Difference between revisions of "Risk"
Jump to navigation
Jump to search
(→NATO CEP / EAPC) |
|||
Line 9: | Line 9: | ||
=== International Definitions === | === International Definitions === | ||
==== NATO CEP / EAPC ==== | ==== NATO CEP / EAPC ==== | ||
− | {{definition|The possibility of loss, damage or injury. <ref> | + | {{definition|The possibility of loss, damage or injury. <ref>NATO EAPC(SCEPC) lexicon 2003.</ref>.}} |
<big>The level of risk is a condition of two factors: (1) the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and (2) the likelihood that a specific vulnerability will be exploited by a particular threat.</big> | <big>The level of risk is a condition of two factors: (1) the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and (2) the likelihood that a specific vulnerability will be exploited by a particular threat.</big> | ||
<br /> | <br /> | ||
+ | |||
==== UNISDR ==== | ==== UNISDR ==== | ||
{{definition|The combination of the probability of an [[event]] and its negative [[consequence|consequences]] <ref>[http://www.unisdr.org/we/inform/terminology 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.]</ref>.}} | {{definition|The combination of the probability of an [[event]] and its negative [[consequence|consequences]] <ref>[http://www.unisdr.org/we/inform/terminology 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.]</ref>.}} |
Revision as of 18:12, 17 September 2014
Contents
Definitions
European Definitions
The possibility of loss, damage or injury having regard to the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and the likelihood that a specific vulnerability will be exploited by a particular threat.[1]
The probability of adverse effects caused by a hazardous phenomenon or substance in an organism, a population, or an ecological system [2].
Other International Definitions
International Definitions
NATO CEP / EAPC
The possibility of loss, damage or injury. [3].
The level of risk is a condition of two factors: (1) the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and (2) the likelihood that a specific vulnerability will be exploited by a particular threat.
UNISDR
National Definitions
USA
The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences [5].
Standard Definition
ISO/IEC 27000:2014
- An effect is a deviation from the expected — positive or negative.
- Uncertainty is the state, even partial, of deficiency of information related to, understanding or * knowledge of, an event (2.25), its consequence, or likelihood.
- Risk is often characterized by reference to potential events and consequences, or a combination of these.
- Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
- In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives.
- Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets and thereby cause harm to an organization.
ISO/IEC 31000:2009
Effect of uncertainty on objectives [8].
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ European Commission's CBRN Glossary, 2012
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines