Difference between revisions of "Risk Analysis"
Jump to navigation
Jump to search
(→ISO/IEC 27000:2014) |
(→ISO/IEC 27000:2014 and ISO 31000:2009) |
||
Line 17: | Line 17: | ||
* Risk analysis provides the basis for [[Risk Evaluation]] and decisions about [[Risk Treatment]]. | * Risk analysis provides the basis for [[Risk Evaluation]] and decisions about [[Risk Treatment]]. | ||
* Risk analysis includes [[Risk Estimation]].</big> | * Risk analysis includes [[Risk Estimation]].</big> | ||
+ | <br /> | ||
==See also== | ==See also== |
Revision as of 18:46, 21 February 2015
Contents
Definitions
European Definitions
Council Directive 2008/114/EC
The consideration of relevant threat scenarios, in order to assess the vulnerability and the potential impact of disruption or destruction of critical infrastructure [1].
Other International Definitions
National Definitions
Standard Definition
ISO/IEC 27000:2014 and ISO 31000:2009
Process to comprehend the nature of risk and to determine the level of risk (based on the ISO Guide 73:2009) [2] [3]..
Level of risk is expressed in terms of the combination of consequences and their likelihood.
- Risk analysis provides the basis for Risk Evaluation and decisions about Risk Treatment.
- Risk analysis includes Risk Estimation.
See also
Notes
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines