Difference between revisions of "Risk Identification"
Jump to navigation
Jump to search
(→Standard Definition) |
(→ISO/IEC 27000:2014) |
||
Line 10: | Line 10: | ||
===Standard Definition=== | ===Standard Definition=== | ||
− | ==== ISO/IEC 27000:2014 ==== | + | ==== ISO/IEC 27000:2014 and ISO 31000:2009 ==== |
<big>The standard defines risk assessment as</big> | <big>The standard defines risk assessment as</big> | ||
− | {{definition|the "process of finding, recognizing and describing [[risk|risks]]" <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}} | + | {{definition|the "process of finding, recognizing and describing [[risk|risks]]" <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> and <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>.}}(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}} |
<big> | <big> | ||
* Risk identification involves the identification of risk sources, events, their causes and their potential consequences. | * Risk identification involves the identification of risk sources, events, their causes and their potential consequences. |
Revision as of 23:58, 14 July 2014
Contents
Definitions
European Definitions
Other International Definitions
National Definitions
Standard Definition
ISO/IEC 27000:2014 and ISO 31000:2009
The standard defines risk assessment as
(based on the ISO Guide 73:2009[3]).}}
- Risk identification involves the identification of risk sources, events, their causes and their potential consequences.
- Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholders’ needs.
See also