Difference between revisions of "Risk Management"

From CIPedia
Jump to navigation Jump to search
(See also)
(See also)
Line 25: Line 25:
 
* [[Risk Analysis]]
 
* [[Risk Analysis]]
 
* [[Risk Assessment]]
 
* [[Risk Assessment]]
 +
* [[Risk Transfer]]
 
* [[Risk Treatment]]
 
* [[Risk Treatment]]
 
* [[Mitigation]]
 
* [[Mitigation]]

Revision as of 16:50, 21 May 2014

Definitions

Official European Definition

Other International Definitions

UNISDR

[1].

National Definitions

USA

Process of identifying, analyzing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost [2].


Standard Definition

ISO/IEC 27000:2014

The standard defines risk management as "coordinated activities to direct and control an organization with regard to risk(based on the ISO Guide 73:2009) [3]. Risk management process is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, monitoring and reviewing risk (based on the ISO Guide 73:2009)[3]. ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.


See also

Notes

  1. 2009 UNISDR Terminology on Disaster Risk Reduction
  2. DHS Risk Lexicon 2010 Edition, September 2010
  3. 3.0 3.1 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Risk_Management&oldid=310"