Difference between revisions of "Risk Management"
(→United States) |
(→National Definitions) |
||
| Line 14: | Line 14: | ||
=== National Definitions === | === National Definitions === | ||
| + | ==== Czech Republic ==== | ||
| + | {{definition|Risk management are coordinated activities to manage and control an organization in view of the risks.<ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} | ||
| + | Koordinované činnosti pro vedení a řízení organizace s ohledem na rizika.<br /> | ||
| + | |||
==== Germany ==== | ==== Germany ==== | ||
{{definition|The totality of measures to minimise the [[risk]] situation, weighing up the strategic alternatives (optional courses of action) in consultation with the parties concerned and according due consideration to the [[Risk Assessment]] and other factors worthy of consideration. <ref>http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.</ref>.}} | {{definition|The totality of measures to minimise the [[risk]] situation, weighing up the strategic alternatives (optional courses of action) in consultation with the parties concerned and according due consideration to the [[Risk Assessment]] and other factors worthy of consideration. <ref>http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.</ref>.}} | ||
Revision as of 10:31, 24 April 2015
Contents
Definitions
European Definitions
Other International Definitions
NATO CEP / EAPC
UNISDR
According to UNISDR, risk management comprises risk assessment and analysis, and the implementation of strategies and specific actions to control, reduce and transfer risks. It is widely practiced by organizations to minimise risk in investment decisions and to address operational risks such as those of business disruption, production failure, environmental damage, social impacts and damage from fire and natural hazards. Risk management is a core issue for sectors such as water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.
National Definitions
Czech Republic
Koordinované činnosti pro vedení a řízení organizace s ohledem na rizika.
Germany
United States
DHS
NIST
Standard Definition
ISO/IEC 27000:2014
The standard defines risk management as
Risk management process is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, monitoring and reviewing risk[7] (based on the ISO Guide 73:2009[8]). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.
See also
- Disaster Risk
- Risk Analysis
- Risk Assessment
- Risk Identification
- Risk Transfer
- Risk Treatment
- Risk Mitigation
Notes
- ↑ European Commission's CBRN Glossary, 2012
- ↑ [NATO EAPC(SCEPC) lexicon.]
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ 7.0 7.1 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ 8.0 8.1 ISO Guide 73:2009 Risk management -- Vocabulary
