Difference between revisions of "Risk Evaluation"

From CIPedia
Jump to navigation Jump to search
(ISO/IEC 27000:2014)
Line 11: Line 11:
 
===Standard Definition===
 
===Standard Definition===
 
==== ISO/IEC 27000:2014 ====
 
==== ISO/IEC 27000:2014 ====
the Process of comparing the results of [[Risk Analysis|risk analysis]] with risk criteria to determine whether the [[risk]]and/or its magnitude is acceptable or tolerable <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}}
+
{{definition|Process of comparing the results of [[Risk Analysis|risk analysis]] with risk criteria to determine whether the [[risk]]and/or its magnitude is acceptable or tolerable <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}}
 
<big>
 
<big>
 
* Risk criteria are the terms of reference against which the significance of [[risk]] is evaluated <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements.
 
* Risk criteria are the terms of reference against which the significance of [[risk]] is evaluated <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements.

Revision as of 11:48, 17 June 2014

Definitions

European Definitions

Other International Definitions

National Definitions

Standard Definition

ISO/IEC 27000:2014

Process of comparing the results of risk analysis with risk criteria to determine whether the riskand/or its magnitude is acceptable or tolerable [1](based on the ISO Guide 73:2009[2]).

  • Risk criteria are the terms of reference against which the significance of risk is evaluated [2]). They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements.
  • Risk evaluation assists in the decision about risk treatment.

See also

Notes

  1. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  2. 2.0 2.1 ISO Guide 73:2009 Risk management -- Vocabulary
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Risk_Evaluation&oldid=1044"