Difference between revisions of "Residual Risk"
Jump to navigation
Jump to search
| Line 23: | Line 23: | ||
===Standard Definition=== | ===Standard Definition=== | ||
| + | ====[[IETF]]==== | ||
| + | {{definition|The portion of an original [[risk]] or set of risks that remain after [[Countermeasure|countermeasures]] have been applied. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br /> | ||
==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ==== | ==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ==== | ||
{{definition|[[Risk]] remaining after [[Risk Treatment|risk treatment]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>}} | {{definition|[[Risk]] remaining after [[Risk Treatment|risk treatment]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>}} | ||
| Line 40: | Line 42: | ||
[[Category:Risk]] | [[Category:Risk]] | ||
| − | {{#set:defined by=ENISA|defined by=UNISDR|defined by=Canada|defined by=Czech Republic|defined by=Japan|defined by=United States|defined by=ISO}} | + | {{#set:defined by=ENISA|defined by=UNISDR|defined by=Canada|defined by=Czech Republic|defined by=Japan|defined by=United States|defined by=ISO|defined by=IETF}} |
Revision as of 17:34, 7 February 2016
Contents
Definitions
European Definitions
ENISA
ENISA uses the ISO definition, see below. [1]
Other International Definitions
UNISDR
The risk that remains in unmanaged form, even when effective disaster risk reduction measures are in place, and for which emergency response and recovery capacities must be maintained. [2]
According to UNISDR, the presence of residual risk implies a continuing need to develop and support effective capacities for emergency services, preparedness,response and recovery together with socio-economic policies such as safety nets and risk transfer mechanisms.
National Definitions
Canada
Risk that remains after implementing risk mitigation measures.
Risque qui subsiste après l’application de mesures d’atténuation du risque. [3]
Risque qui subsiste après l’application de mesures d’atténuation du risque. [3]
Czech Republic
Zbytkové riziko: Riziko, které zůstává i po aplikaci příslušných opatření. [4]
Residual risk is the risk remaining even after an application of the appropriate measures. [5]
Residual risk is the risk remaining even after an application of the appropriate measures. [5]
Japan
United States
Standard Definition
IETF
The portion of an original risk or set of risks that remain after countermeasures have been applied. [8]
ISO/IEC 27000:2014 and ISO 31000:2009
- Residual risk can contain unidentified risk.
- Residual risk can also be known as “retained risk”.
See also
Notes
- ↑ ENISA Risk Glossary
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ http://www.ipa.go.jp/security/rfc/RFC2828EN.html RFC2828 (Japanese translation)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
