Difference between revisions of "Risk Analysis"
Line 30: | Line 30: | ||
==== [[Denmark]] ==== | ==== [[Denmark]] ==== | ||
− | {{definition|Risikoanalyse: overvejelse af relevante trusselsscenarier for at vurdere sårbarheden og de potentielle konsekvenser af, at kritisk infrastruktur afbrydes eller ødelægges. <ref>[https://www.retsinformation.dk/Forms/R0710.aspx?id=135381 Bekendtgørelse om identifikation og udpegning af europæisk kritisk infrastruktur på energiområdet og vurdering af behovet for bedre beskyttelse ([[EPCIP]]-direktivet)]</ref>}} | + | {{definition|Risikoanalyse: overvejelse af relevante trusselsscenarier for at vurdere sårbarheden og de potentielle konsekvenser af, at kritisk infrastruktur afbrydes eller ødelægges. <ref>[https://www.retsinformation.dk/Forms/R0710.aspx?id=135381 Bekendtgørelse om identifikation og udpegning af europæisk kritisk infrastruktur på energiområdet og vurdering af behovet for bedre beskyttelse ([[EPCIP]]-direktivet)]</ref>}}<br /> |
− | <br /> | + | |
==== [[Greece]] ==== | ==== [[Greece]] ==== | ||
{{definition|Ως «ανάλυση κινδύνων» νοείται η ανάλυση των σχετικών σεναρίων περί απειλών, προκειμένου να αξιολογηθούν τα τρωτά σημεία και οι δυνητικές επιπτώσεις της διακοπής λειτουργίας ή της καταστροφής υποδομών ζωτικής σημασίας.<ref>[http://www.kemea.gr/documents/pd39-2011.pdf Προεδρικό Διάταγμα 39/2011 της Ελληνικής Δημοκρατίας που αφορά την προσαρμογή της ελληνικής νομοθεσίας προς τις διατάξεις τις οδηγίας 2008/114/ΕΚ του Συμβουλίου της Ευρωπαϊκής Ένωσης.]</ref><br /><br />(equals EU definition) }}<br /><br /> | {{definition|Ως «ανάλυση κινδύνων» νοείται η ανάλυση των σχετικών σεναρίων περί απειλών, προκειμένου να αξιολογηθούν τα τρωτά σημεία και οι δυνητικές επιπτώσεις της διακοπής λειτουργίας ή της καταστροφής υποδομών ζωτικής σημασίας.<ref>[http://www.kemea.gr/documents/pd39-2011.pdf Προεδρικό Διάταγμα 39/2011 της Ελληνικής Δημοκρατίας που αφορά την προσαρμογή της ελληνικής νομοθεσίας προς τις διατάξεις τις οδηγίας 2008/114/ΕΚ του Συμβουλίου της Ευρωπαϊκής Ένωσης.]</ref><br /><br />(equals EU definition) }}<br /><br /> | ||
Line 37: | Line 37: | ||
====[[Finland]]==== | ====[[Finland]]==== | ||
{{definition|Riskianalyysi: toiminta, jossa tunnistetaan riskit ja arvioidaan vahinkotapahtuman todennäköisyys sekä odotettavissa olevat vahingot.<br/><br/>Risk analysis is the action for identifying [[risk]] and estimating the probability of a damaging [[event]] as well as anticipated [[damage|damages]]. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /> | {{definition|Riskianalyysi: toiminta, jossa tunnistetaan riskit ja arvioidaan vahinkotapahtuman todennäköisyys sekä odotettavissa olevat vahingot.<br/><br/>Risk analysis is the action for identifying [[risk]] and estimating the probability of a damaging [[event]] as well as anticipated [[damage|damages]]. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /> | ||
+ | |||
====[[India]]==== | ====[[India]]==== | ||
{{definition|Risk analysis is the process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /> | {{definition|Risk analysis is the process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /> | ||
+ | |||
+ | ==== [[Italy]] ==== | ||
+ | {{definition|Analisi dei rischi: valutazione della vulnerabilita' di una ICE rispetto alle diverse possibili minacce e prevedibili conseguenze del danneggiamento o distruzione della stessa, in termini di effetti negativi esterni e intrinseci. <ref>[http://gazzette.comune.jesi.an.it/2011/102/1.htm DECRETO LEGISLATIVO 11 aprile 2011 , n. 61 Attuazione della Direttiva 2008/114/CE recante l'individuazione e la designazione delle infrastrutture critiche europee e la valutazione della necessita' di migliorarne la protezione. (11G0101]</ref>}} | ||
+ | <br /> | ||
==== [[Luxembourg]] ==== | ==== [[Luxembourg]] ==== | ||
{{definition|Analyse de risques: examen des scénarios de menace pertinents destiné à évaluer les vulnerabilities [[Critical Infrastructure|d'infrastructures critiques]] et les [[Impact|impacts]] potentiels de leur arrêt ou destruction. <ref>[http://www.legilux.public.lu/rgl/2012/A/0449/A.pdf Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008 ]</ref>}} <br /> | {{definition|Analyse de risques: examen des scénarios de menace pertinents destiné à évaluer les vulnerabilities [[Critical Infrastructure|d'infrastructures critiques]] et les [[Impact|impacts]] potentiels de leur arrêt ou destruction. <ref>[http://www.legilux.public.lu/rgl/2012/A/0449/A.pdf Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008 ]</ref>}} <br /> | ||
+ | |||
==== [[Netherlands]]==== | ==== [[Netherlands]]==== | ||
{{definition|Risk analysis is a method which takes stock of the [[risk]], which [[risk]] factors are unacceptable, and which [[measure|measures]] can mitigate the risk.<br/><br/>Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref>}}<br /> | {{definition|Risk analysis is a method which takes stock of the [[risk]], which [[risk]] factors are unacceptable, and which [[measure|measures]] can mitigate the risk.<br/><br/>Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref>}}<br /> | ||
Line 88: | Line 94: | ||
[[Category:Risk]] | [[Category:Risk]] | ||
[[Category:Analysis]] | [[Category:Analysis]] | ||
− | {{#set:defined by=EU|defined by=ENISA|defined by=Australia|defined by=Brazil|defined by=Canada|defined by=Croatia|defined by=Czech Republic|defined by=Denmark|defined by=Greece|defined by=Finland|defined by=India|defined by=Luxembourg|defined by= Netherlands|defined by=Switzerland|defined by=United States|defined by=Uruguay|defined by=ISO|defined by=IETF|defined by=NIST}} | + | {{#set:defined by=EU|defined by=ENISA|defined by=Australia|defined by=Brazil|defined by=Canada|defined by=Croatia|defined by=Czech Republic|defined by=Denmark|defined by=Greece|defined by=Finland|defined by=India|defined by=Italy|defined by=Luxembourg|defined by= Netherlands|defined by=Switzerland|defined by=United States|defined by=Uruguay|defined by=ISO|defined by=IETF|defined by=NIST}} |
Revision as of 17:16, 28 September 2016
Contents
Definitions
European Definitions
Council Directive 2008/114/EC
ENISA
National Definitions
Australia
Brazil
Canada
Processus mis en œuvre pour comprendre la nature d’un risqué et pour déterminer son niveau. [7]
Croatia
Risk analysis indicates consideration of possible scenarios of threats to evaluate the vulnerability and the potential impact of disturbances in the critical infrastructure or its destruction.
Czech Republic
Process of understanding the nature of risks and establishing a risk level. [10]
Denmark
Greece
(equals EU definition)
Finland
Risk analysis is the action for identifying risk and estimating the probability of a damaging event as well as anticipated damages. -unofficial translation- [13]
India
Italy
Luxembourg
Netherlands
Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. [17]
Switzerland
Dazu gehört die Einschätzung der Höhe der Risiken, oft in Form einer Einstufung der betrachteten Szenarien bzgl. ihrer Eintrittswahrscheinlichkeit und Schadensausmasses.
Die Risikoanalyse befasst sich mit der Frage «was kann passieren?».
L’appréciation du niveau des risques, souvent sous forme d’une classification des scénarios considérés en function de leur [Probability|probabilité]] d’occurrence et de l’ampleur des dommages envisagés en fait partie. L’analyse des risques traite de la question «que peut-il arriver?».
Vi rientra la stima del livello dei rischi, spesso in forma di una classificazione degli scenari considerati in funzione della loro frequenza e dell’�entità dei danni. L'analisi dei rischi cerca di rispondere alla domanda «che cosa potrebbe succedere?».
United States
NIST
Uruguay
Standard Definition
IETF
ISO/IEC 27000:2014 and ISO 31000:2009
Level of risk is expressed in terms of the combination of consequences and their likelihood.
- Risk analysis provides the basis for Risk Evaluation and decisions about Risk Treatment.
- Risk analysis includes Risk Estimation.
See also
Notes
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ ENISA Risk Glossary
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Australia AS NZS 5050 (2010)
- ↑ REGULAMENTO SOBRE GESTÃO DE RISCO DAS REDES DE TELECOMUNICAÇÕES E USO DE SERVIÇOS DE TELECOMUNICAÇÕES EM SITUAÇÕES DE EMERGÊNCIA E DESASTRES (2012)
- ↑ Derived from ISO 31000:2009
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Zakon o kritičnim infrastrukturama (Critical infrastructure act), 2013, in Official Gazette, No 56/2013 (Croat.)
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ Bekendtgørelse om identifikation og udpegning af europæisk kritisk infrastruktur på energiområdet og vurdering af behovet for bedre beskyttelse (EPCIP-direktivet)
- ↑ Προεδρικό Διάταγμα 39/2011 της Ελληνικής Δημοκρατίας που αφορά την προσαρμογή της ελληνικής νομοθεσίας προς τις διατάξεις τις οδηγίας 2008/114/ΕΚ του Συμβουλίου της Ευρωπαϊκής Ένωσης.
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ DECRETO LEGISLATIVO 11 aprile 2011 , n. 61 Attuazione della Direttiva 2008/114/CE recante l'individuazione e la designazione delle infrastrutture critiche europee e la valutazione della necessita' di migliorarne la protezione. (11G0101
- ↑ Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ Leitfaden Schutz kritischer Infrastrukturen 2015 / Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
- ↑ Guide pour la protection des infrastructures critiques
- ↑ Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
- ↑ Glossary CERTuy
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines