Difference between revisions of "Risk Analysis"
(Created page with "==Definitions== === Official European Definition === The consideration of relevant threat scenarios, in order to assess the vulnerability and the potential impact ...") |
(→Belgium) |
||
(99 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
==Definitions== | ==Definitions== | ||
− | === | + | === European Definitions === |
− | + | ==== [[Council of Europe]] ==== | |
+ | {{definition|Risk analysis is the determination of the likelihood of an [[event]] ([[probability]]) and the [[Consequence|consequences]] of its occurrence ([[impact]]) for the purpose of comparing possible [[risk|risks]] and making [[Risk Management|risk management]] decisions. <ref>[http://www.europhras.org/Site/anderedokumente/GMLGR5L_6_12_07.pdf GLOSSAIRE MULTILINGUE DE LA GESTION DU RISQUE pour usagers francophones (2007)/European Centre of Technological Safety (TESEC) - TESEC-EUR-OPA 2001)]</ref>}}<br/> | ||
+ | ==== [[EU|Council Directive 2008/114/EC]] ==== | ||
+ | {{definition|The consideration of relevant [[threat]] scenarios, in order to assess the [[vulnerability]] and the potential [[impact]] of [[disruption]] or [[destruction]] of [[Critical Infrastructure|critical infrastructure]]. <ref> [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /> | ||
+ | ====[[ENISA]]==== | ||
+ | {{definition|Risk Analysis is the systematic use of information to identify sources and to estimate the [[risk]] (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/glossary ENISA Risk Glossary]</ref>}}<br /> | ||
+ | === European Project Definitions === | ||
+ | ==== CIPRNet project ==== | ||
+ | {{quote-ciprnet|Risk analysis is the process to comprehend the nature of risk and to determine the level of [[risk]].}}<br/> | ||
+ | |||
+ | <!--- | ||
=== Other International Definitions === | === Other International Definitions === | ||
+ | ---> | ||
=== National Definitions === | === National Definitions === | ||
− | < | + | ==== [[Argentina]] ==== |
+ | {{definition|Análisis de riesgo: Conjunto de acciones necesarias para describir y caracterizar las amenazas y las vulnerabilidades. <ref>[http://servicios.infoleg.gob.ar/infolegInternet/anexos/240000-244999/242082/norma.htm SUBSECRETARÍA DE PROTECCIÓN CIVIL Y ABORDAJE INTEGRAL DE EMERGENCIAS Y CATÁSTROFES (1/2015)]</ref>}}<br/><br/> | ||
+ | |||
+ | |||
+ | ==== [[Australia]] ==== | ||
+ | {{definition|Risk analysis is a systematic use of available information to determine how often specified [[event|events]] may occur and the magnitude of their likely [[Consequence|consequences]]. <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}}<br /> | ||
+ | |||
+ | {{definition|Process to comprehend the nature of risk and to determine the level of [[risk]]. <ref> [http://www.risknz.org.nz/files/3114/0868%2F4596%2F5050-2010.pdf Australia AS NZS 5050 (2010)]</ref>}}<br /> | ||
+ | ==== [[Austria]] ==== | ||
+ | {{definition|Risikoanalyse die Prüfung relevanter Bedrohungsszenarien, um die Schwachstellen und mögliche Auswirkungen einer Störung oder Zerstörung kritischer Infrastrukturen zu bewerten. <ref> [http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[Belgium]] ==== | ||
+ | {{definition|Risicoanalyse: bestudering van relevante dreigingsscenario’s om de kwetsbaarheid en de mogelijke gevolgen van de verstoring of vernietiging van kritieke infrastructuur te beoordelen. <ref>[http://eur-lex.europa.eu/legal-content/NL/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref><br/><br/>Analyse de risques: examen des scénarios de menace pertinents destiné à évaluer les vulnérabilités [[Critical Infrastructure|d’infrastructures critiques]] et les impacts potentiels de leur arrêt ou destruction. <ref>[http://eur-lex.europa.eu/legal-content/FR/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref><br/><br/>Risikoanalyse die Prüfung relevanter Bedrohungsszenarien, um die Schwachstellen und mögliche Auswirkungen einer Störung oder Zerstörung [[Critical Infrastructure|kritischer Infrastrukturen]] zu bewerten. <ref> [http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Bosnia and Herzegovina]] ==== | ||
+ | {{definition|Analiza rizika je proces razumijevanja prirode rizika i utvrđivanja nivoa rizika. (ISO 31010) <ref>[http://www.msb.gov.ba/PDF/EU_SMJERNICE_ZA_PRCJENU_RIZIKA21122015.pdf RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Brazil]] ==== | ||
+ | {{definition|Análise de riscos: análise e avaliação das vulnerabilidades das redes e dos sistemas que suportam a oferta de serviços, fundamentadas na hierarquização dos elementos necessários à prestação dos serviços. <ref>[http://www.itu.int/en/ITU-D/Cybersecurity/Documents/National_Strategies_Repository/Brazil_2012_Orig.pdf REGULAMENTO SOBRE GESTÃO DE RISCO DAS REDES DE TELECOMUNICAÇÕES E USO DE SERVIÇOS DE TELECOMUNICAÇÕES EM SITUAÇÕES DE EMERGÊNCIA E DESASTRES (2012)]</ref>}}<br /> | ||
+ | {{definition|Análise de riscos: Identificação e avaliação tanto dos tipos de ameaça como dos elementos em risco, dentro de um determinado sistema ou região geográfica definida. <ref>[http://www.bombeiros.go.gov.br/wp-content/uploads/2012/06/16-Glosssario-de-Defesa-Civil-Estudo-de-Risco-e-Medicina-de-Desastres.pdf GLOSSÁRIO DE DEFESA CIVIL ESTUDOS DE RISCOS E MEDICINA DE DESASTRES, Ministério da Integração Nacional, Brazil]</ref>}}<br /><br/> | ||
+ | |||
+ | ==== [[Bulgaria]] ==== | ||
+ | {{definition|анализ на риска означава отчитане на съответните сценарии за действие при различни заплахи, с цел да се направи оценка на уязвимостта и на потенциалните последици от наруша¬ ването или унищожаването на критична инфраструктура. <ref> [http://eur-lex.europa.eu/legal-content/BG/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | |||
+ | ==== [[Canada]] ==== | ||
+ | {{definition|A process to comprehend the nature of a risk and to determine its level. <ref>Derived from ISO 31000:2009</ref><br /><br />Processus mis en œuvre pour comprendre la nature d’un risqué et pour déterminer son niveau. <ref name="canada">[http://publications.gc.ca/collections/collection_2012/tpsgc-pwgsc/S52-2-281-2012.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}}<br/><br/> | ||
+ | ==== [[Colombia]] ==== | ||
+ | {{definition|Análisis de Riesgos: El análisis de riesgos establece una valoración y una priorización de los riesgos, determina el impacto y la probabilidad del riesgo. Dependiendo de la información disponible pueden emplearse desde modelos de simulación, hasta técnicas colaborativas. <ref>[https://www.policia.gov.co/glosario Glosario Policia Colombia]</ref>}}<br /><br/> | ||
+ | ==== [[Croatia]] ==== | ||
+ | {{definition|Analiza rizika označava razmatranje mogućih scenarija prijetnji kako bi se ocijenile ranjivosti i mogući učinak poremećaja u radu kritične infrastrukture ili njezina uništenja. <ref>[http://www.zakon.hr/z/591/Zakon-o-kriti%C4%8Dnim-infrastrukturama Zakon o kritičnim infrastrukturama (Critical infrastructure act), 2013, in Official Gazette, No 56/2013 (Croat.)]</ref><br><br>Risk analysis indicates consideration of possible scenarios of [[Threat|threats]] to evaluate the [[vulnerability]] and the potential [[impact]] of disturbances in the critical infrastructure or its destruction.}}<br /><br /> | ||
+ | {{definition|Analiza rizika znači razmatranje odgovarajućih scenarija opasnosti kako bi se ocijenile slabosti i mogući učinak poremećaja u radu ili uništenja [[Critical Infrastructure|kritične infrastrukture]]. <ref> [http://eur-lex.europa.eu/legal-content/HR/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[Cyprus]] ==== | ||
+ | {{definition|Ως «ανάλυση κινδύνων» νοείται η ανάλυση των σχετικών σεναρίων περί απειλών, προκειμένου να αξιολογηθούν τα τρωτά σημεία και οι δυνητικές επιπτώσεις της διακοπής λειτουργίας ή της καταστροφής υποδομών ζωτικής σημασίας.<ref> [http://eur-lex.europa.eu/legal-content/EL/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref><br /><br />(equals EU definition) }}<br /><br /> | ||
+ | |||
+ | ====[[Czech Republic]]==== | ||
+ | {{definition|Analýza rizik: Proces pochopení povahy rizika a stanovení úrovně rizika. <ref name=CZglos>[https://www.govcert.cz/download/slovnik/vykladovy_slovnik_KB_2_vydani.pdf]</ref><br/><br/>Risk analysis: Process of understanding the nature of risks and establishing a risk level. <ref name=CZglos>[https://www.govcert.cz/download/slovnik/vykladovy_slovnik_KB_2_vydani.pdf]</ref>}} | ||
+ | <br /> | ||
+ | |||
+ | {{definition|Proces pochopení povahy rizika a stanovení úrovně rizika. <ref>[http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)]</ref><br/><br/>Process of understanding the nature of risks and establishing a risk level. <ref>[http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}}<br /><br/> | ||
+ | {{definition|Analýzou rizik zvážení relevantních scénářů hrozeb s cílem posoudit zranitelnost a možný dopad narušení nebo zničení [[Critical Infrastructure|kritické infrastruktury]]. <ref>[http://eur-lex.europa.eu/legal-content/CS/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | |||
+ | ==== [[Denmark]] ==== | ||
+ | {{definition|Risikoanalyse: overvejelse af relevante trusselsscenarier for at vurdere sårbarheden og de potentielle konsekvenser af, at kritisk infrastruktur afbrydes eller ødelægges. <ref>[https://www.retsinformation.dk/Forms/R0710.aspx?id=135381 Bekendtgørelse om identifikation og udpegning af europæisk kritisk infrastruktur på energiområdet og vurdering af behovet for bedre beskyttelse ([[EPCIP]]-direktivet)]</ref> <ref>[http://eur-lex.europa.eu/legal-content/DA/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /> | ||
+ | {{definition|Risikoanalysen fastlægger, hvad det kræver for redningsberedskabet at håndtere de identificerede risici gennem to trin, scenarieanalyse og kapacitetsanalyse. <ref>HÅNDBOG I RISIKOBASERET DIMENSIONERING, Beredskabsstyrelsen, Denmark (2004)</ref>}}<br /><br/> | ||
+ | |||
+ | ==== [[El Salvador]] ==== | ||
+ | {{definition|Análisis de riesgo: En su forma más simple es el postulado de que el riesgo es el resultado de relacionar la amenaza y la vulnerabilidad de los elementos expuestos, con el fin de determinar los posibles efectos y consecuencias sociales, económicas y ambientales asociadas a uno o varios fenómenos peligrosos. Cambios en uno o más de estos parámetros modifican el riesgo en sí mismo, es decir, el total de pérdidas esperadas y consecuencias en un área determinada. <ref>[http://www.marn.gob.sv/glosario-de-riesgo/ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador]</ref>}}<br/><br/> | ||
+ | ==== [[Estonia]] ==== | ||
+ | {{definition|Riskianalüüs” – asjakohaste ohustsenaariumitega arvestamine, eesmärgiga hinnata haavatavust ning elutähtsate [[Critical Infrastructure|infrastruktuuride kahjustada]] saamise või hävimise võimalikku mõju. <ref>[http://eur-lex.europa.eu/legal-content/ET/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[Finland]] ==== | ||
+ | {{definition|Riskianalyysi: toiminta, jossa tunnistetaan riskit ja arvioidaan vahinkotapahtuman todennäköisyys sekä odotettavissa olevat vahingot.<br/><br/>Risk analysis is the action for identifying [[risk]] and estimating the probability of a damaging [[event]] as well as anticipated [[damage|damages]]. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /> | ||
+ | |||
+ | {{definition|Riskianalyysillä asiaa koskevien uhkakuvien tarkastelua elintärkeän infrastruktuurin haavoittuvuuden ja sen vahingoittumisen tai tuhoutumisen mahdollisten seurausten arvioimiseksi. <ref>[http://eur-lex.europa.eu/legal-content/FI/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[France]] ==== | ||
+ | {{definition|Analyse de risques: examen des scénarios de menace pertinents destiné à évaluer les vulnérabilités d’infrastructures critiques et les impacts potentiels de leur arrêt ou destruction. <ref>[http://eur-lex.europa.eu/legal-content/FR/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[Gambia]] ==== | ||
+ | {{definition|Risk analysis: Process to comprehend the nature of risk and to determine the level of risk. <ref>[http://www.moici.gov.gm/sites/default/files/2019-09/20160726%20Gambia%20Strategy%20-%20Cybersecurity%20Strategy_final_with_Gambia_cover_page.pdf THE GAMBIA NATIONAL CYBERSECURITY STRATEGY (2019)]</ref>}}Risk analysis includes [[Risk Estimation|risk estimation]]. <br /><br/> | ||
+ | ==== [[Germany]] ==== | ||
+ | {{definition|Risikoanalyse die Prüfung relevanter Bedrohungsszenarien, um die Schwachstellen und mögliche Auswirkungen einer Störung oder Zerstörung [[Critical Infrastructure|kritischer Infrastrukturen]] zu bewerten. <ref> [http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /> | ||
+ | {{definition|Risikoanalyse ist die systematisches Verfahren zur Bestimmung der Eintrittswahr scheinlichkeit eines bestimmten Schadens an einem Schutzgut unter Berücksichtigung des potentiellen Schadensausmaßes. <ref>[http://www.bbk.bund.de/SharedDocs/Downloads/BBK/DE/Publikationen/Wissenschaftsforum/Bd8_Methode-Risikoanalyse-BS.pdf Methode für die Risikoanalyse im Bevölkerungsschutz]</ref>}}<br /> | ||
+ | {{definition|Risikoanalyse: Hierunter ist ein systematisches Verfahren zur Bestimmung des Risikos zur verstehen. <ref>[http://www.bbk.bund.de/DE/Servicefunktionen/Glossar/_function/glossar.html?lv2=4968156&lv3=6222934 Glossar, Das Bundesamt für Bevölkerungsschutz und Katastrophenhilfe (BBK)]</ref>}}<br/> | ||
+ | {{definition|Risikoanalyse ist der komplette Prozess um Risiken zu beurteilen (identifizieren, einschätzen und bewerten) sowie zu behandeln. <ref>[https://www.bsi.bund.de/DE/Themen/Cyber-Sicherheit/Empfehlungen/cyberglossar/Functions/glossar.html?cms_lv2=9817306 BSI Glossary]</ref>}} <br /><br/> | ||
+ | |||
+ | ==== [[Greece]] ==== | ||
+ | {{definition|Ως «ανάλυση κινδύνων» νοείται η ανάλυση των σχετικών σεναρίων περί απειλών, προκειμένου να αξιολογηθούν τα τρωτά σημεία και οι δυνητικές επιπτώσεις της διακοπής λειτουργίας ή της καταστροφής υποδομών ζωτικής σημασίας.<ref>[http://www.kemea.gr/documents/pd39-2011.pdf Προεδρικό Διάταγμα 39/2011 της Ελληνικής Δημοκρατίας που αφορά την προσαρμογή της ελληνικής νομοθεσίας προς τις διατάξεις τις οδηγίας 2008/114/ΕΚ του Συμβουλίου της Ευρωπαϊκής Ένωσης.]</ref> <ref> [http://eur-lex.europa.eu/legal-content/EL/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref><br /><br />(equals EU definition) }}<br /><br /> | ||
+ | |||
+ | ==== [[Hungary]] ==== | ||
+ | {{definition|Kockázatelemzés: a vonatkozó fenyegetettségi forgató¬ könyvek vizsgálata a kritikus infrastruktúrák sebezhetősé¬ gének, valamint a megzavarásuk vagy megsemmisítésük által okozott potenciális hatásnak az értékelése céljából. <ref> [http://eur-lex.europa.eu/legal-content/HU/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | |||
+ | ====[[India]]==== | ||
+ | {{definition|Risk analysis is the process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /><br/> | ||
+ | |||
+ | ==== [[Ireland]] ==== | ||
+ | {{definition|Risk analysis means consideration of relevant threat scenarios, in order to assess the [[vulnerability]] and the potential [[impact]] of [[disruption]] or [[destruction]] of [[Critical Infrastructure|critical infrastructure]]. <ref> [http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Italy]] ==== | ||
+ | {{definition|Analisi dei rischi: valutazione della vulnerabilita' di una ICE rispetto alle diverse possibili minacce e prevedibili conseguenze del danneggiamento o distruzione della stessa, in termini di effetti negativi esterni e intrinseci. <ref>[http://gazzette.comune.jesi.an.it/2011/102/1.htm DECRETO LEGISLATIVO 11 aprile 2011 , n. 61 Attuazione della Direttiva 2008/114/CE recante l'individuazione e la designazione delle infrastrutture critiche europee e la valutazione della necessita' di migliorarne la protezione. (11G0101]</ref> <ref> [http://eur-lex.europa.eu/legal-content/IT/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[Latvia]] ==== | ||
+ | {{definition|Apdraudējumu analīze ir apsvērumi par attiecīgiem apdraudējuma scenārijiem, lai izvērtētu neaizsargātības pakāpi un ietekmi, ko varētu radīt kritiskās infrastruktūras darbības traucējumi vai tās iznīcināšana. <ref>[http://eur-lex.europa.eu/legal-content/LV/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[Lithuania]] ==== | ||
+ | {{definition|Rizikos analizė – atitinkamų grėsmės scenarijų nagrinėjimas, siekiant įvertinti ypatingos svarbos infrastruktūros objekto pažeidžiamumą ir veikimo sutrikdymo arba sunaikinimo galimą poveikj. <ref>[http://eur-lex.europa.eu/legal-content/LT/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[Luxembourg]] ==== | ||
+ | {{definition|Analyse de risques: examen des scénarios de menace pertinents destiné à évaluer les vulnerabilities [[Critical Infrastructure|d'infrastructures critiques]] et les [[Impact|impacts]] potentiels de leur arrêt ou destruction. <ref>[http://www.legilux.public.lu/rgl/2012/A/0449/A.pdf Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008 ]</ref> <ref>[http://eur-lex.europa.eu/legal-content/FR/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}} <br /> | ||
+ | ==== [[Malta]] ==== | ||
+ | {{definition|Analiżi tar-riskju tfisser il-konsiderazzjoni ta’ xenarji ta’ theddid relevanti, sabiex tiġi valutata l-vulnerabbiltà u limpatt potenzjali ta’ interuzzjoni jew qerda ta’ infrastruttura kritika. <ref>[http://eur-lex.europa.eu/legal-content/MT/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ====[[Mexico]]==== | ||
+ | {{definition|Análisis (Evaluación) Del Riesgo: En su forma más simple, es el postulado de que el riesgo resulta de relacionar la amenaza y la vulnerabilidad de los elementos expuestos, con el fin de determinar los posibles efectos y consecuencias sociales, económicas y ambientales asociadas a uno o varios fenómenos peligrosos en un territorio y con referencia a grupos o unidades sociales y económicas particulares. <ref>[http://www.atlasnacionalderiesgos.gob.mx/apps/IGOPP/glosario.php El Glosario Centro Nacional de prevencion de desastres (CENAPRED)]</ref>}}Cambios en uno o más de estos parámetros modifican el riesgo en sí mismo, es decir, el total de pérdidas esperadas y las consecuencias en un área determinada. <br/><br/> | ||
+ | |||
+ | |||
+ | ====[[Morocco]]==== | ||
+ | {{definition|Analyse des risques: Ensemble des activités coordonnées visant à diriger et piloter un organisme vis-à-vis du risque afin d’améliorer la sécurisation des SI, de justifier le budget alloué à la sécurisation du SI et prouver la crédibilité du système d’information à l’aide des analyses effectuées. <ref>[http://www.dgssi.gov.ma/dgssi_assets/user_upload/STRATEGIE_NATIONALE.pdf STRATEGIE NATIONALE EN MATIERE DE CYBERSECURITE, Morocco, 2011]</ref><br/><br/>Risk analysis: A set of coordinated activities aimed at directing and managing an organization with regard to risk in order to improve the security of IS, to justify the budget allocated to securing the IS and to prove the credibility of the information system Using the analyzes performed.}}<br /> | ||
+ | {{definition|Analyse des risques: Utilisation systématique d’informations pour identifier les sources et pour estimer le risque. <ref>[http://www.dgssi.gov.ma/uploads/media/DIRECTIVE_NATIONALE_DE_LA_SECURITE_DES_SYSTEMES_D_INFORMATION.pdf DIRECTIVE NATIONALE DE LA SECURITE DES SYSTEMES D'INFORMATION, Marocco 2013]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Netherlands]]==== | ||
+ | {{definition|Risk analysis is a method which takes stock of the [[risk]], which [[risk]] factors are unacceptable, and which [[measure|measures]] can mitigate the risk.<br/><br/>Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref>}}<br /> | ||
+ | {{definition|Risicoanalyse: bestudering van relevante dreigingsscenario’s om de kwetsbaarheid en de mogelijke gevolgen van de verstoring of vernietiging van kritieke infrastructuur te beoordelen. <ref>[http://eur-lex.europa.eu/legal-content/NL/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}} <br /> | ||
+ | |||
+ | {{definition|[Dutch] Risicoanalyse is het proces van begrijpen en duiden van het risico en het vaststellen van de [[Risk|risico’s]] en de zwaarte daarvan. <ref>[https://www.brandweer.nl/publish/pages/risico_beoordeling_16_0_bhm_2015.pdf Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015]</ref>}}<br /><br/> | ||
+ | {{definition|[HEALTH sector]<br/>Risicoanalyse: Een proces dat bestaat uit drie componenten: risicoschatting, risicomanagement of manipulatie en risicocommunicatie. <br/><br/>Risk analysis: A process consisting of three components: Risk assessment, risk management and risk communication). <ref>[https://www.medischcontact.nl/web/file?uuid=56770c4f-4440-4b02-b568-177eb7b1ab9f&owner=1e836119-cfd1-4e33-a731-da3efbb2a701&contentid=23865 Patiëntveiligheid Definitielijst (2005)]</ref>}}<br/> | ||
+ | |||
+ | {{definition|Risicoanalyse: Een weging van de kansen en gevolgen van een ongewenste gebeurtenis. <ref>[https://kennisopenbaarbestuur.nl/media/53867/handreiking-cybercrime.pdf Handreiking Cybercrime (2012)]</ref>}}Het leidt tot inzicht in de ernst en waarschijnlijkheid van die gebeurtenis en in de weerbaarheid van een organisatie tegen bedreigingen van vastgestelde belangen en uitval en verstoringen van vitale processen. Die weerbaarheid wordt afgemeten aan de maatregelen die zijn genomen om de kans op verstoring te verminderen en de gevolgen beheersbaar te maken.<br/><br/> | ||
+ | |||
+ | ==== [[Peru]] ==== | ||
+ | {{definition|Análisis de Riesgos: Procedimiento técnico, que permite identificar y caracterizar los peligros, analizar las vulnerabilidades, calcular, controlar, manejar y comunicar los riesgos, para lograr un desarrollo sostenido mediante una adecuada toma de decisiones en la Gestión del Riesgo de Desastres. <ref>[http://dimse.cenepred.gob.pe/simse/cenepred/docs/glosario-terminos-grd-cenepred.pdf El Centro Nacional de Estimación, Prevención y Reducción del Riesgo de Desastres - CENEPRED, Glosario de Términos, Peru]</ref>}}El Análisis de Riesgo facilita la determinación del nivel del riesgo y la toma de decisiones.<br/><br/> | ||
+ | ==== [[Philippines]] ==== | ||
+ | {{definition|Risk Analysis – Is the process of identifying the risks to system security and determining the likelihood of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/><br/> | ||
+ | ==== [[Poland]] ==== | ||
+ | {{definition|Analiza ryzyka oznacza uwzględnianie stosownych metod postępowania w przypadku zaistnienia zagrożeń, aby ocenić słabe punkty i potencjalne skutki zakłócenia lub zniszczenia infrastruktury krytycznej. <ref>[http://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[Portugal]] ==== | ||
+ | {{definition|Análise de risco, a ponderação dos cenários de ameaça relevantes, a fim de avaliar a vulnerabilidade e o potencial impacto da perturbação ou destruição de uma infra-estrutura crítica. <ref>[http://eur-lex.europa.eu/legal-content/PT/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[Romania]] ==== | ||
+ | {{definition|Analiză de risc înseamnă analizarea scenariilor de amenințări semnificative, pentru a evalua vulnerabilitatea și impactul potențial al perturbării sau al distrugerii infrastructurii critice. <ref>[http://eur-lex.europa.eu/legal-content/RO/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[Slovakia]] ==== | ||
+ | {{definition|Analýza rizík je zváženie relevantných scenárov hrozieb s cieľom posúdiť zraniteľné miesta a potenciálny vplyv naru¬ šenia alebo zničenia kritickej infraštruktúry. <ref> [http://eur-lex.europa.eu/legal-content/SK/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /> | ||
+ | {{definition|Analýza rizík: Proces podrobnej identifikácie rizík, určovania ich zdrojov a veľkosti, skúmania ich vzájomných vzťahov a predpovedania rozsahu negatívneho vplyvu na systém v prípade vzniku krízovej situácie. <ref>[http://archiv.vlada.gov.sk/old.uv/data/files/2365.doc BEZPEČNOSTNÁ RADA SLOVENSKEJ REPUBLIKY]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Slovenia]] ==== | ||
+ | {{definition|Analiza tveganja pomeni obravnavo ustreznih scenarijev nevarnosti, da se ocenijo šibke točke in morebitne posledice okvare ali uničenja kritične infrastrukture. <ref> [http://eur-lex.europa.eu/legal-content/SL/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | ==== [[Spain]] ==== | ||
+ | {{definition|Análisis de riesgos, el estudio de hipótesis de amenazas posibles, para evaluar las vulnerabilidades y las posibles repercusiones de la perturbación o destrucción de [[Critical Infrastructure|infraestructuras críticas]]. <ref> [http://eur-lex.europa.eu/legal-content/ES/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br/> | ||
+ | {{definition|Análisis de riesgos: el estudio de las hipótesis de amenazas posibles necesario para determinar y evaluar las vulnerabilidades existentes en los diferentes sectores estratégicos y las posibles repercusiones de la perturbación o destrucción de las infraestructuras que le dan apoyo. <ref>[http://www.cnpic.es/Biblioteca/Legislacion/Generico/Ley_8-2011_PIC.pdf 7630 Ley 8/2011, de 28 de abril, por la que se establecen medidas para la protección de las infraestructuras críticas.]</ref>}}<br /><br /> | ||
+ | |||
+ | ==== [[Sweden]] ==== | ||
+ | {{definition|Riskanalys: övervägande av relevanta hotbilder, för att bedöma sårbarhet och potentiella konsekvenser av driftsstörning eller förstörelse av [[Critical Infrastructure|kritisk infrastruktur]]. <ref> [http://eur-lex.europa.eu/legal-content/SV/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | |||
+ | ==== [[Switzerland]]==== | ||
+ | {{definition|Die Risikoanalyse erfasst und beschreibt systematisch die [[Risk|Risiken]] in einem betrachteten System. <ref>[http://www.bevoelkerungsschutz.admin.ch/internet/bs/de/home/themen/ski/leitfaden.parsysrelated1.85483.DownloadFile.tmp/leitfadenski2015de.pdf Leitfaden Schutz kritischer Infrastrukturen 2015 / Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013]</ref>}} | ||
+ | Dazu gehört die Einschätzung der Höhe der [[Risk|Risiken]], oft in Form einer Einstufung der betrachteten Szenarien bzgl. ihrer [[Probability|Eintrittswahrscheinlichkeit]] und [[Impact|Schadensausmasses]]. | ||
+ | Die Risikoanalyse befasst sich mit der Frage «was kann passieren?».<br/> | ||
+ | {{definition|L’analyse des risques recense et décrit de manière systématique les [[risk|risques]] dans un système donné. <ref>[http://www.bevoelkerungsschutz.admin.ch/internet/bs/fr/home/themen/ski/aktuell.parsys.56506.DownloadFile.tmp/leitfadenski2015fr.pdf Guide pour la protection des infrastructures critiques]</ref>}} | ||
+ | L’appréciation du niveau des [[Risk|risques]], souvent sous forme d’une classification des scénarios considérés en function de leur [Probability|probabilité]] d’occurrence et de l’ampleur des dommages envisagés en fait partie. L’analyse des risques traite de la question «que peut-il arriver?». | ||
+ | <br/> | ||
+ | {{definition|L'analisi dei rischi rileva e descrive sistematicamente i [[Risk|rischi]] in un determinato sistema. <ref>[http://www.bevoelkerungsschutz.admin.ch/internet/bs/it/home/themen/gefaehrdungen-risiken.parsysrelated1.49227.downloadList.52339.DownloadFile.tmp/20130422glossarit.pdf Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013]</ref>}} | ||
+ | Vi rientra la stima del livello dei [[Risk|rischi]], spesso in forma di una classificazione degli scenari considerati in funzione della loro frequenza e dell’entità dei danni. L'analisi dei rischi cerca di rispondere alla domanda «che cosa potrebbe succedere?».<br/><br/> | ||
+ | ==== [[United Kingdom]] ==== | ||
+ | {{definition|Risk analysis means consideration of relevant threat scenarios, in order to assess the [[vulnerability]] and the potential [[impact]] of [[disruption]] or [[destruction]] of [[Critical Infrastructure|critical infrastructure]]. <ref> [http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32008L0114&from=EN Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.]</ref>}}<br /><br /> | ||
+ | |||
+ | ====[[United States]]==== | ||
+ | ===== [[DHS]] ===== | ||
+ | {{definition|Risk Analysis is the systematic examination of the components and characteristics of risk. <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}}<br /> | ||
+ | =====[[NIST]]===== | ||
+ | {{definition|The process of identifying [[risk|risks]] to organizational operations (including mission, functions, image, or reputation), organizational [[Asset|assets]], individuals, other organizations, and the Nation, arising through the operation of an information system. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Uruguay]]==== | ||
+ | {{definition|Análisis de riesgo: Método cualitativo o cuantitativo para la evaluación del impacto del [[Risk|riesgo]] en la toma de decisiones. <ref>[https://www.cert.uy/inicio/sobre_seguridad/glosario/ Glossary CERTuy]</ref>}}<br/><br/> | ||
===Standard Definition=== | ===Standard Definition=== | ||
+ | ====[[IETF]]==== | ||
+ | {{definition|An assessment process that systematically (a) identifies valuable system resources and [[Threat|threats]] to those resources, (b) quantifies loss [[Exposure|exposures]] (i.e., loss potential) based on estimated frequencies and costs of occurrence, and (c) (optionally) recommends how to allocate available resources to [[Countermeasure|countermeasures]] so as to minimize total exposure. <ref name="IETFrefs">[https://tools.ietf.org/html/rfc4949 IETF RFC449 Internet Security Glossary 2]</ref>}}<br /> | ||
+ | |||
+ | ==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]]==== | ||
+ | {{definition|Process to comprehend the nature of [[risk]] and to determine the level of risk (based on the ISO Guide 73:2009) <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>}} | ||
+ | <big>Level of risk is expressed in terms of the combination of [[consequence|consequences]] and their [[likelihood]]. | ||
+ | * Risk analysis provides the basis for [[Risk Evaluation]] and decisions about [[Risk Treatment]]. | ||
+ | * Risk analysis includes [[Risk Estimation]].</big> | ||
+ | <br /> | ||
+ | === [[Dictionary]]=== | ||
+ | {{definition|Risicoanalyse: Methode om inzicht te krijgen in de risico's die je loopt. De onderzoeker kijkt daarbij onder andere naar het volgende:- hoe groot is de kans dat iets gebeurt? - hoe groot zijn de gevolgen als dat gebeurt? <ref>[https://www.cybersecurityalliantie.nl/ecp_images/2021/12/Cybersecurity-Woordenboek-2021_ZonderSpreads.pdf Cybersecurity Woordenboek 2021]</ref>}}<br/><br/> | ||
+ | {{#set:defined by=Dictionary}} | ||
==See also== | ==See also== | ||
* [[Risk]] | * [[Risk]] | ||
+ | * [[Risk Estimation]] | ||
+ | * [[Risk Evaluation]] | ||
+ | * [[Risk Treatment]] | ||
+ | |||
==Notes== | ==Notes== | ||
+ | |||
+ | ==References== | ||
<references /> | <references /> | ||
− | |||
− | |||
− | |||
− | [[Category: | + | [[Category:Risk]][[Category:Analysis]][[Category:CIPRNet-Glossary]] |
+ | {{#set:defined by=Council of Europe|defined by=EU|defined by=ENISA|defined by=Argentina|defined by=Australia|defined by=Brazil|defined by=Canada|defined by=Austria|defined by=Bosnia and Herzegovina|defined by=Belgium|defined by=Bulgaria|defined by=Colombia|defined by=Croatia|defined by=Cyprus|defined by=Czech Republic|defined by=Denmark|defined by=El Salvador|defined by=Estonia|defined by=Finland|defined by=France|defined by=Gambia|defined by=Germany|defined by=Greece|defined by=Hungary|defined by=Ireland|defined by=Italy|defined by=Latvia|defined by= Lithuania|defined by=Luxembourg|defined by=Malta|defined by=Mexico|defined by=Morocco|defined by=Netherlands|defined by=Peru|defined by=Philippines|defined by=Poland|defined by=Portugal|defined by=Romania|defined by=Slovakia|defined by=Slovenia|defined by=Spain|defined by=Sweden|defined by=United Kingdom|defined by=India|defined by=United States|defined by=Uruguay|defined by=ISO|defined by=IETF|defined by=NIST|defined by=EU-project}} | ||
+ | {{#set: Showmainpage=Yes}} |
Latest revision as of 00:55, 16 March 2023
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 European Project Definitions
- 1.3 National Definitions
- 1.3.1 Argentina
- 1.3.2 Australia
- 1.3.3 Austria
- 1.3.4 Belgium
- 1.3.5 Bosnia and Herzegovina
- 1.3.6 Brazil
- 1.3.7 Bulgaria
- 1.3.8 Canada
- 1.3.9 Colombia
- 1.3.10 Croatia
- 1.3.11 Cyprus
- 1.3.12 Czech Republic
- 1.3.13 Denmark
- 1.3.14 El Salvador
- 1.3.15 Estonia
- 1.3.16 Finland
- 1.3.17 France
- 1.3.18 Gambia
- 1.3.19 Germany
- 1.3.20 Greece
- 1.3.21 Hungary
- 1.3.22 India
- 1.3.23 Ireland
- 1.3.24 Italy
- 1.3.25 Latvia
- 1.3.26 Lithuania
- 1.3.27 Luxembourg
- 1.3.28 Malta
- 1.3.29 Mexico
- 1.3.30 Morocco
- 1.3.31 Netherlands
- 1.3.32 Peru
- 1.3.33 Philippines
- 1.3.34 Poland
- 1.3.35 Portugal
- 1.3.36 Romania
- 1.3.37 Slovakia
- 1.3.38 Slovenia
- 1.3.39 Spain
- 1.3.40 Sweden
- 1.3.41 Switzerland
- 1.3.42 United Kingdom
- 1.3.43 United States
- 1.3.44 Uruguay
- 1.4 Standard Definition
- 1.5 Dictionary
- 2 See also
- 3 Notes
- 4 References
Definitions
European Definitions
Council of Europe
Council Directive 2008/114/EC
ENISA
European Project Definitions
CIPRNet project
The CIPRNet project [4] uses the following definition:
National Definitions
Argentina
Australia
Austria
Belgium
Analyse de risques: examen des scénarios de menace pertinents destiné à évaluer les vulnérabilités d’infrastructures critiques et les impacts potentiels de leur arrêt ou destruction. [10]
Risikoanalyse die Prüfung relevanter Bedrohungsszenarien, um die Schwachstellen und mögliche Auswirkungen einer Störung oder Zerstörung kritischer Infrastrukturen zu bewerten. [11]
Bosnia and Herzegovina
Brazil
Bulgaria
Canada
Processus mis en œuvre pour comprendre la nature d’un risqué et pour déterminer son niveau. [17]
Colombia
Croatia
Risk analysis indicates consideration of possible scenarios of threats to evaluate the vulnerability and the potential impact of disturbances in the critical infrastructure or its destruction.
Cyprus
(equals EU definition)
Czech Republic
Risk analysis: Process of understanding the nature of risks and establishing a risk level. [22]
Process of understanding the nature of risks and establishing a risk level. [24]
Denmark
El Salvador
Estonia
Finland
Risk analysis is the action for identifying risk and estimating the probability of a damaging event as well as anticipated damages. -unofficial translation- [31]
France
Gambia
Risk analysis includes risk estimation.
Germany
Greece
(equals EU definition)
Hungary
India
Ireland
Italy
Latvia
Lithuania
Luxembourg
Malta
Mexico
Cambios en uno o más de estos parámetros modifican el riesgo en sí mismo, es decir, el total de pérdidas esperadas y las consecuencias en un área determinada.
Morocco
Risk analysis: A set of coordinated activities aimed at directing and managing an organization with regard to risk in order to improve the security of IS, to justify the budget allocated to securing the IS and to prove the credibility of the information system Using the analyzes performed.
Netherlands
Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. [54]
Risicoanalyse: Een proces dat bestaat uit drie componenten: risicoschatting, risicomanagement of manipulatie en risicocommunicatie.
Risk analysis: A process consisting of three components: Risk assessment, risk management and risk communication). [57]
Het leidt tot inzicht in de ernst en waarschijnlijkheid van die gebeurtenis en in de weerbaarheid van een organisatie tegen bedreigingen van vastgestelde belangen en uitval en verstoringen van vitale processen. Die weerbaarheid wordt afgemeten aan de maatregelen die zijn genomen om de kans op verstoring te verminderen en de gevolgen beheersbaar te maken.
Peru
El Análisis de Riesgo facilita la determinación del nivel del riesgo y la toma de decisiones.
Philippines
Poland
Portugal
Romania
Slovakia
Slovenia
Spain
Sweden
Switzerland
Dazu gehört die Einschätzung der Höhe der Risiken, oft in Form einer Einstufung der betrachteten Szenarien bzgl. ihrer Eintrittswahrscheinlichkeit und Schadensausmasses.
Die Risikoanalyse befasst sich mit der Frage «was kann passieren?».
L’appréciation du niveau des risques, souvent sous forme d’une classification des scénarios considérés en function de leur [Probability|probabilité]] d’occurrence et de l’ampleur des dommages envisagés en fait partie. L’analyse des risques traite de la question «que peut-il arriver?».
Vi rientra la stima del livello dei rischi, spesso in forma di una classificazione degli scenari considerati in funzione della loro frequenza e dell’entità dei danni. L'analisi dei rischi cerca di rispondere alla domanda «che cosa potrebbe succedere?».
United Kingdom
United States
DHS
NIST
Uruguay
Standard Definition
IETF
ISO/IEC 27000:2014 and ISO 31000:2009
Level of risk is expressed in terms of the combination of consequences and their likelihood.
- Risk analysis provides the basis for Risk Evaluation and decisions about Risk Treatment.
- Risk analysis includes Risk Estimation.
Dictionary
See also
Notes
References
- ↑ GLOSSAIRE MULTILINGUE DE LA GESTION DU RISQUE pour usagers francophones (2007)/European Centre of Technological Safety (TESEC) - TESEC-EUR-OPA 2001)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ ENISA Risk Glossary
- ↑ http://www.ciprnet.eu/
- ↑ SUBSECRETARÍA DE PROTECCIÓN CIVIL Y ABORDAJE INTEGRAL DE EMERGENCIAS Y CATÁSTROFES (1/2015)
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Australia AS NZS 5050 (2010)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama
- ↑ REGULAMENTO SOBRE GESTÃO DE RISCO DAS REDES DE TELECOMUNICAÇÕES E USO DE SERVIÇOS DE TELECOMUNICAÇÕES EM SITUAÇÕES DE EMERGÊNCIA E DESASTRES (2012)
- ↑ GLOSSÁRIO DE DEFESA CIVIL ESTUDOS DE RISCOS E MEDICINA DE DESASTRES, Ministério da Integração Nacional, Brazil
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Derived from ISO 31000:2009
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Glosario Policia Colombia
- ↑ Zakon o kritičnim infrastrukturama (Critical infrastructure act), 2013, in Official Gazette, No 56/2013 (Croat.)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ 22.0 22.1 [1]
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Bekendtgørelse om identifikation og udpegning af europæisk kritisk infrastruktur på energiområdet og vurdering af behovet for bedre beskyttelse (EPCIP-direktivet)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ HÅNDBOG I RISIKOBASERET DIMENSIONERING, Beredskabsstyrelsen, Denmark (2004)
- ↑ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ THE GAMBIA NATIONAL CYBERSECURITY STRATEGY (2019)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Methode für die Risikoanalyse im Bevölkerungsschutz
- ↑ Glossar, Das Bundesamt für Bevölkerungsschutz und Katastrophenhilfe (BBK)
- ↑ BSI Glossary
- ↑ Προεδρικό Διάταγμα 39/2011 της Ελληνικής Δημοκρατίας που αφορά την προσαρμογή της ελληνικής νομοθεσίας προς τις διατάξεις τις οδηγίας 2008/114/ΕΚ του Συμβουλίου της Ευρωπαϊκής Ένωσης.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ DECRETO LEGISLATIVO 11 aprile 2011 , n. 61 Attuazione della Direttiva 2008/114/CE recante l'individuazione e la designazione delle infrastrutture critiche europee e la valutazione della necessita' di migliorarne la protezione. (11G0101
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ El Glosario Centro Nacional de prevencion de desastres (CENAPRED)
- ↑ STRATEGIE NATIONALE EN MATIERE DE CYBERSECURITE, Morocco, 2011
- ↑ DIRECTIVE NATIONALE DE LA SECURITE DES SYSTEMES D'INFORMATION, Marocco 2013
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015
- ↑ Patiëntveiligheid Definitielijst (2005)
- ↑ Handreiking Cybercrime (2012)
- ↑ El Centro Nacional de Estimación, Prevención y Reducción del Riesgo de Desastres - CENEPRED, Glosario de Términos, Peru
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ BEZPEČNOSTNÁ RADA SLOVENSKEJ REPUBLIKY
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ 7630 Ley 8/2011, de 28 de abril, por la que se establecen medidas para la protección de las infraestructuras críticas.
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ Leitfaden Schutz kritischer Infrastrukturen 2015 / Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
- ↑ Guide pour la protection des infrastructures critiques
- ↑ Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
- ↑ Glossary CERTuy
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ Cybersecurity Woordenboek 2021