Difference between revisions of "Risk Management"
(Created page with "==Definitions== === Official European Definition === === Other International Definitions === ==== UNISDR ==== <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEngli...") |
|||
Line 13: | Line 13: | ||
===Standard Definition=== | ===Standard Definition=== | ||
− | + | ==== ISO/IEC 27000:2014 ==== | |
− | + | The standard defines risk management as "coordinated activities to direct and control an organization with regard to [[risk]](based on the ISO Guide 73:2009) <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>. | |
− | + | Risk management process is the systematic application of management policies, procedures and practices to the activities of | |
+ | communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, | ||
+ | monitoring and reviewing [[risk]] (based on the ISO Guide 73:2009)<ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>. ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within | ||
+ | the risk management process are termed ‘activities’. | ||
Revision as of 16:48, 21 May 2014
Contents
Definitions
Official European Definition
Other International Definitions
UNISDR
[1].
National Definitions
USA
Process of identifying, analyzing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost [2].
Standard Definition
ISO/IEC 27000:2014
The standard defines risk management as "coordinated activities to direct and control an organization with regard to risk(based on the ISO Guide 73:2009) [3]. Risk management process is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, monitoring and reviewing risk (based on the ISO Guide 73:2009)[3]. ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.