’orienter une organisation par rapport aux risques, c.-à-d. par rapport aux conséquences que peuvent avoir les incertitudes sur les objectifs de l’organisation. <ref>[http://www.bevoelkerungsschutz.admin.ch/internet/bs/fr/home/themen/ski/aktuell.parsys.56506.DownloadFile.tmp/leitfadenski2015fr.pdf Guide pour la protection des infrastructures critiques 2015/Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013]</ref>}} <br/><br/> | ||
+ | |||
+ | ==== [[United Arab Emirates]] ==== | ||
+ | {{definition|Risk Management: The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects (HB167: 2006 Security Risk Management). <ref>[http://www.upc.gov.ae/sspm/common/docs/SSPM-UPC-Eng.pdf Abu Dhabi Safety and Security Planning Manual]</ref>}}<br/><br /> | ||
+ | |||
+ | ====[[United Kingdom|United Kingdom (UK)]]==== | ||
+ | {{definition|Risk Management is all activities and structures directed towards the effective assessment and management of [[Risk|risks]] and their potential adverse [[Impact|impacts]]. <ref>[https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref><br/><br/>Risk Management is a process of identifying, understanding, managing, controlling, monitoring and communicating [[risk]]. <ref>[https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/78902/section-a-natural-hazards-infrastructure.pdf Cabinet Office, Section A: Introduction, Definitions and Principles of Infrastructure Resilience n.d.]</ref> <br /><br />Risk Management is putting in place plans to avoid unacceptable [[Consequence|consequences]] of [[Risk|risks]]. <ref>[https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/209866/pb13942-nap-20130701.pdf The National Adaptation Programme: Making the country resilient to a changing climate, UK Government (2013)]</ref>}} <br /><br/> | ||
+ | |||
+ | ====[[United States]]==== | ||
+ | =====[[DHS]]===== | ||
+ | {{definition|Process of identifying, analyzing, and communicating [[risk]] and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost. <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}}<br/> | ||
+ | |||
+ | =====[[NIST]]===== | ||
+ | {{definition|Prioritizing, evaluating, and implementing the appropriate risk-reducing [[control|controls]]/[[countermeasure|countermeasures]] recommended from the risk management process. (Source: CNSSI-4009; NIST SP 800-30; NIST SP 800-39)}}<br/> | ||
+ | {{definition|The program and supporting processes to manage [[Information Security|information security]] [[risk]] to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, and includes: (i) establishing the context for risk-related activities; (ii) assessing risk; (iii) responding to risk once determined; and (iv) monitoring risk over time <ref>[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)]</ref>}}<br/> | ||
+ | =====[[US-CERT]]===== | ||
+ | {{definition| The purpose of risk management is to identify, analyze, and mitigate [[Risk|risks]] to critical service and IT assets that could adversely affect the operation and delivery of services. <ref name="USCERT">[https://www.us-cert.gov/sites/default/files/c3vp/csc-crr-method-description-and-user-guide.pdf Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)]</ref>}}<br /> | ||
+ | ===== [[White House]] ===== | ||
+ | {{definition|Cybersecurity risk management comprises the full range of activities undertaken to protect IT and data from unauthorized access and other cyber threats, to maintain awareness of cyber threats, to detect anomalies and incidents adversely affecting IT and data, and to mitigate the impact of, respond to, and recover from incidents. <ref>[https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-cybersecurity-federal Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (May 11, 2017]</ref>}}Information sharing facilitates and supports all of these activities. <br /><br/> | ||
===Standard Definition=== | ===Standard Definition=== | ||
− | ==== ISO/IEC 27000:2014 ==== | + | ====[[IETF]]==== |
− | + | {{definition|The process of identifying, measuring, and controlling (i.e., mitigating) [[Risk|risks]] in information systems so as to reduce the risks to a level commensurate with the value of the [[Asset|assets]] protected. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br /> | |
− | Risk management process is the systematic application of management policies, procedures and practices to the activities of | + | ==== [[ISO|ISO/IEC 27000:2014, ISO 31000:2009 and ISO 22301:2012]] ==== |
+ | <big>These standards defines risk management as:</big> | ||
+ | {{definition|Risk amangement: Coordinated activities to direct and control an organization with regard to [[Risk|risk.]] <ref name="ISO27000-14">[http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09">[http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref> <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=50038 ISO 22301:2012 Societal security -- Business continuity management systems --- Requirements]</ref>)}}Definition is based on the ISO Guide 73:2009. <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref><br/> | ||
+ | ''Risk management process'' is the systematic application of management policies, procedures and practices to the activities of | ||
communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, | communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, | ||
− | monitoring and reviewing [[risk]] | + | monitoring and reviewing [[risk]]. <ref name="ISO27000-14">[http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> (based on the ISO Guide 73:2009 <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.<br /><br/> |
− | the risk management process are termed ‘activities’. | ||
+ | === [[Dictionary]]=== | ||
+ | {{definition|Risicomanagement: Een continu proces waarbij bedrijfsrisico's voortdurend worden bewaakt. Onderdelen van dit proces zijn bijvoorbeeld het identifi�ceren, evalueren, prioriteren van risico’s en het nemen van maatregelen (accepteren, mitigeren, overdragen of vermijden). <ref>[https://www.cybersecurityalliantie.nl/ecp_images/2021/12/Cybersecurity-Woordenboek-2021_ZonderSpreads.pdf Cybersecurity Woordenboek 2021]</ref>}}<br/><br/> | ||
+ | {{#set:defined by=Dictionary}} | ||
==See also== | ==See also== | ||
Line 25: | Line 182: | ||
* [[Risk Analysis]] | * [[Risk Analysis]] | ||
* [[Risk Assessment]] | * [[Risk Assessment]] | ||
+ | * [[Risk Identification]] | ||
* [[Risk Transfer]] | * [[Risk Transfer]] | ||
* [[Risk Treatment]] | * [[Risk Treatment]] | ||
− | * [[Mitigation]] | + | * [[Risk Mitigation]] |
==Notes== | ==Notes== | ||
+ | |||
+ | ==References== | ||
<references /> | <references /> | ||
− | |||
− | |||
− | |||
− | [[Category: | + | [[Category:Risk]] |
+ | {{#set:defined by=Council of Europe|defined by=EU|defined by=ENISA|defined by=NATO|defined by=UNISDR|defined by=Argentina|defined by=Australia|defined by=Canada|defined by=Cape Verde|defined by=Chile|defined by=Colombia|defined by=Cuba|defined by=Czech Republic|defined by=El Salvador|defined by=Finland|defined by=Gambia|defined by=Germany|defined by=Guatemala|defined by=India|defined by=Ireland|defined by=Japan|defined by=Kiribati|defined by=Kuwait|defined by=Liberia|defined by=Luxembourg|defined by=Netherlands|defined by=New Zealand|defined by=Norway|defined by=Peru|defined by=Philippines|defined by=Poland|defined by=Portugal|defined by=Republic of Trinidad & Tobago|defined by=Romania|defined by=Serbia|defined by=Singapore|defined by=Spain|defined by=Switzerland|defined by=United Arab Emirates|defined by=United Kingdom|defined by=United States|defined by=ISO|defined by=NIST|defined by=White House|defined by=IETF|defined by=Caricom|defined by=US-CERT}} | ||
+ | {{#set: Showmainpage=Yes}} |
Latest revision as of 11:25, 1 April 2024
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 Other International Definitions
- 1.3 National Definitions
- 1.3.1 Argentina
- 1.3.2 Australia
- 1.3.3 Canada
- 1.3.4 Cape Verde
- 1.3.5 Chile
- 1.3.6 Colombia
- 1.3.7 Cuba
- 1.3.8 Czech Republic
- 1.3.9 El Salvador
- 1.3.10 Finland
- 1.3.11 Gambia
- 1.3.12 Germany
- 1.3.13 Germany
- 1.3.14 Guatemala
- 1.3.15 India
- 1.3.16 Ireland
- 1.3.17 Japan
- 1.3.18 Kiribati
- 1.3.19 Kuwait
- 1.3.20 Liberia
- 1.3.21 Luxembourg
- 1.3.22 Netherlands
- 1.3.23 New Zealand/AOTEAROA
- 1.3.24 Norway
- 1.3.25 Peru
- 1.3.26 Philippines
- 1.3.27 Poland
- 1.3.28 Portugal
- 1.3.29 Republic of Trinidad & Tobago
- 1.3.30 Romania
- 1.3.31 Serbia
- 1.3.32 Singapore
- 1.3.33 Spain
- 1.3.34 Switzerland
- 1.3.35 United Arab Emirates
- 1.3.36 United Kingdom (UK)
- 1.3.37 United States
- 1.4 Standard Definition
- 1.5 Dictionary
- 2 See also
- 3 Notes
- 4 References
Definitions
European Definitions
Council of Europe
EU
ENISA
Other International Definitions
CARICOM
NATO CEP / EAPC
UNISDR
According to UNISDR, risk management comprises risk assessment and analysis, and the implementation of strategies and specific actions to control, reduce and transfer risks. It is widely practiced by organizations to minimise risk in investment decisions and to address operational risks such as those of business disruption, production failure, environmental damage, social impacts and damage from fire and natural hazards. Risk management is a core issue for sectors such as water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.
رويكردي نظامند و به كاربستن مديريت عدم قطعيت براي به حداقل رساندن بالقوه آسيب و زيان
National Definitions
Argentina
NOTA. La gestión de riesgos usualmente incluye la evaluación de riesgos, el tratamiento de riesgos, la aceptación de riesgos y la comunicación de riesgos.
Australia
Canada
Gestion des risques: Recours à des politiques, à des pratiques et à des ressources pour analyser, évaluer et contrôler les risques pour la santé, la sécurité, l’environnement et l’économie. [19] [20]
Cape Verde
A gestão de riscos compreende a avaliação de riscos e análise e da implementação de estratégias e acções específicas para controlar, reduzir e transferir riscos (redução de riscos). É bastante praticada por organizações para minimizar o risco nas decisões de investimento e para enfrentar os riscos operacionais, tais como de interrupção de negócios, falha de produção, danos ambientais, impactos sociais e danos causados pelo fogo e desastres naturais. A gestão de riscos é uma questão central para sectores tais como o de abastecimento de água, energia e agricultura, cuja produção é directamente afectado por eventos climáticos extremos.
Chile
Acciones integradas de reducción de riesgos a través de actividades de prevención, mitigación, preparación para, y atención de emergencias y recuperación post impacto.
Colombia
Cuba
Czech Republic
Risk management are coordinated activities to manage and control an organization in view of the risks. [28]
El Salvador
Finland
Risk management is a systematic action which includes risk analysis as well as the planning, execution and follow-up of operations needed and the corrective operations. -unofficial translation- [30]
Gambia
Germany
Germany
Guatemala
India
Ireland
Japan
(Cyber) Risk management is the process of identifying, controlling, and eliminating or minimizing uncertain events that may affect system resources. [39]
Kiribati
Risk management involves doing conscious, planned activities to address climate risk.
Kuwait
Risk management: it is a continuous process of identifying potential risks, analysis and evaluation of their impact and maintained the risk at an acceptable level. Risk management enables organizations to define policies and controls which are the most likely to protect the assets. [43]
Liberia
Luxembourg
Netherlands
Risicomanagement is het proces dat beoogt risico's te inventariseren en te beheersen. [47]
Risico management/manipulatie: Het proces van afweging van beleidsalternatieven om geschatte risico’s te accepteren, minimaliseren of reduceren en de geschikte mogelijkheden te selecteren en uitvoeren.
Risk management: The process of weighing policy alternatives to accept, minimize or reduce assessed risks and to select and implement appropriate options. [48]
New Zealand/AOTEAROA
The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk).
Norway
Risk management is the entire process of defining in what areas and for what adverse events risk analyses should be conducted, conducting the risk analyses, evaluating the risk results (whether the level of risk is justifiable or not) and implementing any risk-reduction measures. [51]
Peru
Philippines
Poland
Portugal
Republic of Trinidad & Tobago
Romania
Riscurile sunt uzual urmărite, în paralel cu identificarea şi analizarea unora noi, iar planurile de atenuare pentru un risc pot conduce la descoperirea altor riscuri.
Managementul riscului: un proces complex, continuu şi flexibil de identificare, evaluare şi contracarare a riscurilor la adresa securităţii cibernetice, bazat pe utilizarea unor tehnici şi instrumente complexe, pentru prevenirea pierderilor de orice natură. [61]
Serbia
Singapore
Spain
Switzerland
United Arab Emirates
United Kingdom (UK)
Risk Management is a process of identifying, understanding, managing, controlling, monitoring and communicating risk. [70]
Risk Management is putting in place plans to avoid unacceptable consequences of risks. [71]
United States
DHS
NIST
US-CERT
White House
Information sharing facilitates and supports all of these activities.
Standard Definition
IETF
ISO/IEC 27000:2014, ISO 31000:2009 and ISO 22301:2012
These standards defines risk management as:
Definition is based on the ISO Guide 73:2009. [80]
Risk management process is the systematic application of management policies, procedures and practices to the activities of
communicating, consulting, establishing the context and identifying, analysing, evaluating, treating,
monitoring and reviewing risk. [77] (based on the ISO Guide 73:2009 [80]). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.
Dictionary
See also
- Disaster Risk
- Risk Analysis
- Risk Assessment
- Risk Identification
- Risk Transfer
- Risk Treatment
- Risk Mitigation
Notes
References
- ↑ GLOSSAIRE MULTILINGUE DE LA GESTION DU RISQUE pour usagers francophones (2007)/European Centre of Technological Safety (TESEC) - TESEC-EUR-OPA 2001)
- ↑ European Commission's CBRN Glossary, 2012
- ↑ ENISA Risk Glossary
- ↑ Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
- ↑ NATO EAPC(SCEPC) lexicon.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary in Bahasa
- ↑ UNISDR glossary in Malay
- ↑ UNISDR glossary in Tagalog
- ↑ Internationally agreed glossary of basic terms related to Disaster Management in Farsi
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Australia AS NZS 5050 (2010)
- ↑ ADAPTATION TO CLIMATE CHANGE: KEY TERMS, E. Levina and D. Terpak, OECD (2006) - derived from (Australian Greenhouse Office. 2003)
- ↑ An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Guide Analyse de risques d'accidents technologiques majeurs (2002)
- ↑ Avaliação das Necessidades Pós- Desastre (PDNA) ERUPÇÃO VULCÂNICA NO FOGO 2014-2015, Cape Verde
- ↑ GUÍA ANÁLISIS DE RIESGOS NATURALES PARA EL ORDENAMIENTO TERRITORIAL Subsecretaría de Desarrollo Regional y Administrativo (SUBDERE) Primera Edición, Junio 2011
- ↑ Glosario Policia Colombia
- ↑ Glosario Policia Colombia
- ↑ Glossary of Cyber terms/Glosario de términos, Centro de Seguridad del Ciberespacio
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ THE GAMBIA NATIONAL CYBERSECURITY STRATEGY (2019)
- ↑ Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
- ↑ Glossar BBK
- ↑ BSI Glossary
- ↑ Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ National Disaster Management Plan (NDMP)- (2016)
- ↑ A FRAMEWORK FOR MAJOR EMERGENCY MANAGEMENT (APPENDICES)
- ↑ RFC2828 (Japanese translation)
- ↑ 重要インフラのサイバーセキュリティを 向上させるためのフレームワーク (2014)
- ↑ Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008
- ↑ الاستراتيجية الوطنية للأمن السيبراني لدولة الكويت (2017-2020)
- ↑ National Cyber Security Strategy 2017-2020
- ↑ Government of Liberia’s Policy for the Telecommunications and Information Communications Technology (ICT) sectors
- ↑ Glossaire
- ↑ Beveiligingsvoorschrift Rijksdienst 2013
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ Patiëntveiligheid Definitielijst (2005)
- ↑ The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)
- ↑ DSB, National Risikobild 2014
- ↑ DSB, National Risk Analysis 2014
- ↑ El Centro Nacional de Estimación, Prevención y Reducción del Riesgo de Desastres - CENEPRED, Glosario de Términos, Peru
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ NHS Cyber security glossary
- ↑ U S TAWA z dnia o krajowym systemie cyberbezpieczeństwa / Polish (draft) law on the national cybersecurity system (2018)
- ↑ Glossário Centro National de Cibersegurança Portugal
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
- ↑ Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică
- ↑ ЗАКОН О ИНФОРМАЦИОНОЈ БЕЗБЕДНОСТИ (Law on Information Security), Serbia
- ↑ Foresight: A Glossary, Civil Service College, Singapore
- ↑ CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)
- ↑ CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)
- ↑ Leitfaden Schutz kritischer Infrastrukturen 2015 pointing at ISO 31000
- ↑ Guide pour la protection des infrastructures critiques 2015/Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
- ↑ Abu Dhabi Safety and Security Planning Manual
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ Cabinet Office, Section A: Introduction, Definitions and Principles of Infrastructure Resilience n.d.
- ↑ The National Adaptation Programme: Making the country resilient to a changing climate, UK Government (2013)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- ↑ Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
- ↑ Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (May 11, 2017
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ 77.0 77.1 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ ISO 22301:2012 Societal security -- Business continuity management systems --- Requirements
- ↑ 80.0 80.1 ISO Guide 73:2009 Risk management -- Vocabulary
- ↑ Cybersecurity Woordenboek 2021