Difference between revisions of "Risk"
Jump to navigation
Jump to search
(→ISO/IEC 27000:2014) |
|||
Line 24: | Line 24: | ||
* In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives. | * In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives. | ||
* [[Information Security|Information security]] risk is associated with the potential that [[threat|threats]] will exploit [[vulnerability|vulnerabilities]] of an information [[asset]] or group of information assets and thereby cause [[harm]] to an organization.</big> | * [[Information Security|Information security]] risk is associated with the potential that [[threat|threats]] will exploit [[vulnerability|vulnerabilities]] of an information [[asset]] or group of information assets and thereby cause [[harm]] to an organization.</big> | ||
− | + | ==== ISO/IEC 31000:2009 ==== | |
− | {{definition| | + | {{definition|Effect of uncertainty on objectives <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>).}} |
==See also== | ==See also== |
Revision as of 23:53, 14 July 2014
Contents
Definitions
European Definitions
The possibility of loss, damage or injury having regard to the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and the likelihood that a specific vulnerability will be exploited by a particular threat.[1]
The probability of adverse effects caused by a hazardous phenomenon or substance in an organism, a population, or an ecological system [2].
Other International Definitions
UNISDR
National Definitions
USA
The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences [4].
Standard Definition
ISO/IEC 27000:2014
- An effect is a deviation from the expected — positive or negative.
- Uncertainty is the state, even partial, of deficiency of information related to, understanding or * knowledge of, an event (2.25), its consequence, or likelihood.
- Risk is often characterized by reference to potential events and consequences, or a combination of these.
- Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
- In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives.
- Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets and thereby cause harm to an organization.
ISO/IEC 31000:2009
Effect of uncertainty on objectives [7]).
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ European Commission's CBRN Glossary, 2012
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines