Risk Assessment
Jump to navigation
Jump to search
Contents
Definitions
European Definitions
EU
CBRN Glossary
Overall process of:
* hazard identification (identification of a risk source capable of causing adverse effects to humans or the environment),
* hazard characterization (quantitative evaluation of the nature of the adverse health effects associated with the hazard),
* exposure assessment (evaluation of the likely exposure of man and/or the environment to risk sources), and
* risk characterisation (estimation, including attendant uncertainties, of the probability of occurrence and severity of known or potential adverse health effects in a given population). [1]
* hazard identification (identification of a risk source capable of causing adverse effects to humans or the environment),
* hazard characterization (quantitative evaluation of the nature of the adverse health effects associated with the hazard),
* exposure assessment (evaluation of the likely exposure of man and/or the environment to risk sources), and
* risk characterisation (estimation, including attendant uncertainties, of the probability of occurrence and severity of known or potential adverse health effects in a given population). [1]
1313/2013/EC
Risk assessment means the overall cross-sectoral process of risk identification, risk analysis, and risk evaluation undertaken at national or appropriate sub-national level. [2]
ENISA
Risk Assessment is a scientific and technologically based process consisting of three steps, risk identification, risk analysis and risk evaluation. [3]
Other International Definitions
CARICOM
Risk assessment is a methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend. [4]
NATO CEP / EAPC
A process of evaluating threats to the vulnerabilities of an asset to give an expert opinion on the probability of loss or damage and its impact, as a guide to taking action. [5]
UNISDR
A methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend. [6]
According to UNISDR, risk assessments (and associated risk mapping) include:
- a review of the technical characteristics of hazards such as their location,intensity, frequency and probability;
- the analysis of exposure and vulnerability including the physical social, health, economic and environmental dimensions;
- and the evaluation of the effectiveness of prevailing and alternative coping capacities in respect to likely risk scenarios.
This series of activities is sometimes known as a risk analysis process.
National Definitions
Australia
Canada
The overall process of risk identification, risk analysis and risk evaluation. [8]
Ensemble du processus d’identification de risques, d’analyse de risques et d’examen de risques. [9]
Ensemble du processus d’identification de risques, d’analyse de risques et d’examen de risques. [9]
Czech Republic
Posuzování rizika: Celkový proces identifikace rizik, analýzy rizik a hodnocení rizik. [10]
Risk assessment is the overall process of risk identification, risk analysis and risk assessment. [11]
Risk assessment is the overall process of risk identification, risk analysis and risk assessment. [11]
India
Risk assessment is an analysis of system assets and vulnerabilities to establish an expected loss from certain events based on estimated probabilities of the occurrence of those events. [12]
Ireland
Risk assessment is a systematic process of identifying and evaluating, either qualitatively or quantitatively, the risk resulting from specific hazards. [13]
Japan
リスク評価: 価値あるシステム資源とそれらの試算に対する脅威を体系的に識別し、見積もられる頻度と発生時の費用に基づいて損失的露出(すなわち、損失の可能性)を限定し、(オプションとして)「露出全体を最小化するために、対策に資源配分する方法」を推奨する過程.
(Cyber) A process that systematically identifies valuable system resources and threats to those resources, quantifies loss exposures (i.e., loss potential) based on estimated frequencies and costs of occurrence, and (optionally) recommends how to allocate resources to countermeasures so as to minimize total exposure. [14]
(Cyber) A process that systematically identifies valuable system resources and threats to those resources, quantifies loss exposures (i.e., loss potential) based on estimated frequencies and costs of occurrence, and (optionally) recommends how to allocate resources to countermeasures so as to minimize total exposure. [14]
Poland
Risk assessment means the total risk analysis, which consists of: risk identification and determination of extent of risks, as well as the risk assessment process. [15]
Republic of Trinidad & Tobago
A methodology to determine the nature and extent of risk by analysing potential hazards and evaluating existing conditions of vulnerability that together could potentially harm exposed people, property, services, livelihoods and the environment on which they depend. [16]
Switzerland
Die Risikobeurteilung umfasst den Prozess der Risikoanalyse und Risikobewertung. [17]
L’évaluation des risques englobe le processus de l’analyse et de l’appréciation des risques. [18]
La valutazione dei rischi comprende il processo di analisi dei rischi e di ponderazione dei rischi. [19]
L’évaluation des risques englobe le processus de l’analyse et de l’appréciation des risques. [18]
La valutazione dei rischi comprende il processo di analisi dei rischi e di ponderazione dei rischi. [19]
United Kingdom (UK)
Risk Assessment is a structured and auditable process of identifying potentially significant events, assessing their likelihood and impacts, and then combining these to provide an overall assessment of risk, as a basis for further decisions and action. [20]
Risk Assessment is an analysis of risks and their mpacts to provide information for decision making. [21]
Often, risk assessment will consider a particular impacted [party], like a building or population. The process usually includes identifying hazards which could have an impact; and assessing the likelihoods and severities of impacts.
United States
DHS
Risk Assessment is a product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making. [22]
NFPA-1600
Process of hazard identification, probability analysis, vulnerability analysis, and impacts analysis. [23]
NIST
The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. [24]
Standard Definition
ISO/IEC 27000:2014 and ISO 31000:2009
The standard defines risk assessment as
the "overall process of risk identification, risk analysis and risk evaluation. [25] [26] (based on the ISO Guide 73:2009 [27])
Other Definitions
Ontario (Canada)
Risk assessment is a methodology to determine the nature and extent of risk by analyzing potential hazards and the evaluation of vulnerabilities and consequences. [28]
Évaluation des risques: méthodologie visant à déterminer la nature et l’étendue des risques au moyen de l’analyse des risques potentiels et de l’évaluation des vulnérabilités et des conséquences. [28]
Évaluation des risques: méthodologie visant à déterminer la nature et l’étendue des risques au moyen de l’analyse des risques potentiels et de l’évaluation des vulnérabilités et des conséquences. [28]
World Economic Forum
The process which an organization is engaged in to analyse, evaluate and understand the spectrum of risks, their potential likelihood and their severity in order to enable it to act to mitigate unacceptable risk to the organization. [29]
See also
Notes
- ↑ European Commission's CBRN Glossary, 2012
- ↑ DECISION No 1313/2013/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 December 2013 on a Union Civil Protection Mechanism - EN
- ↑ ENISA Risk Glossary
- ↑ Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
- ↑ NATO EAPC(SCEPC) lexicon 2003.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ Australia AS NZS 5050 (2010)
- ↑ Derived from ISO 31000:2009
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ A FRAMEWORK FOR MAJOR EMERGENCY MANAGEMENT (APPENDICES)
- ↑ RFC2828 (Japanese translation)
- ↑ CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND, 2013
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ Glossar der Risikobegriffe, Bundesamt für Bevölkerungsschutz BABS, 29.4.2013
- ↑ Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
- ↑ Glossario sui rischi, Ufficio federale della protezione della popolazione UFPP, 29.4.2013
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ The National Adaptation Programme: Making the country resilient to a changing climate, UK Government (2013)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NFPA-1600
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
- ↑ 28.0 28.1 Province of Ontario’s Emergency Management Glossary of Terms
- ↑ WEF Partnering for Cyber Resilience Guidelines (2012)
