Difference between revisions of "Risk Identification"

From CIPedia
Jump to navigation Jump to search
(Australia)
Line 18: Line 18:
  
 
====Czech Republic====
 
====Czech Republic====
{{definition|Process of looking for, recognizing, and describing risks (Proces hledání, rozpoznávání a popisování rizik)<ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}}
+
{{definition|Process of looking for, recognizing, and describing risks (Proces hledání, rozpoznávání a popisování rizik). <ref> [http://www.govcert.cz/download/nodeid-3555/ Cyber Security Explanatory Glossary (2013)]</ref>}}
 
<br />
 
<br />
  
Line 24: Line 24:
 
==== ISO/IEC 27000:2014 and ISO 31000:2009 ====
 
==== ISO/IEC 27000:2014 and ISO 31000:2009 ====
 
<big>The standard defines risk assessment as</big>  
 
<big>The standard defines risk assessment as</big>  
{{definition|the "process of finding, recognizing and describing [[risk|risks]]" <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>. (based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}}
+
{{definition|the "process of finding, recognizing and describing [[risk|risks]]" <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]. </ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref>. (based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}}
 
<big>
 
<big>
 
* Risk identification involves the identification of risk sources, events, their causes and their potential consequences.
 
* Risk identification involves the identification of risk sources, events, their causes and their potential consequences.
Line 44: Line 44:
  
 
[[Category:Risk]]
 
[[Category:Risk]]
 +
{{#set:defined by=Australia|defined by=Canada|defined by=Czech Republic|defined by=ISO}}

Revision as of 20:36, 10 June 2015

Definitions

European Definitions

Other International Definitions

National Definitions

Australia

Risk identification is the process of determining what can happen, why and how. [1]


Process of finding, recognizing and describing risks. [2]


Canada

The process of finding,recognizing and recording risk. [3]

Processus de recherche, de reconnaissance et d’enregistrement de risques. [4]


Czech Republic

Process of looking for, recognizing, and describing risks (Proces hledání, rozpoznávání a popisování rizik). [5]


Standard Definition

ISO/IEC 27000:2014 and ISO 31000:2009

The standard defines risk assessment as

the "process of finding, recognizing and describing risks" [6] [7]. (based on the ISO Guide 73:2009[8])

  • Risk identification involves the identification of risk sources, events, their causes and their potential consequences.
  • Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholders’ needs.

See also


Notes