Difference between revisions of "Risk Evaluation"
Jump to navigation
Jump to search
(→Definitions) |
|||
Line 11: | Line 11: | ||
===Standard Definition=== | ===Standard Definition=== | ||
==== ISO/IEC 27000:2014 ==== | ==== ISO/IEC 27000:2014 ==== | ||
− | Process of comparing the results of [[Risk Analysis|risk analysis]] with risk criteria to determine whether the [[risk]]and/or its magnitude is acceptable or tolerable <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). | + | the Process of comparing the results of [[Risk Analysis|risk analysis]] with risk criteria to determine whether the [[risk]]and/or its magnitude is acceptable or tolerable <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}} |
− | + | <big> | |
* Risk criteria are the terms of reference against which the significance of [[risk]] is evaluated <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements. | * Risk criteria are the terms of reference against which the significance of [[risk]] is evaluated <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements. | ||
− | * Risk evaluation assists in the decision about [[Risk Treatment|risk treatment]]. | + | * Risk evaluation assists in the decision about [[Risk Treatment|risk treatment]].</big> |
==See also== | ==See also== |
Revision as of 11:47, 17 June 2014
Contents
Definitions
European Definitions
Other International Definitions
National Definitions
Standard Definition
ISO/IEC 27000:2014
the Process of comparing the results of risk analysis with risk criteria to determine whether the riskand/or its magnitude is acceptable or tolerable [1](based on the ISO Guide 73:2009[2]).}}
- Risk criteria are the terms of reference against which the significance of risk is evaluated [2]). They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements.
- Risk evaluation assists in the decision about risk treatment.