Difference between revisions of "Risk Assessment"
Jump to navigation
Jump to search
(→Standard Definition) |
(→Poland) |
||
| Line 32: | Line 32: | ||
==== Poland ==== | ==== Poland ==== | ||
| − | {{definition|Risk assessment means the total risk analysis, which consists of: risk identification and determination of extent of risks, as well as the risk assessment process.<ref>[http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/copy_of_PO_NCSS.pdf CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND, 2013]</ref>}} | + | {{definition|Risk assessment means the total [[Risk Analysis|risk analysis]], which consists of: [[Risk identification|risk identification]] and determination of extent of risks, as well as the risk assessment process.<ref>[http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/copy_of_PO_NCSS.pdf CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND, 2013]</ref>}} |
<br /> | <br /> | ||
Revision as of 20:33, 25 April 2015
Contents
Definitions
European Definitions
Overall process of [1]
:
- hazard identification (identification of a risk source capable of causing adverse effects to humans or the environment),
- hazard characterization (quantitative evaluation of the nature of the adverse health effects associated with the hazard),
- exposure assessment (evaluation of the likely exposure of man and/or the environment to risk sources) and
- risk characterisation (estimation, including attendant uncertainties, of the probability of occurrence and severity of known or potential adverse health effects in a given population).
Other International Definitions
NATO CEP / EAPC
A process of evaluating threats to the vulnerabilities of an asset to give an expert opinion on the probability of loss or damage and its impact, as a guide to taking action. [2].
UNISDR
A methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend [3].
According to UNISDR, risk assessments (and associated risk mapping) include:
- a review of the technical characteristics of hazards such as their location,intensity, frequency and probability;
- the analysis of exposure and vulnerability including the physical social, health, economic and environmental dimensions;
- and the evaluation of the effectiveness of prevailing and alternative coping capacities in respect to likely risk scenarios.
This series of activities is sometimes known as a risk analysis process.
World Economic Forum
The process which an organization is engaged in to analyse, evaluate and understand the spectrum of risks, their potential likelihood and their severity in order to enable it to act to mitigate unacceptable risk to the organization. [4]
National Definitions
Czech Republic
Overall process of risk identification, risk analysis and risk assessment.[5]
Celkový proces identifikace rizik, analýzy rizik a hodnocení rizik.
Poland
Risk assessment means the total risk analysis, which consists of: risk identification and determination of extent of risks, as well as the risk assessment process.[6]
Standard Definition
ISO/IEC 27000:2014 and ISO 31000:2009
The standard defines risk assessment as
the "overall process of risk identification, risk analysis and risk evaluation[7] [8]. (based on the ISO Guide 73:2009[9]).
See also
Notes
- ↑ European Commission's CBRN Glossary, 2012
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ WEF Partnering for Cyber Resilience Guidelines 2012
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND, 2013
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
