Risk Evaluation

From CIPedia
Revision as of 17:41, 21 May 2014 by Mtheocharidou (talk | contribs) (Created page with "==Definitions== === Official European Definition === === Other International Definitions === === National Definitions === ===Standard Definition=== ==== ISO/IEC 27000:20...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Definitions

Official European Definition

Other International Definitions

National Definitions

Standard Definition

ISO/IEC 27000:2014

Process of comparing the results of risk analysis with risk criteria to determine whether the riskand/or its magnitude is acceptable or tolerable [1](based on the ISO Guide 73:2009[2]).

  • Risk criteria are the terms of reference against which the significance of risk is evaluated [2]). They are based on organizational objectives, and external and internal context, and can be derived from standards, laws, policies and other requirements.
  • Risk evaluation assists in the decision about [Risk Treatment|risk treatment]].

See also

Notes

  1. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  2. 2.0 2.1 ISO Guide 73:2009 Risk management -- Vocabulary
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Risk_Evaluation&oldid=337"