Difference between revisions of "Acceptable Risk"

From CIPedia
Jump to navigation Jump to search
Line 18: Line 18:
  
 
===Standard Definition===
 
===Standard Definition===
 +
====[[IETF]]====
 +
{{definition|A risk that is understood and tolerated by a system's user, operator, owner, or accreditor, usually because the cost or difficulty of implementing an effective countermeasure for the associated vulnerability exceeds the expectation of loss.<ref name="IETFrefs"> [https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br />
  
 
==See also==
 
==See also==
Line 30: Line 32:
  
 
[[Category:Risk]]
 
[[Category:Risk]]
{{#set:defined by=ENISA|defined by=UNISDR|defined by=Canada|defined by=United States|defined by=Ontario}}
+
{{#set:defined by=ENISA|defined by=UNISDR|defined by=Canada|defined by=United States|defined by=Ontario|defined by=IETF}}

Revision as of 16:13, 7 February 2016

Definitions

European Definitions

ENISA

Acceptable risk is the level of Residual Risk that has been determined to be a reasonable level of potential loss/disruption for a specific system. [1]


Other International Definitions

UNISDR

The level of potential losses that a society or community considers acceptable given existing social, economic, political, cultural, technical and environmental conditions. [2]

According to UNISDR, acceptable risk in engineering terms is also used to assess and define the structural and non-structural measures that are needed in order to reduce possible harm to people, property, services and systems to a chosen tolerated level, according to codes or “accepted practice” which are based on known probabilities of hazards and other factors.


National Definitions

Canada

Acceptable risk is the level of potential losses that a society or community considers acceptable given existing social, economic, political, cultural, technical and environmental conditions.

Risque acceptable: niveau de pertes potentielles jugées acceptables par une société ou une collectivité compte tenu de ses conditions sociales, économiques, politiques, culturelles, techniques et environnementales. [3]



United States

Acceptable risk is the level of risk at which, given costs and benefits associated with risk reduction measures, no action is deemed to be warranted at a given point in time. [4]



Standard Definition

IETF

A risk that is understood and tolerated by a system's user, operator, owner, or accreditor, usually because the cost or difficulty of implementing an effective countermeasure for the associated vulnerability exceeds the expectation of loss.[5]


See also

Notes