Risk Analysis
Jump to navigation
Jump to search
Contents
Definitions
European Definitions
Council Directive 2008/114/EC
The consideration of relevant threat scenarios, in order to assess the vulnerability and the potential impact of disruption or destruction of critical infrastructure. [1]
ENISA
Risk Analysis is the systematic use of information to identify sources and to estimate the risk (refers to ISO/IEC Guide 73). [2]
National Definitions
Australia
Risk analysis is a systematic use of available information to determine how often specified events may occur and the magnitude of their likely consequences. [3]
Brazil
Análise de riscos: análise e avaliação das vulnerabilidades das redes e dos sistemas que suportam a oferta de serviços, fundamentadas na hierarquização dos elementos necessários à prestação dos serviços. [5]
Canada
A process to comprehend the nature of a risk and to determine its level. [6]
Processus mis en œuvre pour comprendre la nature d’un risqué et pour déterminer son niveau. [7]
Processus mis en œuvre pour comprendre la nature d’un risqué et pour déterminer son niveau. [7]
Croatia
Analiza rizika označava razmatranje mogućih scenarija prijetnji kako bi se ocijenile ranjivosti i mogući učinak poremećaja u radu kritične infrastrukture ili njezina uništenja. [8]
Risk analysis indicates consideration of possible scenarios of threats to evaluate the vulnerability and the potential impact of disturbances in the critical infrastructure or its destruction.
Risk analysis indicates consideration of possible scenarios of threats to evaluate the vulnerability and the potential impact of disturbances in the critical infrastructure or its destruction.
Czech Republic
Proces pochopení povahy rizika a stanovení úrovně rizika. [9]
Process of understanding the nature of risks and establishing a risk level. [10]
Process of understanding the nature of risks and establishing a risk level. [10]
Greece
Ως «ανάλυση κινδύνων» νοείται η ανάλυση των σχετικών σεναρίων περί απειλών, προκειμένου να αξιολογηθούν τα τρωτά σημεία και οι δυνητικές επιπτώσεις της διακοπής λειτουργίας ή της καταστροφής υποδομών ζωτικής σημασίας.[11]
(equals EU definition)
(equals EU definition)
Finland
Riskianalyysi: toiminta, jossa tunnistetaan riskit ja arvioidaan vahinkotapahtuman todennäköisyys sekä odotettavissa olevat vahingot.
Risk analysis is the action for identifying risk and estimating the probability of a damaging event as well as anticipated damages. -unofficial translation- [12]
Risk analysis is the action for identifying risk and estimating the probability of a damaging event as well as anticipated damages. -unofficial translation- [12]
India
Risk analysis is the process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. [13]
Luxembourg
Analyse de risques: examen des scénarios de menace pertinents destiné à évaluer les vulnerabilities d'infrastructures critiques et les impacts potentiels de leur arrêt ou destruction. [14]
Netherlands
Risk analysis is a method which takes stock of the risk, which risk factors are unacceptable, and which measures can mitigate the risk.
Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. [15]
Risicoanalyse is een methode die inventariseert welke risico's er zijn, welke daarvan onacceptabel zijn en welke maatregelen de risico's kunnen reduceren. [15]
Switzerland
Die Risikoanalyse erfasst und beschreibt systematisch die Risiken in einem betrachteten System. [16]
Dazu gehört die Einschätzung der Höhe der Risiken, oft in Form einer Einstufung der betrachteten Szenarien bzgl. ihrer Eintrittswahrscheinlichkeit und Schadensausmasses.
Die Risikoanalyse befasst sich mit der Frage «was kann passieren?».
L’analyse des risques recense et décrit de manière systématique les risques dans un système donné. [17]
L’appréciation du niveau des risques, souvent sous forme d’une classification des scénarios considérés en function de leur [Probability|probabilité]] d’occurrence et de l’ampleur des dommages envisagés en fait partie. L’analyse des risques traite de la question «que peut-il arriver?».
Vi rientra la stima del livello dei rischi, spesso in forma di una classificazione degli scenari considerati in funzione della loro frequenza e dell’�entità dei danni. L'analisi dei rischi cerca di rispondere alla domanda «che cosa potrebbe succedere?».
United States
NIST
The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through the operation of an information system. [19]
Uruguay
Análisis de riesgo: Método cualitativo o cuantitativo para la evaluación del impacto del riesgo en la toma de decisiones. [20]
Standard Definition
IETF
An assessment process that systematically (a) identifies valuable system resources and threats to those resources, (b) quantifies loss exposures (i.e., loss potential) based on estimated frequencies and costs of occurrence, and (c) (optionally) recommends how to allocate available resources to countermeasures so as to minimize total exposure. [21]
ISO/IEC 27000:2014 and ISO 31000:2009
Process to comprehend the nature of risk and to determine the level of risk (based on the ISO Guide 73:2009) [22] [23]
Level of risk is expressed in terms of the combination of consequences and their likelihood.
- Risk analysis provides the basis for Risk Evaluation and decisions about Risk Treatment.
- Risk analysis includes Risk Estimation.
See also
Notes
- ↑ Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection.
- ↑ ENISA Risk Glossary
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Australia AS NZS 5050 (2010)
- ↑ [http://www.itu.int/en/ITU-D/Cybersecurity/Documents/National_Strategies_Repository/Brazil_2012_Orig.pdf REGULAMENTO SOBRE GESTÃO DE RISCO DAS REDES DE TELECOMUNICAÇÕES E USO DE SERVIÇOS DE TELECOMUNICAÇÕES EM SITUAÇÕES DE EMERGÊNCIA E DESASTRES (2012)
- ↑ Derived from ISO 31000:2009
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Zakon o kritičnim infrastrukturama (Critical infrastructure act), 2013, in Official Gazette, No 56/2013 (Croat.)
- ↑ http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ Προεδρικό Διάταγμα 39/2011 της Ελληνικής Δημοκρατίας που αφορά την προσαρμογή της ελληνικής νομοθεσίας προς τις διατάξεις τις οδηγίας 2008/114/ΕΚ του Συμβουλίου της Ευρωπαϊκής Ένωσης.
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ Règlement grand-ducal du 12 mars 2012 portant application de la directive 2008/114/CE du Conseil du 8 décembre 2008
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ [http://www.bevoelkerungsschutz.admin.ch/internet/bs/de/home/themen/ski/leitfaden.parsysrelated1.85483.DownloadFile.tmp/leitfadenski2015de.pdf Leitfaden Schutz kritischer Infrastrukturen 2015 / Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
- ↑ Guide pour la protection des infrastructures critiques
- ↑ Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
- ↑ Glossary CERTuy
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
