Risk

From CIPedia
Revision as of 00:31, 29 November 2016 by Eluiijf (talk | contribs) (National Definitions)
Jump to navigation Jump to search

Definitions

European Definitions

EU

The possibility of loss, damage or injury having regard to the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and the likelihood that a specific vulnerability will be exploited by a particular threat. [1]


The probability of adverse effects caused by a hazardous phenomenon or substance in an organism, a population, or an ecological system. [2]


European Commission

Risk means any reasonably identifiable circumstance or event having a potential adverse effect on the security of network and information systems. [3]


ENISA

Risk is the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization (derived from ISO/IEC PDTR 13335-1). [4]



International Definitions

CARICOM

The combination of the probability of an event and its negative consequences. [5]


NATO CEP / EAPC

The possibility of loss, damage or injury. [6]

The level of risk is a condition of two factors: (1) the value placed on the asset by its owner/operator and the impact of loss or change to the asset, and (2) the likelihood that a specific vulnerability will be exploited by a particular threat.

UNISDR

The combination of the probability of an event and its negative consequences. [7]


Intergovernmental Panel on Climate Change (IPCC)

The potential for consequences where something of value is at stake and where the outcome is uncertain, recognizing the diversity of values. Risk is often represented as probability of occurrence of hazardous events multiplied by the impacts if these events or trends occur. Risk results from the interaction of vulnerability, exposure, and hazard. [8]

National Definitions

National Definitions

Australia

The chance of something happening that will have an impact on objectives. It is measured in terms if likelihood and consequence. [9]

[10] provides three other Australian definitions of risk.

Austria

Risiko: alle mit vernünftigem Aufwand feststellbaren Umstände oder Ereignisse, die potenziell nachteilige Auswirkungen auf die Sicherheit von Netz- und Informationssystemen haben. [11]



Belgium

Risico: elke redelijkerwijs vast te stellen omstandigheid of gebeurtenis met een mogelijk schadelijk effect op de beveiliging van netwerk- en informatiesystemen. [12]


Risque: toute circonstance ou tout événement raisonnablement identifiable ayant un impact négatif potentiel sur la sécurité des réseaux et des systèmes d'information;. [13]



Bulgaria

ǸǰǹDz“ ǶǯǵǨǿǨǪǨ ǸǨǯǻǴǵǶ ǻǹǺǨǵǶǪǰǴǶ ǶǩǹǺǶȇǺǭdzǹǺǪǶ ǰdzǰ ǹȂǩǰǺǰǭ, DzǶǭǺǶ ǴǶǮǭ ǬǨ ǰǴǨ ǵǭǩdzǨǫǶǷǸǰȇǺǵǶ ǪȂǯǬǭDZǹǺǪǰǭ ǪȂǸǽǻ ǹǰǫǻǸǵǶǹǺǺǨ ǵǨ ǴǸǭǮǰǺǭ ǰ ǰǵǼǶǸǴǨǾǰǶǵǵǰǺǭ ǹǰǹǺǭǴǰ. [14]



Brazil

Risco: efeito da incerteza nos objetivos. [15]
Risk is the uncertainty effect on goals.


Canada

Risk is the combination of the likelihood and the consequence of a specified hazard being realized.

Combinaison de la possibilité qu’un aléa donné se produise et des conséquences potentielles pouvant y être associées. [16] [17]

Risk refers to the vulnerability, proximity or exposure to hazards, which affects the likelihood of adverse impact.

Croatia

Rizik: znaĀi bilo koja razumno prepoznatljiva okolnost ili događaj koji ima potencijalan negativni uĀinak na sigurnost mrežnih i informacijskih sustava. [18]



Czech Republic

Riziko: (1) Nebezpečí, možnost škody, ztráty, nezdaru. (2) Účinek nejistoty na dosažení cílů. (3) Možnost, že určitá hrozba využije zranitelnosti aktiva nebo skupiny aktiv a způsobí organizaci škodu. [19]

Risk is either defined as: (1) Danger, possibility of damage, loss, failure. (2) Effect of uncertainty to achieve objectives. (3) Possibility that a certain threat would utilize vulnerability of an asset or group of assets and cause damage to an organization. [20]


Rizikem: jakákoli v pňimĎňenĎ rozpoznatelná okolnost nebo událost, která by mohla mít negativní dopad na bezpeĀnost sítí a informaĀních systémů. [21]



Denmark

Risiko: enhver rimeligt identificerbar omstændighed eller begivenhed, der har en potentiel negativ indvirkning på sikkerheden i net- og informationssystemer. [22]



Estonia

Risk: mõistlikult tuvastatav asjaolu või sündmus, mis võib kahjustada võrgu- ja infosüsteemide turvalisust;. [23]<



Finland

Riski: kielteisen seikan tai tapahtuman todennäköisyyden ja vaikutusten yhdistelmä.

Risk is the combination of probability and consequences of a negative circumstance or event. -unofficial translation- [24]


Riskillä: mitä tahansa kohtuullisesti tunnistettavissa olevaa tilannetta tai tapahtumaa, joka saattaa vaikuttaa haitallisesti verkko- ja tietojärjestelmien turvallisuuteen. [25]



France

Risque: toute circonstance ou tout événement raisonnablement identifiable ayant un impact négatif potentiel sur la sécurité des réseaux et des systèmes d'information;. [26]



Germany

Likelihood of a serious danger which (a) constitutes a threat to human life, (b) will impair the health of a large number of people, or (c) affects economic activity, public services and technical infrastructures and may cause damage to the environment, in particular animals and plants, the soil, the water, the atmosphere and cultural and material assets. [27]


Risiko: alle mit vernünftigem Aufwand feststellbaren Umstände oder Ereignisse, die potenziell nachteilige Auswirkungen auf die Sicherheit von Netz- und Informationssystemen haben. [28]



Greece

Κίνδυνος νοείται η πιθανότητα εκδήλωσης ενός φυσικού φαινομένου ή τεχνολογικού συμβάντος ή και λοιπών καταστροφών σε συνδυασμό με την ένταση των καταστροφών, που μπορεί να προκληθούν στους πολίτες, στα αγαθά, στις πλουτοπαραγωγικές πηγές και στις υποδομές μιας περιοχής.

(Risk is the combination of the occurrence likelihood of a natural hazard or a technological event or other disasters and the severity of the damages that can be caused to citizens, to assets, to productive sources and to infrastructures of a region) [29]


Κίνδυνος: κάθε εύλογα διαπιστώσιμη περίσταση ή γεγονός με δυνητική δυσμενή επίπτωση στην ασφάλεια συστημάτων δικτύου και πληροφοριών. [30]]



Hungary

Kockázat: minden olyan észszerűen azonosítható körülmény vagy esemény, amely kedvezőtlen hatást gyakorolhat a hálózati és információs rendszerek biztonságára. [31]



India

Risk is the potential of damage to a system or associated assets that exists as a result of the combination of security threat and vulnerability. [32]


Ireland

Risk is the combination of the likelihood of a hazardous event and its potential impact. [33]


Risk means any reasonably identifiable circumstance or event having a potential adverse effect on the security of network and information systems. [34]



Italy

Rischio: ogni circostanza o evento ragionevolmente individuabile con potenziali effetti pregiudizievoli per la sicurezza della rete e dei sistemi informativi. [35]



Japan

リスク: 特定の脅威が特定の脆弱性を攻略し、特定の有害な結果をもたらす確率として表明される損失の期待値.

(Cyber) Risk is an expectation of loss expressed as the probability that a articular threat will exploit a particular vulnerability with a articular harmful result. [36]


Latvia

Risks: ir jebkāds racionāli identificĆjams apstāklis vai notikums, kas var nelabvĆlĞgi ietekmĆt tĞklu un informācijas sistĆmu droŐĞbu. [37]



Lithuania

Rizika – pagrĢstai nustatoma aplinkybĊ ar Ģvykis, galintis turĊti neigiamą poveikĢ tinklų ir informacinių sistemų saugumui. [38]



Luxembourg

Risque: toute circonstance ou tout événement raisonnablement identifiable ayant un impact négatif potentiel sur la sécurité des réseaux et des systèmes d'information;. [39]



Malta

Riskju: tfisser kwalunkwe ċirkostanza jew avveniment raġonevolment identifikabbli li jista' jkollu effett negattiv fuq is-sigurtà tan-netwerks u tas-sistemi tal-informazzjoni. [40]



Netherlands

Risk is the annual loss expectancy (ALE) by the manifestation of threats.

Risico is de jaarlijks te verwachten schade door het manifesteren van bedreigingen. [41]


Risico: elke redelijkerwijs vast te stellen omstandigheid of gebeurtenis met een mogelijk schadelijk effect op de beveiliging van netwerk- en informatiesystemen. [42]



Poland

Ryzyko: oznacza każdą dającą się racjonalnie określić okoliczność lub zdarzenie, które ma potencjalny niekorzystny wpływ na bezpieczeństwo sieci i systemów informatycznych. [43]



Portugal

Risco, uma circunstância ou um evento, razoavelmente identificáveis, com um efeito adverso potencial na segurança das redes e dos sistemas de informação. [44]



Republic of Trinidad & Tobago

The combination of the probability of an event and its negative consequences. [45]


Romania

Risc: înseamnă orice circumstanță sau eveniment ce poate fi identificat în mod rezonabil care are un efect potențial negativ asupra securității rețelelor și a sistemelor informatice. [46]



Slovakia

Riziko: je kaŬdá primerane rozpoznateľná okolnosť alebo udalosť, ktorá môŬe mať nepriaznivý vplyv na bezpeĀnosť sietí a informaĀných systémov. [47]



Slovenia

Tveganje: pomeni vsako razumno doloĀljivo okoliŐĀino ali dogodek, ki ima lahko negativen uĀinek na varnost omreŬja in informacijskih sistemov. [48]



Spain

Riesgo: toda circunstancia o hecho razonablemente identificable que tenga un posible efecto adverso en la seguridad de las redes y sistemas de información. [49]



Sweden

Risk: en rimligen identifierbar omständighet eller händelse med en potentiell negativ inverkan på säkerheten i nätverks- och informationssystem. [50]



Switzerland

Das Risiko ist ein Mass für die Grösse einer Gefährdung und beinhaltet die Eintrittswahrscheinlichkeit und das Schadensausmass eines unerwünschten Ereignisses. [51]

Le « risque » permet de déterminer l’étendue d’une mise en danger et englobe la fréquence ou probabilité et l’ampleur des dommages d’un [[Incident}événement]] indésirable. [52]

Il rischio è un metro di misura per le dimensioni di una minaccia e implica la frequenza o la probabilità d’insorgenza e l'entità dei danni di un evento indesiderato. [53]

Der Begriff Risiko dient beim Schutz kritischer Infrastrukturen als Modell sowohl zur Beurteilung von Sicherheitsfragen als auch zum Vergleich verschiedener Gefährdungen anhand gleicher Kriterien. Das Risikomodell beruht grundsätzlich auf zwei Faktoren:

  • Eintrittswahrscheinlichkeit eines Ereignisses;
  • Schadensausmass an Bevölkerung und deren Lebensgrundlagen.

Risiken lassen sich demzufolge als Produkt darstellen, das durch die Eintrittswahrscheinlichkeit eines Ereignisses und dessen Schadensausmasses bestimmt ist.

Turkey

Risk: Tehditlerin bir veya birden çok bilgi varlığındaki açıklığı kullanarak zarar yaratma potansiyelini [54]


United Kingdom (UK)

(cyber) Risk is the potential that a given cyber threat will exploit the vulnerabilities of an information system and cause harm. [55]


Risk is a measure of the significance of a potential emergency in terms of its assessed likelihood and impact. [56]


Risk combines the chance that an event will occur with how large its impact could be, in social, economic or environmental terms. [57]

For example: the costs of damage, number of people affected or areas of land affected by a specific climate effect.

Risk means any reasonably identifiable circumstance or event having a potential adverse effect on the security of network and information systems. [58]



United States

DHS
The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. [59]
NIST
The level of impact on organizational operations (including mission,functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. [60]


Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. [61]



Standard Definitions

IETF

An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. [62]


ISO/IEC 27000:2014

Effect of uncertainty on objectives. [63] (based on the ISO Guide 73:2009[64])

  • An effect is a deviation from the expected — positive or negative.
  • Uncertainty is the state, even partial, of deficiency of information related to, understanding or * knowledge of, an event (2.25), its consequence, or likelihood.
  • Risk is often characterized by reference to potential events and consequences, or a combination of these.
  • Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
  • In the context of information security management systems, information security risks can be expressed as effect of uncertainty on information security objectives.
  • Information security risk is associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets and thereby cause harm to an organization.


ISO/IEC 31000:2009

Effect of uncertainty on objectives. [65]


Other Definitions

Ontario (Canada)

Risk is the product of the probability of the occurrence of a hazard and its consequences. [66]


Risque: produit de la probabilité qu’un danger se produise et de ses conséquences. [66]


See also

Notes

  1. EC COM(2006) 787 final, Directive of the Council on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection, EC, Brussels 12.12.2006.
  2. European Commission's CBRN Glossary, 2012
  3. DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
  4. ENISA Risk Glossary
  5. Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
  6. NATO EAPC(SCEPC) lexicon 2003.
  7. 2009 UNISDR Terminology on Disaster Risk Reduction, United Nations International Strategy for Disaster Reduction (UNISDR), Geneva, Switzerland, May 2009.
  8. Mach, K.J., S. Planton and C. von Stechow (eds.). Climate Change 2014: Synthesis Report. Contribution of Working Groups I, II and III to the Fifth Assessment Report of the Intergovernmental Panel on Climate Change. Annex II: Glossary. [Core Writing Team, R.K. Pachauri and L.A. Meyer (eds.)]. IPCC, Geneva, Switzerland, pp. 117-130.
  9. Glossary of the Government of Queensland
  10. Australian Emergency Management Glossary, Emergency Management Australia (1998)
  11. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - DE
  12. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - NL
  13. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FR
  14. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - BG
  15. GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO Versão 01 (Nov. 2010)
  16. An Emergency Management Framework for Canada (Second Edition)
  17. Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
  18. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - HR
  19. Výkladový slovník kybernetické bezpečnosti (2013)
  20. Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
  21. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - CS
  22. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - DA
  23. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - ET
  24. Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
  25. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FI
  26. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FR
  27. Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
  28. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - DE
  29. General Civil Protection Plan "Xenocrates"(Γενικό σχέδιο Πολιτικής Προστασίας "Ξενοκράτης")
  30. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union – EL
  31. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - HU
  32. India's DGQA Cyber Security Policy (2015)
  33. A FRAMEWORK FOR MAJOR EMERGENCY MANAGEMENT (APPENDICES)
  34. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
  35. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - IT
  36. RFC2828 (Japanese translation)
  37. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - LV
  38. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - LT
  39. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - FR
  40. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - MT
  41. Zakboekje Preventie Cybercrime (2008)
  42. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - NL
  43. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - PL
  44. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - PT
  45. Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
  46. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - RO
  47. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - SK
  48. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - SL
  49. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - ES
  50. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union - SV
  51. Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
  52. Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
  53. Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
  54. 2016-2019 UlUSAL SİBER GÜVENLİk STRATEJİSİ (National Cyber Security Strategy 2016-2019, Sept. 2016)
  55. National Cyber Security Strategy 2016, HM Government
  56. Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
  57. The National Adaptation Programme: Making the country resilient to a changing climate, UK Government (2013)
  58. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
  59. DHS Risk Lexicon 2010 Edition, September 2010
  60. NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013/FIPS 200
  61. NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013) / FIPS 200
  62. IETF RFC449 Internet Security Glossary 2
  63. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  64. ISO Guide 73:2009 Risk management -- Vocabulary
  65. ISO/IEC 31000:2009, Risk management -- Principles and guidelines
  66. 66.0 66.1 Province of Ontario’s Emergency Management Glossary of Terms
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Risk&oldid=6119"