Difference between revisions of "Residual Risk"
Jump to navigation
Jump to search
(→ISO/IEC 27000:2014 and ISO 31000:2009) |
|||
| Line 30: | Line 30: | ||
{{definition|The portion of an original [[risk]] or set of risks that remain after [[Countermeasure|countermeasures]] have been applied. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br /> | {{definition|The portion of an original [[risk]] or set of risks that remain after [[Countermeasure|countermeasures]] have been applied. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br /> | ||
==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ==== | ==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ==== | ||
| − | {{definition|[[Risk]] remaining after [[Risk Treatment|risk treatment]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>}} | + | {{definition|Residual risk is the [[Risk|risk]] remaining after [[Risk Treatment|risk treatment]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>}} |
<big> | <big> | ||
* Residual risk can contain unidentified risk. | * Residual risk can contain unidentified risk. | ||
Revision as of 20:33, 26 November 2016
Contents
Definitions
European Definitions
ENISA
ENISA uses the ISO definition, see below. [1]
Other International Definitions
UNISDR
The risk that remains in unmanaged form, even when effective disaster risk reduction measures are in place, and for which emergency response and recovery capacities must be maintained. [2]
According to UNISDR, the presence of residual risk implies a continuing need to develop and support effective capacities for emergency services, preparedness,response and recovery together with socio-economic policies such as safety nets and risk transfer mechanisms.
National Definitions
Canada
Risk that remains after implementing risk mitigation measures.
Risque qui subsiste après l’application de mesures d’atténuation du risque. [3]
Risque qui subsiste après l’application de mesures d’atténuation du risque. [3]
Czech Republic
Zbytkové riziko: Riziko, které zůstává i po aplikaci příslušných opatření. [4]
Residual risk is the risk remaining even after an application of the appropriate measures. [5]
Residual risk is the risk remaining even after an application of the appropriate measures. [5]
Japan
Switzerland
Restrisiko bezeichnet das Risiko, das nach Realisierung aller vorgesehenen Sicherheitsmassnahmen weiterhin verbleibt. [7]
On entend par « risque résiduel » le risque qui subsiste une fois que toutes les mesures de sécurité prévues ont été mises en oeuvre. [8]
È il rischio che rimane dopo l'adozione di tutte le misure di sicurezza previste. [9]
On entend par « risque résiduel » le risque qui subsiste une fois que toutes les mesures de sécurité prévues ont été mises en oeuvre. [8]
È il rischio che rimane dopo l'adozione di tutte le misure di sicurezza previste. [9]
United States
Standard Definition
IETF
The portion of an original risk or set of risks that remain after countermeasures have been applied. [11]
ISO/IEC 27000:2014 and ISO 31000:2009
- Residual risk can contain unidentified risk.
- Residual risk can also be known as “retained risk”.
See also
Notes
- ↑ ENISA Risk Glossary
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ RFC2828 (Japanese translation)
- ↑ Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
- ↑ Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
- ↑ Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
