Difference between revisions of "Risk Analysis"
Jump to navigation
Jump to search
(→Czech Republic) |
|||
Line 1: | Line 1: | ||
==Definitions== | ==Definitions== | ||
=== European Definitions === | === European Definitions === | ||
− | ==== Council Directive 2008/114/EC ==== | + | ==== [[EU|Council Directive 2008/114/EC]] ==== |
{{definition|The consideration of relevant [[threat]] scenarios, in order to assess the [[vulnerability]] and the potential [[impact]] of [[disruption]] or [[destruction]] of [[Critical Infrastructure|critical infrastructure]]. <ref> [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}} | {{definition|The consideration of relevant [[threat]] scenarios, in order to assess the [[vulnerability]] and the potential [[impact]] of [[disruption]] or [[destruction]] of [[Critical Infrastructure|critical infrastructure]]. <ref> [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}} | ||
Line 9: | Line 9: | ||
=== National Definitions === | === National Definitions === | ||
− | ==== Australia ==== | + | ==== [[Australia]] ==== |
{{definition| Risk analysis is a systematic use of available information to determine how often specified [[event|events]] may occur and the magnitude of their likely [[Consequence|consequences]]. <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}}<br /> | {{definition| Risk analysis is a systematic use of available information to determine how often specified [[event|events]] may occur and the magnitude of their likely [[Consequence|consequences]]. <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}}<br /> | ||
{{definition|Process to comprehend the nature of risk and to determine the level of [[risk]]. <ref> [http://www.risknz.org.nz/files/3114/0868%2F4596%2F5050-2010.pdf Australia AS NZS 5050 (2010)]</ref>}}<br /> | {{definition|Process to comprehend the nature of risk and to determine the level of [[risk]]. <ref> [http://www.risknz.org.nz/files/3114/0868%2F4596%2F5050-2010.pdf Australia AS NZS 5050 (2010)]</ref>}}<br /> | ||
− | ==== Canada ==== | + | ==== [[Canada]] ==== |
{{definition|A process to comprehend the nature of a risk and to determine its level. <ref>Derived from ISO 31000:2009</ref><br /><br />Processus mis en œuvre pour comprendre la nature d’un risqué et pour déterminer son niveau. <ref name="canada">[http://www.bt-tb.tpsgc-pwgsc.gc.ca/publications/documents/urgence-emergency.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}} | {{definition|A process to comprehend the nature of a risk and to determine its level. <ref>Derived from ISO 31000:2009</ref><br /><br />Processus mis en œuvre pour comprendre la nature d’un risqué et pour déterminer son niveau. <ref name="canada">[http://www.bt-tb.tpsgc-pwgsc.gc.ca/publications/documents/urgence-emergency.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}} | ||
<br /> | <br /> | ||
− | ====Czech Republic==== | + | ====[[Czech Republic]]==== |
{{definition|Proces pochopení povahy rizika a stanovení úrovně rizika. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref><br/><br/>Process of understanding the nature of risks and establishing a risk level. <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}}<br /> | {{definition|Proces pochopení povahy rizika a stanovení úrovně rizika. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref><br/><br/>Process of understanding the nature of risks and establishing a risk level. <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}}<br /> | ||
− | ====Finland==== | + | ====[[Finland]]==== |
{{definition|Riskianalyysi: toiminta, jossa tunnistetaan riskit ja arvioidaan vahinkotapahtuman todennäköisyys sekä odotettavissa olevat vahingot.<br/><br/>Risk analysis is the action for identifying [[risk]] and estimating the probability of a damaging [[event]] as well as anticipated [[damage|damages]]. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /> | {{definition|Riskianalyysi: toiminta, jossa tunnistetaan riskit ja arvioidaan vahinkotapahtuman todennäköisyys sekä odotettavissa olevat vahingot.<br/><br/>Risk analysis is the action for identifying [[risk]] and estimating the probability of a damaging [[event]] as well as anticipated [[damage|damages]]. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /> | ||
− | ====India==== | + | ====[[India]]==== |
{{definition|Risk analysis is the process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /> | {{definition|Risk analysis is the process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /> | ||
− | ==== Luxembourg ==== | + | ==== [[Luxembourg]] ==== |
{{definition|Analyse de risques: examen des scénarios de menace pertinents destiné à évaluer les vulnerabilities [[Critical Infrastructure|d'infrastructures critiques]] et les [[Impact|impacts]] potentiels de leur arrêt ou destruction. <ref>[http://www.legilux.public.lu/rgl/2012/A/0449/A.pdf Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008 ]</ref>}} <br /> | {{definition|Analyse de risques: examen des scénarios de menace pertinents destiné à évaluer les vulnerabilities [[Critical Infrastructure|d'infrastructures critiques]] et les [[Impact|impacts]] potentiels de leur arrêt ou destruction. <ref>[http://www.legilux.public.lu/rgl/2012/A/0449/A.pdf Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008 ]</ref>}} <br /> | ||
− | ==== Netherlands==== | + | ==== [[Netherlands]]==== |
{{definition|Risk analysis is a method which takes stock of the [[risk]], which [[risk]] factors are unacceptable, and which [[measure|measures]] can mitigate the risk.<br/><br/>Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref>}}<br /> | {{definition|Risk analysis is a method which takes stock of the [[risk]], which [[risk]] factors are unacceptable, and which [[measure|measures]] can mitigate the risk.<br/><br/>Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref>}}<br /> | ||
− | ====United States==== | + | ====[[United States]]==== |
{{definition|The process of identifying [[risk|risks]] to organizational operations (including mission, functions, image, or reputation), organizational [[Asset|assets]], individuals, other organizations, and the Nation, arising through the operation of an information system. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013]</ref>}}<br /> | {{definition|The process of identifying [[risk|risks]] to organizational operations (including mission, functions, image, or reputation), organizational [[Asset|assets]], individuals, other organizations, and the Nation, arising through the operation of an information system. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013]</ref>}}<br /> | ||
===Standard Definition=== | ===Standard Definition=== | ||
− | ==== ISO/IEC 27000:2014 and ISO 31000:2009==== | + | ==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]]==== |
{{definition|Process to comprehend the nature of [[risk]] and to determine the level of risk (based on the ISO Guide 73:2009) <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>}} | {{definition|Process to comprehend the nature of [[risk]] and to determine the level of risk (based on the ISO Guide 73:2009) <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>}} | ||
<big>Level of risk is expressed in terms of the combination of [[consequence|consequences]] and their [[likelihood]]. | <big>Level of risk is expressed in terms of the combination of [[consequence|consequences]] and their [[likelihood]]. |
Revision as of 01:44, 19 July 2015
Contents
Definitions
European Definitions
Council Directive 2008/114/EC
The consideration of relevant threat scenarios, in order to assess the vulnerability and the potential impact of disruption or destruction of critical infrastructure. [1]
National Definitions
Australia
Risk analysis is a systematic use of available information to determine how often specified events may occur and the magnitude of their likely consequences. [2]
Canada
A process to comprehend the nature of a risk and to determine its level. [4]
Processus mis en œuvre pour comprendre la nature d’un risqué et pour déterminer son niveau. [5]
Processus mis en œuvre pour comprendre la nature d’un risqué et pour déterminer son niveau. [5]
Czech Republic
Proces pochopení povahy rizika a stanovení úrovně rizika. [6]
Process of understanding the nature of risks and establishing a risk level. [7]
Process of understanding the nature of risks and establishing a risk level. [7]
Finland
Riskianalyysi: toiminta, jossa tunnistetaan riskit ja arvioidaan vahinkotapahtuman todennäköisyys sekä odotettavissa olevat vahingot.
Risk analysis is the action for identifying risk and estimating the probability of a damaging event as well as anticipated damages. -unofficial translation- [8]
Risk analysis is the action for identifying risk and estimating the probability of a damaging event as well as anticipated damages. -unofficial translation- [8]
India
Risk analysis is the process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. [9]
Luxembourg
Analyse de risques: examen des scénarios de menace pertinents destiné à évaluer les vulnerabilities d'infrastructures critiques et les impacts potentiels de leur arrêt ou destruction. [10]
Netherlands
Risk analysis is a method which takes stock of the risk, which risk factors are unacceptable, and which measures can mitigate the risk.
Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. [11]
Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. [11]
United States
The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system. [12]
Standard Definition
ISO/IEC 27000:2014 and ISO 31000:2009
Process to comprehend the nature of risk and to determine the level of risk (based on the ISO Guide 73:2009) [13] [14]
Level of risk is expressed in terms of the combination of consequences and their likelihood.
- Risk analysis provides the basis for Risk Evaluation and decisions about Risk Treatment.
- Risk analysis includes Risk Estimation.
See also
Notes
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Australia AS NZS 5050 (2010)
- ↑ Derived from ISO 31000:2009
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines