Difference between revisions of "Risk Management"
(→USA) |
(→ISO/IEC 27000:2014) |
||
| Line 20: | Line 20: | ||
Risk management process is the systematic application of management policies, procedures and practices to the activities of | Risk management process is the systematic application of management policies, procedures and practices to the activities of | ||
communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, | communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, | ||
| − | monitoring and reviewing [[risk]] | + | monitoring and reviewing [[risk]]<ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> (based on the ISO Guide 73:2009<ref>[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within |
the risk management process are termed ‘activities’. | the risk management process are termed ‘activities’. | ||
Revision as of 17:10, 21 May 2014
Contents
Definitions
Official European Definition
Other International Definitions
UNISDR
The systematic approach and practice of managing uncertainty to minimize potential harm and loss.[1]. According to UNISDR, risk management comprises risk assessment and analysis, and the implementation of strategies and specific actions to control, reduce and transfer risks. It is widely practiced by organizations to minimise risk in investment decisions and to address operational risks such as those of business disruption, production failure, environmental damage, social impacts and damage from fire and natural hazards. Risk management is a core issue for sectors such as water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.
National Definitions
USA
Process of identifying, analyzing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost [2].
Prioritizing, evaluating, and implementing the appropriate risk -reducing controls/countermeasures recommended from the risk management process. (Source: CNSSI-4009; NIST SP 800-30; NIST SP 800-39)
Standard Definition
ISO/IEC 27000:2014
The standard defines risk management as "coordinated activities to direct and control an organization with regard to risk(based on the ISO Guide 73:2009) [3]. Risk management process is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, monitoring and reviewing risk[3] (based on the ISO Guide 73:2009[4]). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.
