Difference between revisions of "Risk Analysis"
Jump to navigation
Jump to search
(→Definitions) |
|||
Line 2: | Line 2: | ||
=== European Definitions === | === European Definitions === | ||
==== Council Directive 2008/114/EC ==== | ==== Council Directive 2008/114/EC ==== | ||
− | The consideration of relevant [[threat]] scenarios, in order to assess the [[vulnerability]] and the potential [[impact]] of [[disruption]] or [[destruction]] of [[critical infrastructure]] <ref> [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>. | + | {{definition|The consideration of relevant [[threat]] scenarios, in order to assess the [[vulnerability]] and the potential [[impact]] of [[disruption]] or [[destruction]] of [[critical infrastructure]] <ref> [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>.}} |
=== Other International Definitions === | === Other International Definitions === | ||
Line 13: | Line 13: | ||
===Standard Definition=== | ===Standard Definition=== | ||
==== ISO/IEC 27000:2014 ==== | ==== ISO/IEC 27000:2014 ==== | ||
− | Process to comprehend the nature of [[risk]] and to determine the level of risk (based on the ISO Guide 73:2009) <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>. Level of risk is expressed in terms of the combination of [[consequence|consequences]] and their [[likelihood]]. | + | {{definition|Process to comprehend the nature of [[risk]] and to determine the level of risk (based on the ISO Guide 73:2009) <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>. }} |
+ | <big>Level of risk is expressed in terms of the combination of [[consequence|consequences]] and their [[likelihood]]. | ||
* Risk analysis provides the basis for [[Risk Evaluation]] and decisions about [[Risk Treatment]]. | * Risk analysis provides the basis for [[Risk Evaluation]] and decisions about [[Risk Treatment]]. | ||
− | * Risk analysis includes [[Risk Estimation]]. | + | * Risk analysis includes [[Risk Estimation]].</big> |
==See also== | ==See also== |
Revision as of 11:46, 17 June 2014
Contents
Definitions
European Definitions
Council Directive 2008/114/EC
The consideration of relevant threat scenarios, in order to assess the vulnerability and the potential impact of disruption or destruction of critical infrastructure [1].
Other International Definitions
National Definitions
Standard Definition
ISO/IEC 27000:2014
Process to comprehend the nature of risk and to determine the level of risk (based on the ISO Guide 73:2009) [2].
Level of risk is expressed in terms of the combination of consequences and their likelihood.
- Risk analysis provides the basis for Risk Evaluation and decisions about Risk Treatment.
- Risk analysis includes Risk Estimation.
See also
Notes
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary