Difference between revisions of "Residual Risk"

From CIPedia
Jump to navigation Jump to search
(Philippines)
Line 37: Line 37:
  
 
==== [[Philippines]] ====
 
==== [[Philippines]] ====
{{definition|Residual Risk: The remaining potential risk after all IT security measures are applied. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/><br/>  
+
{{definition|Residual Risk: The remaining potential risk after all IT security measures are applied. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/>
 +
{{definition|Residual Risk: The level of risk that remains after all efforts to mitigate and eliminate risk have been made.  <ref>[https://digital.nhs.uk/services/data-and-cyber-security-protecting-information-and-data-in-health-and-care/cyber-and-data-security-policy-and-good-practice-in-health-and-care/cyber-and-data-security-resources/cyber-security-glossary NHS Cyber security glossary]</ref>}}<br/><br/>
 +
 
 
====[[Portugal]] ====  
 
====[[Portugal]] ====  
 
{{definition|[Definição]Risco Residual: Risco que permanece após terem sido aplicadas medidas de segurança, dado que não é possível neutralizar todas as ameaças nem eliminar todas as vulnerabilidades.  <ref>[https://www.cncs.gov.pt/recursos/glossario/ Glossário Centro National de Cibersegurança Portugal]</ref>}}<br /><br/>
 
{{definition|[Definição]Risco Residual: Risco que permanece após terem sido aplicadas medidas de segurança, dado que não é possível neutralizar todas as ameaças nem eliminar todas as vulnerabilidades.  <ref>[https://www.cncs.gov.pt/recursos/glossario/ Glossário Centro National de Cibersegurança Portugal]</ref>}}<br /><br/>

Revision as of 23:24, 26 March 2019

Definitions

European Definitions

ENISA

ENISA uses the ISO definition, see below. [1]


Other International Definitions

UNISDR

The risk that remains in unmanaged form, even when effective disaster risk reduction measures are in place, and for which emergency response and recovery capacities must be maintained. [2]

According to UNISDR, the presence of residual risk implies a continuing need to develop and support effective capacities for emergency services, preparedness,response and recovery together with socio-economic policies such as safety nets and risk transfer mechanisms.

Risque résiduel: Les risques qui restent non gérés même si l’efficacité des mesures de réduction des risques de catastrophe est en place, et pour lesquels les interventions d’urgence et les capacités de récupération doivent être maintenues. [3]


Остаточный риск: Риск, который не поддается управлению даже после эффективной реализации мер по снижению риска, для противодействия которому необходимо сохранять потенциал реагирования и восстановления. [4]


Riesgo residual: El riesgo que todavía no se ha gestionado, aún cuando existan medidas eficaces para la reducción del riesgo de desastres y para los cuales se debe mantener las capacidades de respuesta de emergencia y de recuperación. [5]


المخاطر المتبقية : المخاطر التي لم يتم التحكم بها حتى بعد تطبيق الإجراءات الفعالة للحد من مخاطر الكوارث، والتي يجب المحافظة معها على قدرات الاستجابة والتعافي في حالات الطوارئ. [6]


Risiko Residual: Risiko yang tetap ada dalam bentuk yang tidak bisa dikelola, meskipun sudah ada langkahlangkah pengurangan risiko bencana yang efektif, dan yang mengharuskan tetap dijaganya kapasitas respons keadaan darurat dan pemulihan. [7]


Sisa Risiko: Risiko yang tertinggal dalam bentuk yang tidak diuruskan, walaupun tindakan pengurangan risiko bencana dilaksanakan, dan oleh sebab itu, respon kecemasan serta kapasiti pemulihan perlu dikekalkan. [8]


Mga Labing (Tirang) Peligro: Ang nalalabing peligro sa di-napamahalaang anyo (porma), kahit na mayruong mga hakbang sa pagbabawas ng peligro ng kalamidad, ay pagkakalooban pa rin ng pangkagipitang pagtugon at ang mga kakayahan sa pagrekober ay mamantinihin. [9]



National Definitions

Argentina

Riesgo residual: El riesgo que todavía no se ha gestionado, aun cuando existan medidas eficaces para la reducción del riesgo de desastres y para los cuales se debe mantener las capacidades de respuesta de emergencia y de recuperación. [10]




Australia

Residual risk: The remaining level of risk after any risk treatments have been implemented. [11]



Canada

Residual risk: risk that remains after implementing risk mitigation measures.

Risque résiduel: risque qui subsiste après l’application de mesures d’atténuation du risque. [12]



Risque résiduel: risque qui subsiste après la mise en œuvre de mesures de réduction des conséquences et des fréquences d’occurrence des accidents potentiels. [12]



Colombia

Riesgo Residual: Remanente después del Tratamiento del Riesgo. (GTC137 2011). Es aquel que permanece aún después de desarrolladas las acciones de tratamiento del riesgo. [13]

Capacidad total de riesgo que una organización está dispuesta a aceptar, tolerar o asumir en cualquier momento dado.

Czech Republic

Zbytkové riziko: Riziko, které zůstává i po aplikaci příslušných opatření. [14]

Residual risk is the risk remaining even after an application of the appropriate measures. [15]


Japan

残存リスク: 対策が適用された後に残るリスク.

The risk that remains after countermeasures have been applied. [16]



Luxembourg

Risque résiduel: Risque subsistant après le traitement des risques. [17]



Philippines

Residual Risk: The remaining potential risk after all IT security measures are applied. [18]


Residual Risk: The level of risk that remains after all efforts to mitigate and eliminate risk have been made. [19]



Portugal

[Definição]Risco Residual: Risco que permanece após terem sido aplicadas medidas de segurança, dado que não é possível neutralizar todas as ameaças nem eliminar todas as vulnerabilidades. [20]



Switzerland

Restrisiko bezeichnet das Risiko, das nach Realisierung aller vorgesehenen Sicherheitsmassnahmen weiterhin verbleibt. [21]

On entend par « risque résiduel » le risque qui subsiste une fois que toutes les mesures de sécurité prévues ont été mises en oeuvre. [22]

È il rischio che rimane dopo l'adozione di tutte le misure di sicurezza previste. [23]




United States

DHS
Residual risk is risk that remains after risk management measures have been implemented. [24]


NIST
The potential for the occurrence of an adverse event after adjusting for the impact of all in-place safeguards. (from: NIST SP 800-16) [25]


The remaining potential risk after all IT security measures are applied. (from: NIST SP 800-16) [25]

There is a Residual risk associated with each threat.

Standard Definition

IETF

The portion of an original risk or set of risks that remain after countermeasures have been applied. [26]


ISO/IEC 27000:2014 and ISO 31000:2009

Residual risk is the risk remaining after risk treatment. [27] [28]

  • Residual risk can contain unidentified risk.
  • Residual risk can also be known as “retained risk”.

See also

Notes

  1. ENISA Risk Glossary
  2. 2009 UNISDR Terminology on Disaster Risk Reduction
  3. UNISDR glossary
  4. UNISDR glossary
  5. UNISDR glossary
  6. UNISDR glossary
  7. UNISDR glossary in Bahasa
  8. UNISDR glossary in Malay
  9. UNISDR glossary in Tagalog
  10. SUBSECRETARÍA DE PROTECCIÓN CIVIL Y ABORDAJE INTEGRAL DE EMERGENCIAS Y CATÁSTROFES (1/2015)
  11. Protective Security Policy Framework - Glossary Oct 2017
  12. 12.0 12.1 Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012) Cite error: Invalid <ref> tag; name "canada" defined multiple times with different content
  13. Glosario Policia Colombia
  14. Výkladový slovník kybernetické bezpečnosti (2013)
  15. Výkladový slovník kybernetické bezpečnosti (2013)
  16. RFC2828 (Japanese translation)
  17. Glossaire
  18. DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
  19. NHS Cyber security glossary
  20. Glossário Centro National de Cibersegurança Portugal
  21. Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
  22. Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
  23. Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
  24. DHS Risk Lexicon 2010 Edition, September 2010
  25. 25.0 25.1 NIST Glossary
  26. IETF RFC449 Internet Security Glossary 2
  27. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  28. ISO/IEC 31000:2009, Risk management -- Principles and guidelines