Difference between revisions of "Risk Assessment"
Jump to navigation
Jump to search
(→Standard Definition) |
|||
| Line 9: | Line 9: | ||
=== Other International Definitions === | === Other International Definitions === | ||
==== NATO CEP / EAPC ==== | ==== NATO CEP / EAPC ==== | ||
| − | {{definition|A process of evaluating threats to the [[vulnerability|vulnerabilities]] of an asset to give an expert opinion on the probability of loss or damage and its impact, as a guide to taking action. <ref>NATO EAPC(SCEPC) lexicon 2003.</ref> | + | {{definition|A process of evaluating threats to the [[vulnerability|vulnerabilities]] of an asset to give an expert opinion on the probability of loss or damage and its impact, as a guide to taking action. <ref>NATO EAPC(SCEPC) lexicon 2003.</ref>}} |
<br /> | <br /> | ||
==== UNISDR ==== | ==== UNISDR ==== | ||
| − | {{definition|A methodology to determine the nature and extent of [[risk]] by analysing potential [[hazard|hazards]] and evaluating existing conditions of [[vulnerability]] that together could potentially [[harm]] exposed people, property, services, livelihoods and the environment on which they depend <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref> | + | {{definition|A methodology to determine the nature and extent of [[risk]] by analysing potential [[hazard|hazards]] and evaluating existing conditions of [[vulnerability]] that together could potentially [[harm]] exposed people, property, services, livelihoods and the environment on which they depend. <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref>}} |
<big>According to UNISDR, risk assessments (and associated risk mapping) include: | <big>According to UNISDR, risk assessments (and associated risk mapping) include: | ||
* a review of the technical characteristics of [[hazard|hazards]] such as their location,intensity, frequency and [[probability]]; | * a review of the technical characteristics of [[hazard|hazards]] such as their location,intensity, frequency and [[probability]]; | ||
| Line 28: | Line 28: | ||
=== National Definitions === | === National Definitions === | ||
==== Czech Republic ==== | ==== Czech Republic ==== | ||
| − | {{definition|Overall process of risk identification, [[Risk Analysis|risk analysis]] and risk assessment.<ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} | + | {{definition|Overall process of risk identification, [[Risk Analysis|risk analysis]] and risk assessment. <ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} |
Celkový proces identifikace rizik, analýzy rizik a hodnocení rizik.<br /> | Celkový proces identifikace rizik, analýzy rizik a hodnocení rizik.<br /> | ||
==== Poland ==== | ==== Poland ==== | ||
| − | {{definition|Risk assessment means the total [[Risk Analysis|risk analysis]], which consists of: risk identification and determination of extent of risks, as well as the risk assessment process.<ref>[http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/copy_of_PO_NCSS.pdf CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND, 2013]</ref>}} | + | {{definition|Risk assessment means the total [[Risk Analysis|risk analysis]], which consists of: risk identification and determination of extent of risks, as well as the risk assessment process. <ref>[http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/copy_of_PO_NCSS.pdf CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND, 2013]</ref>}} |
<br /> | <br /> | ||
| + | |||
| + | ====United Kingdom (UK)==== | ||
| + | {{definition|Risk Assessment is a structured and auditable process of identifying potentially significant [[events]], assessing their likelihood and impacts, and then combining these to provide an overall assessment of risk, as a basis for further decisions and action. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br /> | ||
===Other Definitions=== | ===Other Definitions=== | ||
==== Ontario (Canada) ==== | ==== Ontario (Canada) ==== | ||
| − | {{definition|Risk assessment is a methodology to determine the nature and extent of risk by analyzing potential hazards and the evaluation of vulnerabilities and consequences. <ref>[https://www.emergencymanagementontario.ca/english/emcommunity/response_resources/GlossaryOfTerms/glossary_of_terms.html Province of Ontario’s Emergency Management Glossary of Terms ]</ref>}}<br /> | + | {{definition|Risk assessment is a methodology to determine the nature and extent of risk by analyzing potential hazards and the evaluation of vulnerabilities and consequences. <ref>[https://www.emergencymanagementontario.ca/english/emcommunity/response_resources/GlossaryOfTerms/glossary_of_terms.html Province of Ontario’s Emergency Management Glossary of Terms ]</ref>}}<br /> |
{{definition|Évaluation des risques: méthodologie visant à déterminer la nature et l’étendue des risques au moyen de l’analyse des risques potentiels et de l’évaluation des vulnérabilités et des conséquences. <ref>[https://www.emergencymanagementontario.ca/english/emcommunity/response_resources/GlossaryOfTerms/glossary_of_terms.html Province of Ontario’s Emergency Management Glossary of Terms ]</ref>}}<br /> | {{definition|Évaluation des risques: méthodologie visant à déterminer la nature et l’étendue des risques au moyen de l’analyse des risques potentiels et de l’évaluation des vulnérabilités et des conséquences. <ref>[https://www.emergencymanagementontario.ca/english/emcommunity/response_resources/GlossaryOfTerms/glossary_of_terms.html Province of Ontario’s Emergency Management Glossary of Terms ]</ref>}}<br /> | ||
| Line 43: | Line 46: | ||
==== ISO/IEC 27000:2014 and ISO 31000:2009 ==== | ==== ISO/IEC 27000:2014 and ISO 31000:2009 ==== | ||
<big>The standard defines risk assessment as</big> | <big>The standard defines risk assessment as</big> | ||
| − | {{definition|the "overall process of [[Risk Identification|risk identification]], [[Risk Analysis|risk analysis]] and [[Risk Evaluation|risk evaluation]]<ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>. (based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>) | + | {{definition|the "overall process of [[Risk Identification|risk identification]], [[Risk Analysis|risk analysis]] and [[Risk Evaluation|risk evaluation]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>. (based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}} |
==See also== | ==See also== | ||
Revision as of 00:02, 25 May 2015
Contents
Definitions
European Definitions
Overall process of [1]
:
- hazard identification (identification of a risk source capable of causing adverse effects to humans or the environment),
- hazard characterization (quantitative evaluation of the nature of the adverse health effects associated with the hazard),
- exposure assessment (evaluation of the likely exposure of man and/or the environment to risk sources) and
- risk characterisation (estimation, including attendant uncertainties, of the probability of occurrence and severity of known or potential adverse health effects in a given population).
Other International Definitions
NATO CEP / EAPC
A process of evaluating threats to the vulnerabilities of an asset to give an expert opinion on the probability of loss or damage and its impact, as a guide to taking action. [2]
UNISDR
A methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend. [3]
According to UNISDR, risk assessments (and associated risk mapping) include:
- a review of the technical characteristics of hazards such as their location,intensity, frequency and probability;
- the analysis of exposure and vulnerability including the physical social, health, economic and environmental dimensions;
- and the evaluation of the effectiveness of prevailing and alternative coping capacities in respect to likely risk scenarios.
This series of activities is sometimes known as a risk analysis process.
World Economic Forum
The process which an organization is engaged in to analyse, evaluate and understand the spectrum of risks, their potential likelihood and their severity in order to enable it to act to mitigate unacceptable risk to the organization. [4]
National Definitions
Czech Republic
Overall process of risk identification, risk analysis and risk assessment. [5]
Celkový proces identifikace rizik, analýzy rizik a hodnocení rizik.
Poland
Risk assessment means the total risk analysis, which consists of: risk identification and determination of extent of risks, as well as the risk assessment process. [6]
United Kingdom (UK)
Risk Assessment is a structured and auditable process of identifying potentially significant events, assessing their likelihood and impacts, and then combining these to provide an overall assessment of risk, as a basis for further decisions and action. [7]
Other Definitions
Ontario (Canada)
Risk assessment is a methodology to determine the nature and extent of risk by analyzing potential hazards and the evaluation of vulnerabilities and consequences. [8]
Évaluation des risques: méthodologie visant à déterminer la nature et l’étendue des risques au moyen de l’analyse des risques potentiels et de l’évaluation des vulnérabilités et des conséquences. [9]
Standard Definition
ISO/IEC 27000:2014 and ISO 31000:2009
The standard defines risk assessment as
the "overall process of risk identification, risk analysis and risk evaluation. [10] [11]. (based on the ISO Guide 73:2009[12])
See also
Notes
- ↑ European Commission's CBRN Glossary, 2012
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ WEF Partnering for Cyber Resilience Guidelines 2012
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND, 2013
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ Province of Ontario’s Emergency Management Glossary of Terms
- ↑ Province of Ontario’s Emergency Management Glossary of Terms
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
