Difference between revisions of "Risk Identification"

From CIPedia
Jump to navigation Jump to search
(Australia)
(See also)
(18 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
==Definitions==
 
==Definitions==
 
=== European Definitions ===
 
=== European Definitions ===
 +
====[[ENISA]]====
 +
{{definition|Risk Identification is the process to find, list and characterize elements of [[risk]] (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/glossary ENISA Risk Glossary]</ref>}}<br />
 +
=== European Project Definitions ===
 +
==== CIPRNet project ====
 +
{{quote-ciprnet|Risk identification is the process of finding, recognizing and describing [[risk]].}}<br/>
  
 
+
<!---
 
=== Other International Definitions ===
 
=== Other International Definitions ===
 
+
--->
  
 
=== National Definitions ===
 
=== National Definitions ===
==== Australia ====  
+
==== [[Australia]] ====  
 
{{definition| Risk identification is the process of determining what can happen, why and how.  <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}}
 
{{definition| Risk identification is the process of determining what can happen, why and how.  <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}}
 
<br />
 
<br />
  
 
{{definition|Process of finding, recognizing and describing risks. <ref> [http://www.risknz.org.nz/files/3114/0868%2F4596%2F5050-2010.pdf Australia AS NZS 5050 (2010)]</ref>}}<br />
 
{{definition|Process of finding, recognizing and describing risks. <ref> [http://www.risknz.org.nz/files/3114/0868%2F4596%2F5050-2010.pdf Australia AS NZS 5050 (2010)]</ref>}}<br />
 +
==== [[Bosnia and Herzegovina]] ====
 +
{{definition|Identifikacija rizika je proces pronalaženja, prepoznavanja i opisivanja rizika. (ISO 31010)  <ref>[http://www.msb.gov.ba/PDF/EU_SMJERNICE_ZA_PRCJENU_RIZIKA21122015.pdf RADNA VERZIJA OSOBLJA KOMISIJE: Procjena rizika i mapiranje smernice za upravljanje katastrofama]</ref>}}<br/><br/>
  
====Czech Republic====
+
==== [[Canada]] ====
{{definition|Process of looking for, recognizing, and describing risks (Proces hledání, rozpoznávání a popisování rizik)<ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}}
+
{{definition|The process of finding,recognizing and recording [[risk]]. <ref>Derived from ISO 31000:2009</ref><br /><br />Processus de recherche, de reconnaissance et d’enregistrement de risques. <ref name="canada">[http://publications.gc.ca/collections/collection_2012/tpsgc-pwgsc/S52-2-281-2012.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}}  
 
<br />
 
<br />
 +
==== [[Colombia]] ====
 +
{{definition|Identificatión del Riesgo: Proceso para encontrar, reconocer y describir el riesgo.  <ref>[https://www.policia.gov.co/glosario Glosario Policia Colombia]</ref>}}<br /><br/>
 +
 +
====[[Czech Republic]]====
 +
{{definition|Identifikace rizik: Proces hledání, rozpoznávání a popisování rizik.  <ref name=CZglos>[https://www.govcert.cz/download/slovnik/vykladovy_slovnik_KB_2_vydani.pdf]</ref><br/><br/>Risk identification: Process of looking for, recognizing, and describing [[Risk|risks]].  <ref name=CZglos>[https://www.govcert.cz/download/slovnik/vykladovy_slovnik_KB_2_vydani.pdf]</ref>}}<br/>
 +
 +
==== [[Denmark]] ====
 +
{{definition|Risikoidentifikation har til formål at kortlægge de risici, der findes i kommunen. Risikoidentifikation er en proces, der indeholder: identification af risikoobjekter og identifikation af hændelser. <ref>[HÅNDBOG I RISIKOBASERET DIMENSIONERING, Beredskabsstyrelsen, Denmark (2004)]</ref>}}<br /><br/>
 +
==== [[Finland]] ====
 +
{{definition|Risk Identification is a part of [[Risk Analysis]] through which [[risk|risks]] are identified and the probability of a damaging [[event]] is preliminary estimated.<br/><br/>Riskin kartoitus / riskikartoitus: Riskianalyysin osa, jonka avulla tunnistetaan riskit ja alustavasti arvioidaan vahinkotapahtuman todennäköisyys. <ref name="finland">[Palo- ja pelastussanasto. Helsinki: Suomen Pelastusalan Keskusjärjestö ry ja Suomen Palopäällystöliitto, 2006. 350 s. (TSK 33.) ISBN 951-797-215-6; Fire and Rescue Vocabulary. Helsinki: the Finnish National Rescue Association SPEK and the Finnish Association of Fire Chiefs, 2006. 350 p. (TSK 33.) ISBN 951-797-215-6 (In Finnish.)]</ref>}}<br />
 +
==== [[Luxembourg]] ====
 +
{{definition|Identification des risques: Processus de recherche, de reconnaissance et de description des risques.  <ref>[https://cybersecurite.public.lu/fr/glossaire.html Glossaire]</ref>}}<br/><br/>
 +
 +
==== [[Netherlands]]====
 +
{{definition|[Dutch] Risico-identificatie is het proces van opsporen, herkennen en beschrijven van [[Risk|risico’s]]. <ref>[https://www.brandweer.nl/publish/pages/risico_beoordeling_16_0_bhm_2015.pdf Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015]</ref>}}<br /><br/>
 +
====[[United States]]====
 +
===== [[DHS]] =====
 +
{{definition|Risk identification is the process of finding, recognizing, and describing potential risks. <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}}<br />
  
 
===Standard Definition===
 
===Standard Definition===
==== ISO/IEC 27000:2014 and ISO 31000:2009 ====
+
==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009 ]]====
 
<big>The standard defines risk assessment as</big>  
 
<big>The standard defines risk assessment as</big>  
{{definition|the "process of finding, recognizing and describing [[risk|risks]]" <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>. (based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}}
+
{{definition|the "process of finding, recognizing and describing [[risk|risks]]" <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]. </ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>. (based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}}
 
<big>
 
<big>
 
* Risk identification involves the identification of risk sources, events, their causes and their potential consequences.
 
* Risk identification involves the identification of risk sources, events, their causes and their potential consequences.
* Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholders’ needs.</big>
+
* Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and [[stakeholder]]s’ needs.</big>
  
 +
=== [[Dictionary]]===
 +
{{definition|Risico identificatie: Het in kaart brengen van de mogelijke risico's waaraan een organisatie of systeem is blootgesteld.  <ref>[https://www.cybersecurityalliantie.nl/ecp_images/2021/12/Cybersecurity-Woordenboek-2021_ZonderSpreads.pdf Cybersecurity Woordenboek 2021]</ref>}}<br/><br/>
 +
{{#set:defined by=Dictionary}}
 
==See also==
 
==See also==
 
* [[Risk]]
 
* [[Risk]]
Line 30: Line 58:
 
* [[Risk Assessment]]
 
* [[Risk Assessment]]
 
* [[Risk Evaluation]]
 
* [[Risk Evaluation]]
 
  
 
==Notes==
 
==Notes==
Line 39: Line 66:
 
* Test reference. -->
 
* Test reference. -->
  
[[Category:Risk]]
+
[[Category:Risk]][[Category:CIPRNet-Glossary]]
 +
{{#set:defined by=ENISA|defined by=Australia|defined by=Bosnia and Herzegovina|defined by=Canada|defined by=Colombia|
 +
defined by=Czech Republic|defined by=Denmark|defined by=Finland|defined by=Luxembourg|defined by=Netherlands|defined by=United States|defined by=DHS|defined by=ISO|defined by=EU-project}}
 +
{{#set: Showmainpage=Yes}}

Revision as of 22:20, 19 February 2022

Definitions

European Definitions

ENISA

Risk Identification is the process to find, list and characterize elements of risk (refers to ISO/IEC Guide 73). [1]


European Project Definitions

CIPRNet project

The CIPRNet project [2] uses the following definition:

Risk identification is the process of finding, recognizing and describing risk.



National Definitions

Australia

Risk identification is the process of determining what can happen, why and how. [3]


Process of finding, recognizing and describing risks. [4]


Bosnia and Herzegovina

Identifikacija rizika je proces pronalaženja, prepoznavanja i opisivanja rizika. (ISO 31010) [5]



Canada

The process of finding,recognizing and recording risk. [6]

Processus de recherche, de reconnaissance et d’enregistrement de risques. [7]


Colombia

Identificatión del Riesgo: Proceso para encontrar, reconocer y describir el riesgo. [8]



Czech Republic

Identifikace rizik: Proces hledání, rozpoznávání a popisování rizik. [9]

Risk identification: Process of looking for, recognizing, and describing risks. [9]


Denmark

Risikoidentifikation har til formål at kortlægge de risici, der findes i kommunen. Risikoidentifikation er en proces, der indeholder: identification af risikoobjekter og identifikation af hændelser. [10]



Finland

Risk Identification is a part of Risk Analysis through which risks are identified and the probability of a damaging event is preliminary estimated.

Riskin kartoitus / riskikartoitus: Riskianalyysin osa, jonka avulla tunnistetaan riskit ja alustavasti arvioidaan vahinkotapahtuman todennäköisyys. [11]


Luxembourg

Identification des risques: Processus de recherche, de reconnaissance et de description des risques. [12]



Netherlands

[Dutch] Risico-identificatie is het proces van opsporen, herkennen en beschrijven van risico’s. [13]



United States

DHS
Risk identification is the process of finding, recognizing, and describing potential risks. [14]


Standard Definition

ISO/IEC 27000:2014 and ISO 31000:2009

The standard defines risk assessment as

the "process of finding, recognizing and describing risks" [15] [16]. (based on the ISO Guide 73:2009[17])

  • Risk identification involves the identification of risk sources, events, their causes and their potential consequences.
  • Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholders’ needs.

Dictionary

Risico identificatie: Het in kaart brengen van de mogelijke risico's waaraan een organisatie of systeem is blootgesteld. [18]



See also

Notes