Difference between revisions of "Risk Identification"

From CIPedia
Jump to navigation Jump to search
(Definitions)
(Standard Definition)
Line 11: Line 11:
 
===Standard Definition===
 
===Standard Definition===
 
==== ISO/IEC 27000:2014 ====
 
==== ISO/IEC 27000:2014 ====
The standard defines risk assessment as the "process of finding, recognizing and describing [[risk|risks]]" <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).
+
<big>The standard defines risk assessment as</big>
 +
{{definition|the "process of finding, recognizing and describing [[risk|risks]]" <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}}
 +
<big>
 
* Risk identification involves the identification of risk sources, events, their causes and their potential consequences.
 
* Risk identification involves the identification of risk sources, events, their causes and their potential consequences.
* Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholders’ needs.
+
* Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholders’ needs.</big>
  
 
==See also==
 
==See also==

Revision as of 10:48, 17 June 2014

Definitions

European Definitions

Other International Definitions

National Definitions

Standard Definition

ISO/IEC 27000:2014

The standard defines risk assessment as

the "process of finding, recognizing and describing risks" [1](based on the ISO Guide 73:2009[2]).

  • Risk identification involves the identification of risk sources, events, their causes and their potential consequences.
  • Risk identification can involve historical data, theoretical analysis, informed and expert opinions, and stakeholders’ needs.

See also


Notes