Difference between revisions of "Risk Analysis"

Revision as of 00:12, 15 July 2014

The consideration of relevant threat scenarios, in order to assess the vulnerability and the potential impact of disruption or destruction of critical infrastructure ^[1].

Process to comprehend the nature of risk and to determine the level of risk (based on the ISO Guide 73:2009) ^[2] ^[3]..

Level of risk is expressed in terms of the combination of consequences and their likelihood.

Risk analysis provides the basis for Risk Evaluation and decisions about Risk Treatment.

@@ Line 12: / Line 12: @@
 ===Standard Definition===
-==== ISO/IEC 27000:2014 ====
+==== ISO/IEC 27000:2014 and ISO 31000:2009====
-{{definition|Process to comprehend the nature of [[risk]] and to determine the level of risk (based on the ISO Guide 73:2009) <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>. }}
+{{definition|Process to comprehend the nature of [[risk]] and to determine the level of risk (based on the ISO Guide 73:2009) <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>.. }}
 <big>Level of risk is expressed in terms of the combination of [[consequence|consequences]] and their [[likelihood]].
 * Risk analysis provides the basis for [[Risk Evaluation]] and decisions about [[Risk Treatment]].