Difference between revisions of "Risk Assessment"

==Definitions==

==Definitions==

=== European Definitions ===

=== European Definitions ===

{{definition|Overall process of:<br />* [[hazard]] identification (identification of a risk source capable of causing adverse effects to humans or the environment),<br />* [[hazard]] characterization (quantitative evaluation of the nature of the adverse health effects associated with the hazard),<br />* [[exposure]]  assessment (evaluation of the likely exposure of man and/or the environment to [[risk]] sources), and<br />* [[risk]] characterisation (estimation, including attendant uncertainties, of the [[probability]] of occurrence and [[severity]] of known or potential adverse health effects in a given population). <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref>}}<br />

{{definition|Overall process of:<br />* [[hazard]] identification (identification of a risk source capable of causing adverse effects to humans or the environment),<br />* [[hazard]] characterization (quantitative evaluation of the nature of the adverse health effects associated with the hazard),<br />* [[exposure]]  assessment (evaluation of the likely exposure of man and/or the environment to [[risk]] sources), and<br />* [[risk]] characterisation (estimation, including attendant uncertainties, of the [[probability]] of occurrence and [[severity]] of known or potential adverse health effects in a given population). <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref>}}<br />

=== Other International Definitions ===

=== Other International Definitions ===

{{definition|A process of evaluating threats to the [[vulnerability|vulnerabilities]] of an asset to give an expert opinion on the probability of loss or damage and its impact, as a guide to taking action. <ref>NATO EAPC(SCEPC) lexicon 2003.</ref>}}

{{definition|A process of evaluating threats to the [[vulnerability|vulnerabilities]] of an asset to give an expert opinion on the probability of loss or damage and its impact, as a guide to taking action. <ref>NATO EAPC(SCEPC) lexicon 2003.</ref>}}

<br />

<br />

{{definition|A methodology to determine the nature and extent of [[risk]] by analysing potential [[hazard|hazards]] and evaluating existing conditions of [[vulnerability]] that together could potentially [[harm]] exposed people, property, services, livelihoods and the environment on which they depend. <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref>}}

{{definition|A methodology to determine the nature and extent of [[risk]] by analysing potential [[hazard|hazards]] and evaluating existing conditions of [[vulnerability]] that together could potentially [[harm]] exposed people, property, services, livelihoods and the environment on which they depend. <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref>}}

<big>According to UNISDR, risk assessments (and associated risk mapping) include:  

<big>According to UNISDR, risk assessments (and associated risk mapping) include:  

=== National Definitions ===

=== National Definitions ===

{{definition|Overall process of [[Risk Identification|risk identification]], [[Risk Analysis|risk analysis]] and [[Risk Evaluation|risk evaluation]]. <ref> [http://www.risknz.org.nz/files/3114/0868%2F4596%2F5050-2010.pdf Australia AS NZS 5050 (2010)]</ref>}}<br />

{{definition|Overall process of [[Risk Identification|risk identification]], [[Risk Analysis|risk analysis]] and [[Risk Evaluation|risk evaluation]]. <ref> [http://www.risknz.org.nz/files/3114/0868%2F4596%2F5050-2010.pdf Australia AS NZS 5050 (2010)]</ref>}}<br />

{{definition|The overall process of [[Risk Identification|risk identification]], [[Risk Analysis|risk analysis]] and [[Risk Evaluation|risk evaluation]]. <ref>Derived from ISO 31000:2009</ref><br /><br />Ensemble du processus d’identification de risques, d’analyse de risques et d’examen de risques. <ref name="canada">[http://www.bt-tb.tpsgc-pwgsc.gc.ca/publications/documents/urgence-emergency.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}}  

{{definition|The overall process of [[Risk Identification|risk identification]], [[Risk Analysis|risk analysis]] and [[Risk Evaluation|risk evaluation]]. <ref>Derived from ISO 31000:2009</ref><br /><br />Ensemble du processus d’identification de risques, d’analyse de risques et d’examen de risques. <ref name="canada">[http://www.bt-tb.tpsgc-pwgsc.gc.ca/publications/documents/urgence-emergency.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}}  

<br />

<br />

{{definition|Risk assessment is an analysis of system assets and vulnerabilities to establish an expected loss from certain events based on estimated probabilities of the occurrence of those events. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br />

{{definition|Risk assessment is an analysis of system assets and vulnerabilities to establish an expected loss from certain events based on estimated probabilities of the occurrence of those events. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br />

{{definition|Risk assessment means the total [[Risk Analysis|risk analysis]], which consists of: risk identification and determination of extent of risks, as well as the risk assessment process. <ref>[http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/copy_of_PO_NCSS.pdf CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND, 2013]</ref>}}

{{definition|Risk assessment means the total [[Risk Analysis|risk analysis]], which consists of: risk identification and determination of extent of risks, as well as the risk assessment process. <ref>[http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/copy_of_PO_NCSS.pdf CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND, 2013]</ref>}}

<br />

<br />

{{definition|A methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend. <ref>[http://www.odpm.gov.tt/sites/default/files/Comprehensive%20Disaster%20Management%20Policy%20Framework%20for%20Trinidad%20and%20Tobago.pdf Comprehensive Disaster Management Policy Framework for Trinidad and Tobago]</ref>}}<br />

{{definition|A methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend. <ref>[http://www.odpm.gov.tt/sites/default/files/Comprehensive%20Disaster%20Management%20Policy%20Framework%20for%20Trinidad%20and%20Tobago.pdf Comprehensive Disaster Management Policy Framework for Trinidad and Tobago]</ref>}}<br />

{{definition|Risk Assessment is a structured and auditable process of identifying potentially significant [[event|events]], assessing their likelihood and impacts, and then combining these to provide an overall assessment of risk, as a basis for further decisions and action. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br />

{{definition|Risk Assessment is a structured and auditable process of identifying potentially significant [[event|events]], assessing their likelihood and impacts, and then combining these to provide an overall assessment of risk, as a basis for further decisions and action. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br />

{{definition|Risk Assessment is a product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making. <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}}<br />

{{definition|Risk Assessment is a product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making. <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}}<br />

===== NFPA-1600 =====

===== NFPA-1600 =====

===Standard Definition===

===Standard Definition===

<big>The standard defines risk assessment as</big>  

<big>The standard defines risk assessment as</big>  

{{definition|the "overall process of [[Risk Identification|risk identification]], [[Risk Analysis|risk analysis]] and [[Risk Evaluation|risk evaluation]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>    (based on the ISO Guide 73:2009 <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}}<br />

{{definition|the "overall process of [[Risk Identification|risk identification]], [[Risk Analysis|risk analysis]] and [[Risk Evaluation|risk evaluation]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>    (based on the ISO Guide 73:2009 <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}}<br />

===Other Definitions===

===Other Definitions===

{{definition|Risk assessment is a methodology to determine the nature and extent of risk by analyzing potential hazards and the evaluation of vulnerabilities and consequences.  <ref name="Ontario">[https://www.emergencymanagementontario.ca/english/emcommunity/response_resources/GlossaryOfTerms/glossary_of_terms.html Province of Ontario’s Emergency Management Glossary of Terms ]</ref><br /><br />Évaluation des risques:  méthodologie visant à déterminer la nature et l’étendue des risques au moyen de l’analyse des risques potentiels et de l’évaluation des vulnérabilités et des conséquences. <ref name="Ontario">[https://www.emergencymanagementontario.ca/english/emcommunity/response_resources/GlossaryOfTerms/glossary_of_terms.html Province of Ontario’s Emergency Management Glossary of Terms ]</ref>}}<br />

{{definition|Risk assessment is a methodology to determine the nature and extent of risk by analyzing potential hazards and the evaluation of vulnerabilities and consequences.  <ref name="Ontario">[https://www.emergencymanagementontario.ca/english/emcommunity/response_resources/GlossaryOfTerms/glossary_of_terms.html Province of Ontario’s Emergency Management Glossary of Terms ]</ref><br /><br />Évaluation des risques:  méthodologie visant à déterminer la nature et l’étendue des risques au moyen de l’analyse des risques potentiels et de l’évaluation des vulnérabilités et des conséquences. <ref name="Ontario">[https://www.emergencymanagementontario.ca/english/emcommunity/response_resources/GlossaryOfTerms/glossary_of_terms.html Province of Ontario’s Emergency Management Glossary of Terms ]</ref>}}<br />

{{definition|The process which an organization is engaged in to analyse, evaluate and understand the spectrum of risks, their potential likelihood and their severity in order to enable it to act to mitigate unacceptable [[risk]] to the organization. <ref>[http://www3.weforum.org/docs/WEF_IT_PartneringCyberResilience_Guidelines_2012.pdf WEF Partnering for Cyber Resilience Guidelines (2012)]</ref>}}<br />

{{definition|The process which an organization is engaged in to analyse, evaluate and understand the spectrum of risks, their potential likelihood and their severity in order to enable it to act to mitigate unacceptable [[risk]] to the organization. <ref>[http://www3.weforum.org/docs/WEF_IT_PartneringCyberResilience_Guidelines_2012.pdf WEF Partnering for Cyber Resilience Guidelines (2012)]</ref>}}<br />

[[Category:Risk]]

[[Category:Risk]]