Difference between revisions of "Risk Analysis"
Jump to navigation
Jump to search
(→National Definitions) |
(→National Definitions) |
||
| Line 9: | Line 9: | ||
=== National Definitions === | === National Definitions === | ||
| + | ==== Australia ==== | ||
| + | {{definition| Risk analysis is a systematic use of available information to determine how often specified [[event|events]] may occur and the magnitude of their likely [[Consequence|consequences]]. <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}}<br /> | ||
| + | |||
====Czech Republic==== | ====Czech Republic==== | ||
{{definition|Process of understanding the nature of risks and establishing a risk level. <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}} | {{definition|Process of understanding the nature of risks and establishing a risk level. <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}} | ||
<br /> | <br /> | ||
====United States==== | ====United States==== | ||
| − | {{definition|The process of identifying [[risk|risks]] to organizational operations (including mission, functions, image, or reputation), organizational [[assets]], individuals, other organizations, and the Nation, arising through the operation of an information system.<ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013]</ref>}}<br /> | + | {{definition|The process of identifying [[risk|risks]] to organizational operations (including mission, functions, image, or reputation), organizational [[Asset|assets]], individuals, other organizations, and the Nation, arising through the operation of an information system.<ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013]</ref>}}<br /> |
===Standard Definition=== | ===Standard Definition=== | ||
Revision as of 00:12, 24 May 2015
Contents
Definitions
European Definitions
Council Directive 2008/114/EC
The consideration of relevant threat scenarios, in order to assess the vulnerability and the potential impact of disruption or destruction of critical infrastructure [1].
National Definitions
Australia
Risk analysis is a systematic use of available information to determine how often specified events may occur and the magnitude of their likely consequences. [2]
Czech Republic
Process of understanding the nature of risks and establishing a risk level. [3]
United States
The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system.[4]
Standard Definition
ISO/IEC 27000:2014 and ISO 31000:2009
Process to comprehend the nature of risk and to determine the level of risk (based on the ISO Guide 73:2009) [5] [6]
Level of risk is expressed in terms of the combination of consequences and their likelihood.
- Risk analysis provides the basis for Risk Evaluation and decisions about Risk Treatment.
- Risk analysis includes Risk Estimation.
See also
Notes
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
