Difference between revisions of "Risk Evaluation"
Jump to navigation
Jump to search
(→ISO/IEC 27000:2014) |
|||
Line 11: | Line 11: | ||
===Standard Definition=== | ===Standard Definition=== | ||
==== ISO/IEC 27000:2014 ==== | ==== ISO/IEC 27000:2014 ==== | ||
− | + | {{definition|Process of comparing the results of [[Risk Analysis|risk analysis]] with risk criteria to determine whether the [[risk]]and/or its magnitude is acceptable or tolerable <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}} | |
<big> | <big> | ||
* Risk criteria are the terms of reference against which the significance of [[risk]] is evaluated <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements. | * Risk criteria are the terms of reference against which the significance of [[risk]] is evaluated <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements. |
Revision as of 11:48, 17 June 2014
Contents
Definitions
European Definitions
Other International Definitions
National Definitions
Standard Definition
ISO/IEC 27000:2014
Process of comparing the results of risk analysis with risk criteria to determine whether the riskand/or its magnitude is acceptable or tolerable [1](based on the ISO Guide 73:2009[2]).
- Risk criteria are the terms of reference against which the significance of risk is evaluated [2]). They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements.
- Risk evaluation assists in the decision about risk treatment.