Risk
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 European Project Definitions
- 1.3 International Definitions
- 1.4 National Definitions
- 1.4.1 Argentina
- 1.4.2 Australia
- 1.4.3 Austria
- 1.4.4 Belgium
- 1.4.5 Bosnia and Herzegovina
- 1.4.6 Brazil
- 1.4.7 Bulgaria
- 1.4.8 Burkina-Faso
- 1.4.9 Canada
- 1.4.10 Cape Verde
- 1.4.11 Croatia
- 1.4.12 Cyprus
- 1.4.13 Czech Republic
- 1.4.14 Denmark
- 1.4.15 Estonia
- 1.4.16 Finland
- 1.4.17 France
- 1.4.18 Germany
- 1.4.19 Greece
- 1.4.20 Guatemala
- 1.4.21 Hungary
- 1.4.22 India
- 1.4.23 Ireland
- 1.4.24 Italy
- 1.4.25 Japan
- 1.4.26 Latvia
- 1.4.27 Lithuania
- 1.4.28 Luxembourg
- 1.4.29 Malta
- 1.4.30 Mexico
- 1.4.31 Netherlands
- 1.4.32 Norway
- 1.4.33 Oman
- 1.4.34 Poland
- 1.4.35 Portugal
- 1.4.36 Republic of Trinidad & Tobago
- 1.4.37 Romania
- 1.4.38 Slovakia
- 1.4.39 Slovenia
- 1.4.40 Spain
- 1.4.41 Sweden
- 1.4.42 Switzerland
- 1.4.43 Turkey
- 1.4.44 United Kingdom (UK)
- 1.4.45 United States
- 1.5 Standard Definitions
- 1.6 Other Definitions
- 2 See also
- 3 Notes
Definitions
European Definitions
EU
European Commission
ENISA
CLIMATE-ADAPT
Comment: This definition closely follows the definition of the ISO/IEC Guide 73. The word "risk" has two distinctive connotations: in popular usage the emphasis is usually placed on the concept of chance or possibility, such as in "the risk of an accident"; whereas in technical settings the emphasis is usually placed on the consequences, in terms of "potential losses" for some particular cause, place and period. It can be noted that people do not necessarily share the same perceptions of the significance and underlying causes of different risks.
defined by=EU|
European Project Definitions
CIPRNet project
The CIPRNet project [7] uses the following definition:
International Definitions
CARICOM
IAEA
Risk is measured in terms of a combination of the [likelihood]] of an event and the severity of its consequences.
NATO CEP / EAPC
The level of risk is a condition of two factors: (1) the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and (2) the likelihood that a specific vulnerability will be exploited by a particular threat.
UNISDR
Intergovernmental Panel on Climate Change (IPCC)
National Definitions
Argentina
Australia
[22] provides three other Australian definitions of risk.
Austria
Belgium
Bosnia and Herzegovina
Brazil
Risk is the uncertainty effect on goals.
Bulgaria
Burkina-Faso
Canada
Combinaison de la possibilité qu’un aléa donné se produise et des conséquences potentielles pouvant y être associées. [30] [31]
Risk refers to the vulnerability, proximity or exposure to hazards, which affects the likelihood of adverse impact.
Cape Verde
O risco é o resultado do impacto específico de um perigo nas condições pré-existentes de vulnerabilidade. A palavra risco tem duas conotações distintas: no uso popular, a ênfase é geralmente colocada sobre o conceito de oportunidade ou possibilidade, como em “o risco de um acidente”; enquanto em configurações técnicas a ênfase é geralmente colocada sobre as consequências, em termos de “perdas potenciais” para alguma causa, local e período particular. Pode-se notar que as pessoas não necessariamente compartilham as mesmas percepções sobre o significado e as causas subjacentes a diferentes riscos.
Croatia
Cyprus
Czech Republic
Risk is either defined as: (1) Danger, possibility of damage, loss, failure. (2) Effect of uncertainty to achieve objectives. (3) Possibility that a certain threat would utilize vulnerability of an asset or group of assets and cause damage to an organization. [36]
Denmark
Estonia
Finland
Risk is the combination of probability and consequences of a negative circumstance or event. -unofficial translation- [40]
France
Germany
Greece
(Risk is the combination of the occurrence likelihood of a natural hazard or a technological event or other disasters and the severity of the damages that can be caused to citizens, to assets, to productive sources and to infrastructures of a region) [47]
Guatemala
Hungary
India
Ireland
Italy
Minacce, vulnerabilità ed impatto costituiscono, quindi, le variabili principali in funzione delle quali viene valutata l’esistenza di un rischio ed il relativo livello ai fini della sua gestione, ossia dell’adozione delle necessarie contromisure (tanto preventive che reattive).
Japan
(Cyber) Risk is an expectation of loss expressed as the probability that a articular threat will exploit a particular vulnerability with a articular harmful result. [57]
Latvia
Lithuania
Luxembourg
Malta
Mexico
Netherlands
Risico is de jaarlijks te verwachten schade door het manifesteren van bedreigingen. [63]
Norway
Risk is always about what might happen in the future, and therefore there is always a degree of uncertainty associated with it. The uncertainty is related to whether a specific adverse event will occur and to the consequences the event will have. [67]
Oman
Risk establishes the likelihood of a successful attack.
Poland
Portugal
Republic of Trinidad & Tobago
Romania
Slovakia
Slovenia
Spain
Sweden
Switzerland
Le « risque » permet de déterminer l’étendue d’une mise en danger et englobe la fréquence ou probabilité et l’ampleur des dommages d’un [[Incident}événement]] indésirable. [79]
Il rischio è un metro di misura per le dimensioni di una minaccia e implica la frequenza o la probabilità d’insorgenza e l'entità dei danni di un evento indesiderato. [80]
Der Begriff Risiko dient beim Schutz kritischer Infrastrukturen als Modell sowohl zur Beurteilung von Sicherheitsfragen als auch zum Vergleich verschiedener Gefährdungen anhand gleicher Kriterien. Das Risikomodell beruht grundsätzlich auf zwei Faktoren:
- Eintrittswahrscheinlichkeit eines Ereignisses;
- Schadensausmass an Bevölkerung und deren Lebensgrundlagen.
Risiken lassen sich demzufolge als Produkt darstellen, das durch die Eintrittswahrscheinlichkeit eines Ereignisses und dessen Schadensausmasses bestimmt ist.
Turkey
United Kingdom (UK)
For example: the costs of damage, number of people affected or areas of land affected by a specific climate effect.
United States
DHS
NIST
Standard Definitions
IETF
ISO/IEC 27000:2014
- An effect is a deviation from the expected — positive or negative.
- Uncertainty is the state, even partial, of deficiency of information related to, understanding or * knowledge of, an event (2.25), its consequence, or likelihood.
- Risk is often characterized by reference to potential events and consequences, or a combination of these.
- Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
- In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives.
- Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets and thereby cause harm to an organization.
ISO/IEC 31000:2009
Other Definitions
EM-DAT
Ontario (Canada)
See also
Notes
- ↑ EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
- ↑ European Commission's CBRN Glossary, 2012
- ↑ DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
- ↑ ENISA Risk Glossary
- ↑ European Climate Adaptation Platform (CLIMATE-ADAPT) Glossary
- ↑ http://www.ciprnet.eu/
- ↑ Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
- ↑ IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary in Bahasa
- ↑ UNISDR glossary in Tagalog
- ↑ UNISDR glossary in Tagalog
- ↑ Mach, K.J., S. Planton and C. von Stechow (eds.). Climate Change 2014: Synthesis Report. Contribution of Working Groups I, II and III to the Fifth Assessment Report of the Intergovernmental Panel on Climate Change. Annex II: Glossary. [Core Writing Team, R.K. Pachauri and L.A. Meyer (eds.)]. IPCC, Geneva, Switzerland, pp. 117-130.
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ Glossary of the Government of Queensland
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - DE
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - NL
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FR
- ↑ RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama
- ↑ GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - BG
- ↑ CIRT-BF Glossary
- ↑ An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Avaliação das Necessidades Pós- Desastre (PDNA) ERUPÇÃO VULCÂNICA NO FOGO 2014-2015, Cape Verde
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - HR
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union – EL
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - CS
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - DA
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - ET
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FI
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FR
- ↑ Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - DE
- ↑ Glossar BBK
- ↑ BSI Glossary
- ↑ General Civil Protection Plan "Xenocrates"(Γενικό σχέδιο Πολιτικής Προστασίας "Ξενοκράτης")
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union – EL
- ↑ Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - HU
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ A FRAMEWORK FOR MAJOR EMERGENCY MANAGEMENT (APPENDICES)
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - IT
- ↑ IL LINGUAGGIO DEGLI ORGANISMI INFORMATIVI Glossario (2013)
- ↑ Dipartimento della Protezione Civile Glossario
- ↑ RFC2828 (Japanese translation)
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - LV
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - LT
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FR
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - MT
- ↑ GUÍA PARA LA PRESENTACIÓN DEL ESTUDIO DE RIESGO MODALIDAD ANALISIS DE RIESGO, Mexico
- ↑ Zakboekje Preventie Cybercrime (2008)
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - NL
- ↑ Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015
- ↑ DSB, National Risikobild 2014
- ↑ DSB, National Risk Analysis 2014
- ↑ Oman CERT Glossary
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - PL
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - PT
- ↑ Decisão do Conselho n.º 2013/488/EU, de 23 de setembro de 2013, relativa às regras de segurança aplicáveis à proteção das informações classificadas da UE
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - RO
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - SK
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - SL
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - ES
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - SV
- ↑ Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
- ↑ Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
- ↑ Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
- ↑ 2016-2019 UlUSAL SİBER GÜVENLİk STRATEJİSİ (National Cyber Security Strategy 2016-2019, Sept. 2016)
- ↑ National Cyber Security Strategy 2016, HM Government
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ The National Adaptation Programme: Making the country resilient to a changing climate, UK Government (2013)
- ↑ Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/FIPS 200
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013) / FIPS 200
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ ISO 22301:2012 Societal security -- Business continuity management systems --- Requirements
- ↑ EM-DAT disaster database glossary
- ↑ 95.0 95.1 Province of Ontario’s Emergency Management Glossary of Terms