Difference between revisions of "Risk"
Jump to navigation
Jump to search
(→Definitions) |
|||
| Line 1: | Line 1: | ||
==Definitions== | ==Definitions== | ||
=== European Definitions === | === European Definitions === | ||
| − | The probability of adverse [[effect|effects]] caused by a hazardous phenomenon or substance in an organism, a population, or an ecological system <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref>. | + | {{definition|The probability of adverse [[effect|effects]] caused by a hazardous phenomenon or substance in an organism, a population, or an ecological system <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref>.}} |
=== Other International Definitions === | === Other International Definitions === | ||
==== UNISDR ==== | ==== UNISDR ==== | ||
| − | The combination of the probability of an [[event]] and its negative [[consequence|consequences]] <ref>[http://www.unisdr.org/we/inform/terminology 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.]</ref>. | + | {{definition|The combination of the probability of an [[event]] and its negative [[consequence|consequences]] <ref>[http://www.unisdr.org/we/inform/terminology 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.]</ref>.}} |
=== National Definitions === | === National Definitions === | ||
<!--Test test test.--> | <!--Test test test.--> | ||
==== USA ==== | ==== USA ==== | ||
| − | The potential for an unwanted outcome resulting from an [[incident]], [[event]], or occurrence, as determined by its [[likelihood]] and the associated [[consequence|consequences]] <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>. | + | {{definition|{{definition|The potential for an unwanted outcome resulting from an [[incident]], [[event]], or occurrence, as determined by its [[likelihood]] and the associated [[consequence|consequences]] <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>.}} |
===Standard Definition=== | ===Standard Definition=== | ||
==== ISO/IEC 27000:2014 ==== | ==== ISO/IEC 27000:2014 ==== | ||
| − | Effect of uncertainty on objectives <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref>[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). | + | {{definition|Effect of uncertainty on objectives <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref>[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}} |
| − | * An effect is a deviation from the expected — positive or negative. | + | <big>* An effect is a deviation from the expected — positive or negative. |
* Uncertainty is the state, even partial, of deficiency of information related to, understanding or * knowledge of, an event (2.25), its [[consequence]], or [[likelihood]]. | * Uncertainty is the state, even partial, of deficiency of information related to, understanding or * knowledge of, an event (2.25), its [[consequence]], or [[likelihood]]. | ||
* Risk is often characterized by reference to potential [[event|events]] and [[consequence|consequences]], or a combination of these. | * Risk is often characterized by reference to potential [[event|events]] and [[consequence|consequences]], or a combination of these. | ||
* Risk is often expressed in terms of a combination of the [[consequence|consequences]] of an [[event]] (including changes in circumstances) and the associated [[likelihood]] of occurrence. | * Risk is often expressed in terms of a combination of the [[consequence|consequences]] of an [[event]] (including changes in circumstances) and the associated [[likelihood]] of occurrence. | ||
* In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives. | * In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives. | ||
| − | * [[Information Security|Information security]] risk is associated with the potential that [[threat|threats]] will exploit [[vulnerability|vulnerabilities]] of an information [[asset]] or group of information assets and thereby cause [[harm]] to an organization. | + | * [[Information Security|Information security]] risk is associated with the potential that [[threat|threats]] will exploit [[vulnerability|vulnerabilities]] of an information [[asset]] or group of information assets and thereby cause [[harm]] to an organization.</big> |
==See also== | ==See also== | ||
Revision as of 11:45, 17 June 2014
Contents
Definitions
European Definitions
The probability of adverse effects caused by a hazardous phenomenon or substance in an organism, a population, or an ecological system [1].
Other International Definitions
UNISDR
National Definitions
USA
{{definition|
The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences [3].
Standard Definition
ISO/IEC 27000:2014
* An effect is a deviation from the expected — positive or negative.
- Uncertainty is the state, even partial, of deficiency of information related to, understanding or * knowledge of, an event (2.25), its consequence, or likelihood.
- Risk is often characterized by reference to potential events and consequences, or a combination of these.
- Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
- In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives.
- Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets and thereby cause harm to an organization.
See also
Notes
- ↑ European Commission's CBRN Glossary, 2012
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
