Difference between revisions of "Risk Analysis"
(→Morocco) |
|||
Line 81: | Line 81: | ||
{{definition|Analiżi tar-riskju tfisser il-konsiderazzjoni ta’ xenarji ta’ theddid relevanti, sabiex tiġi valutata l-vulnerabbiltà u limpatt potenzjali ta’ interuzzjoni jew qerda ta’ infrastruttura kritika. <ref>[http://eur-lex.europa.eu/legal-content/MT/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | {{definition|Analiżi tar-riskju tfisser il-konsiderazzjoni ta’ xenarji ta’ theddid relevanti, sabiex tiġi valutata l-vulnerabbiltà u limpatt potenzjali ta’ interuzzjoni jew qerda ta’ infrastruttura kritika. <ref>[http://eur-lex.europa.eu/legal-content/MT/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
====[[Morocco]]==== | ====[[Morocco]]==== | ||
− | {{definition|Analyse des risques: Ensemble des activités coordonnées visant à diriger et piloter un organisme vis-à-vis du risque afin d’améliorer la sécurisation des SI, de justifier le budget alloué à la sécurisation du SI et prouver la crédibilité du système d’information à l’aide des analyses effectuées. <ref>[http://www.dgssi.gov.ma/dgssi_assets/user_upload/STRATEGIE_NATIONALE.pdf STRATEGIE NATIONALE EN MATIERE DE CYBERSECURITE, Morocco, 2011]</ref>}}<br /><br/> | + | {{definition|Analyse des risques: Ensemble des activités coordonnées visant à diriger et piloter un organisme vis-à-vis du risque afin d’améliorer la sécurisation des SI, de justifier le budget alloué à la sécurisation du SI et prouver la crédibilité du système d’information à l’aide des analyses effectuées. <ref>[http://www.dgssi.gov.ma/dgssi_assets/user_upload/STRATEGIE_NATIONALE.pdf STRATEGIE NATIONALE EN MATIERE DE CYBERSECURITE, Morocco, 2011]</ref><br/><br/>Risk analysis: A set of coordinated activities aimed at directing and managing an organization with regard to risk in order to improve the security of IS, to justify the budget allocated to securing the IS and to prove the credibility of the information system Using the analyzes performed.}}<br /><br/> |
==== [[Netherlands]]==== | ==== [[Netherlands]]==== |
Revision as of 20:56, 28 December 2016
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 European Project Definitions
- 1.3 National Definitions
- 1.3.1 Australia
- 1.3.2 Austria
- 1.3.3 Belgium
- 1.3.4 Brazil
- 1.3.5 Bulgaria
- 1.3.6 Canada
- 1.3.7 Croatia
- 1.3.8 Cyprus
- 1.3.9 Czech Republic
- 1.3.10 Denmark
- 1.3.11 Estonia
- 1.3.12 Finland
- 1.3.13 France
- 1.3.14 Germany
- 1.3.15 Greece
- 1.3.16 Hungary
- 1.3.17 India
- 1.3.18 Ireland
- 1.3.19 Italy
- 1.3.20 Latvia
- 1.3.21 Lithuania
- 1.3.22 Luxembourg
- 1.3.23 Malta
- 1.3.24 Morocco
- 1.3.25 Netherlands
- 1.3.26 Philippines
- 1.3.27 Poland
- 1.3.28 Portugal
- 1.3.29 Romania
- 1.3.30 Slovakia
- 1.3.31 Slovenia
- 1.3.32 Spain
- 1.3.33 Sweden
- 1.3.34 Switzerland
- 1.3.35 United Kingdom
- 1.3.36 United States
- 1.3.37 Uruguay
- 1.4 Standard Definition
- 2 See also
- 3 Notes
Definitions
European Definitions
Council Directive 2008/114/EC
ENISA
European Project Definitions
CIPRNet project
The CIPRNet project [3] uses the following definition:
National Definitions
Australia
Austria
Belgium
Brazil
Bulgaria
Canada
Processus mis en œuvre pour comprendre la nature d’un risqué et pour déterminer son niveau. [12]
Croatia
Risk analysis indicates consideration of possible scenarios of threats to evaluate the vulnerability and the potential impact of disturbances in the critical infrastructure or its destruction.
Cyprus
(equals EU definition)
Czech Republic
Process of understanding the nature of risks and establishing a risk level. [18]
Denmark
Estonia
Finland
Risk analysis is the action for identifying risk and estimating the probability of a damaging event as well as anticipated damages. -unofficial translation- [23]
France
Germany
Greece
(equals EU definition)
Hungary
India
Ireland
Italy
Latvia
Lithuania
Luxembourg
Malta
Morocco
Risk analysis: A set of coordinated activities aimed at directing and managing an organization with regard to risk in order to improve the security of IS, to justify the budget allocated to securing the IS and to prove the credibility of the information system Using the analyzes performed.
Netherlands
Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. [41]
Philippines
Poland
Portugal
Romania
Slovakia
Slovenia
Spain
Sweden
Switzerland
Dazu gehört die Einschätzung der Höhe der Risiken, oft in Form einer Einstufung der betrachteten Szenarien bzgl. ihrer Eintrittswahrscheinlichkeit und Schadensausmasses.
Die Risikoanalyse befasst sich mit der Frage «was kann passieren?».
L’appréciation du niveau des risques, souvent sous forme d’une classification des scénarios considérés en function de leur [Probability|probabilité]] d’occurrence et de l’ampleur des dommages envisagés en fait partie. L’analyse des risques traite de la question «que peut-il arriver?».
Vi rientra la stima del livello dei rischi, spesso in forma di una classificazione degli scenari considerati in funzione della loro frequenza e dell’�entità dei danni. L'analisi dei rischi cerca di rispondere alla domanda «che cosa potrebbe succedere?».
United Kingdom
United States
DHS
NIST
Uruguay
Standard Definition
IETF
ISO/IEC 27000:2014 and ISO 31000:2009
Level of risk is expressed in terms of the combination of consequences and their likelihood.
- Risk analysis provides the basis for Risk Evaluation and decisions about Risk Treatment.
- Risk analysis includes Risk Estimation.
See also
Notes
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ ENISA Risk Glossary
- ↑ http://www.ciprnet.eu/
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Australia AS NZS 5050 (2010)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ REGULAMENTO SOBRE GESTÃO DE RISCO DAS REDES DE TELECOMUNICAÇÕES E USO DE SERVIÇOS DE TELECOMUNICAÇÕES EM SITUAÇÕES DE EMERGÊNCIA E DESASTRES (2012)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Derived from ISO 31000:2009
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Zakon o kritičnim infrastrukturama (Critical infrastructure act), 2013, in Official Gazette, No 56/2013 (Croat.)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Προεδρικό Διάταγμα 39/2011 της Ελληνικής Δημοκρατίας που αφορά την προσαρμογή της ελληνικής νομοθεσίας προς τις διατάξεις τις οδηγίας 2008/114/ΕΚ του Συμβουλίου της Ευρωπαϊκής Ένωσης.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Bekendtgørelse om identifikation og udpegning af europæisk kritisk infrastruktur på energiområdet og vurdering af behovet for bedre beskyttelse (EPCIP-direktivet)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Methode für die Risikoanalyse im Bevölkerungsschutz
- ↑ Προεδρικό Διάταγμα 39/2011 της Ελληνικής Δημοκρατίας που αφορά την προσαρμογή της ελληνικής νομοθεσίας προς τις διατάξεις τις οδηγίας 2008/114/ΕΚ του Συμβουλίου της Ευρωπαϊκής Ένωσης.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ DECRETO LEGISLATIVO 11 aprile 2011 , n. 61 Attuazione della Direttiva 2008/114/CE recante l'individuazione e la designazione delle infrastrutture critiche europee e la valutazione della necessita' di migliorarne la protezione. (11G0101
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ STRATEGIE NATIONALE EN MATIERE DE CYBERSECURITE, Morocco, 2011
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Leitfaden Schutz kritischer Infrastrukturen 2015 / Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
- ↑ Guide pour la protection des infrastructures critiques
- ↑ Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
- ↑ Glossary CERTuy
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines