Risk

From CIPedia
Revision as of 18:45, 21 February 2015 by Eluiijf (talk | contribs) (Standard Definition)
Jump to navigation Jump to search

Definitions

European Definitions

The possibility of loss, damage or injury having regard to the value placed on the asset by its owner/operator and the Impsct of loss or change to the asset, and the likelihood that a specific vulnerability will be exploited by a particular threat.[1]
The probability of adverse effects caused by a hazardous phenomenon or substance in an organism, a population, or an ecological system [2].


International Definitions

NATO CEP / EAPC

The possibility of loss, damage or injury. [3].

The level of risk is a condition of two factors: (1) the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and (2) the likelihood that a specific vulnerability will be exploited by a particular threat.

UNISDR

The combination of the probability of an event and its negative consequences [4].


National Definitions

Germany

Likelihood of a serious danger which (a) constitutes a threat to human life, (b) will impair the health of a large number of people, or (c) affects economic activity, public services and technical infrastructures and may cause damage to the environment, in particular animals and plants, the soil, the water, the atmosphere and cultural and material assets. [5].


USA

The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences [6].


Standard Definitions

ISO/IEC 27000:2014

Effect of uncertainty on objectives [7](based on the ISO Guide 73:2009[8]).

  • An effect is a deviation from the expected — positive or negative.
  • Uncertainty is the state, even partial, of deficiency of information related to, understanding or * knowledge of, an event (2.25), its consequence, or likelihood.
  • Risk is often characterized by reference to potential events and consequences, or a combination of these.
  • Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
  • In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives.
  • Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets and thereby cause harm to an organization.

ISO/IEC 31000:2009

Effect of uncertainty on objectives [9].

See also

Notes

  1. EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
  2. European Commission's CBRN Glossary, 2012
  3. NATO EAPC(SCEPC) lexicon 2003.
  4. 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
  5. http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
  6. DHS Risk Lexicon 2010 Edition, September 2010
  7. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  8. ISO Guide 73:2009 Risk management -- Vocabulary
  9. ISO/IEC 31000:2009, Risk management -- Principles and guidelines
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Risk&oldid=2060"