Difference between revisions of "Risk"
(→CARICOM) |
(→Canada) |
||
Line 31: | Line 31: | ||
{{definition|Risco: efeito da incerteza nos objetivos. <ref>[http://www.biblioteca.presidencia.gov.br/publicacoes-oficiais-1/catalogo/orgao-essenciais/gabinete-de-seguranca-institucional/guia-de-referencia-para-seguranca-de-infraestruturas-criticas-da-informacao/at_download/file GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)]</ref><br />Risk is the uncertainty effect on goals.}} <br /> | {{definition|Risco: efeito da incerteza nos objetivos. <ref>[http://www.biblioteca.presidencia.gov.br/publicacoes-oficiais-1/catalogo/orgao-essenciais/gabinete-de-seguranca-institucional/guia-de-referencia-para-seguranca-de-infraestruturas-criticas-da-informacao/at_download/file GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)]</ref><br />Risk is the uncertainty effect on goals.}} <br /> | ||
==== [[Canada]] ==== | ==== [[Canada]] ==== | ||
− | {{definition| Risk is the combination of the likelihood and the consequence of a specified hazard being realized.<br /><br />Combinaison de la possibilité qu’un aléa donné se produise et des conséquences potentielles pouvant y être associées. <ref> [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition) </ref> <ref name="canada">[http://publications.gc.ca/collections/collection_2012/tpsgc-pwgsc/S52-2-281-2012.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}} | + | {{definition| Risk is the combination of the likelihood and the consequence of a specified hazard being realized.<br /><br />Combinaison de la possibilité qu’un aléa donné se produise et des conséquences potentielles pouvant y être associées. <ref>[http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition) ]</ref> <ref name="canada">[http://publications.gc.ca/collections/collection_2012/tpsgc-pwgsc/S52-2-281-2012.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}} |
Risk refers to the vulnerability, proximity or exposure to hazards, which affects the likelihood of adverse impact.<br /> | Risk refers to the vulnerability, proximity or exposure to hazards, which affects the likelihood of adverse impact.<br /> | ||
Revision as of 01:03, 28 September 2016
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 International Definitions
- 1.3 National Definitions
- 1.4 Standard Definitions
- 1.5 Other Definitions
- 2 See also
- 3 Notes
Definitions
European Definitions
EU
ENISA
International Definitions
CARICOM
NATO CEP / EAPC
The level of risk is a condition of two factors: (1) the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and (2) the likelihood that a specific vulnerability will be exploited by a particular threat.
UNISDR
National Definitions
Australia
[8] provides three other Australian definitions of risk.
Brazil
Risk is the uncertainty effect on goals.
Canada
Combinaison de la possibilité qu’un aléa donné se produise et des conséquences potentielles pouvant y être associées. [10] [11]
Risk refers to the vulnerability, proximity or exposure to hazards, which affects the likelihood of adverse impact.
Czech Republic
Risk is either defined as: (1) Danger, possibility of damage, loss, failure. (2) Effect of uncertainty to achieve objectives. (3) Possibility that a certain threat would utilize vulnerability of an asset or group of assets and cause damage to an organization. [13]
Finland
Risk is the combination of probability and consequences of a negative circumstance or event. -unofficial translation- [14]
Germany
Greece
(Risk is the combination of the occurrence likelihood of a natural hazard or a technological event or other disasters and the severity of the damages that can be caused to citizens, to assets, to productive sources and to infrastructures of a region) [16]
India
Ireland
Japan
(Cyber) Risk is an expectation of loss expressed as the probability that a articular threat will exploit a particular vulnerability with a articular harmful result. [19]
Netherlands
Risico is de jaarlijks te verwachten schade door het manifesteren van bedreigingen. [20]
Republic of Trinidad & Tobago
Switzerland
Le « risque » permet de déterminer l’étendue d’une mise en danger et englobe la fréquence ou probabilité et l’ampleur des dommages d’un [[Incident}événement]] indésirable. [23]
Il rischio è un metro di misura per le dimensioni di una minaccia e implica la frequenza o la probabilità d’insorgenza e l'entità dei danni di un evento indesiderato. [24]
Der Begriff Risiko dient beim Schutz kritischer Infrastrukturen als Modell sowohl zur Beurteilung von Sicherheitsfragen als auch zum Vergleich verschiedener Gefährdungen anhand gleicher Kriterien. Das Risikomodell beruht grundsätzlich auf zwei Faktoren:
- Eintrittswahrscheinlichkeit eines Ereignisses;
- Schadensausmass an Bevölkerung und deren Lebensgrundlagen.
Risiken lassen sich demzufolge als Produkt darstellen, das durch die Eintrittswahrscheinlichkeit eines Ereignisses und dessen Schadensausmasses bestimmt ist.
Turkey
United Kingdom (UK)
United States
DHS
NIST
Standard Definitions
IETF
ISO/IEC 27000:2014
- An effect is a deviation from the expected — positive or negative.
- Uncertainty is the state, even partial, of deficiency of information related to, understanding or * knowledge of, an event (2.25), its consequence, or likelihood.
- Risk is often characterized by reference to potential events and consequences, or a combination of these.
- Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
- In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives.
- Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets and thereby cause harm to an organization.
ISO/IEC 31000:2009
Other Definitions
Ontario (Canada)
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ European Commission's CBRN Glossary, 2012
- ↑ ENISA Risk Glossary
- ↑ Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
- ↑ Glossary of the Government of Queensland
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)
- ↑ An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
- ↑ General Civil Protection Plan "Xenocrates"(Γενικό σχέδιο Πολιτικής Προστασίας "Ξενοκράτης")
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ A FRAMEWORK FOR MAJOR EMERGENCY MANAGEMENT (APPENDICES)
- ↑ http://www.ipa.go.jp/security/rfc/RFC2828EN.html RFC2828 (Japanese translation)
- ↑ Zakboekje Preventie Cybercrime (2008)
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
- ↑ Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
- ↑ Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
- ↑ 2016-2019 UlUSAL SİBER GÜVENLİk STRATEJİSİ (National Cyber Security Strategy 2016-2019, Sept. 2016)
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/FIPS 200
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013) / FIPS 200
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ 34.0 34.1 Province of Ontario’s Emergency Management Glossary of Terms