Difference between revisions of "Risk Management"
Jump to navigation
Jump to search
(→Notes) |
|||
| Line 1: | Line 1: | ||
==Definitions== | ==Definitions== | ||
=== European Definitions === | === European Definitions === | ||
| + | ==== [[EU]]==== | ||
{{definition|[CBRN] The process, distinct from [[Risk Assessment]], of weighing policy alternatives, in consultation with all interested parties, considering risk assessment and other factors relevant for the health protection of workers and consumers, the protection of the environment and for the promotion of fair trade practices, and, if needed, selecting appropriate [[prevention]] and [[control]] options. <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref>}} | {{definition|[CBRN] The process, distinct from [[Risk Assessment]], of weighing policy alternatives, in consultation with all interested parties, considering risk assessment and other factors relevant for the health protection of workers and consumers, the protection of the environment and for the promotion of fair trade practices, and, if needed, selecting appropriate [[prevention]] and [[control]] options. <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref>}} | ||
=== Other International Definitions === | === Other International Definitions === | ||
| − | ==== NATO CEP / EAPC ==== | + | ==== [[NATO|NATO CEP / EAPC]] ==== |
{{definition|A deliberate process of understanding [[risk]] and deciding upon and implementing actions to reduce risk to a defined level, which is an acceptable level of [[risk]] at an acceptable cost. This approach is characterised by identifying, measuring, and controlling risks to a level commensurate with an assigned level. <ref>[NATO EAPC(SCEPC) lexicon.]</ref>}} | {{definition|A deliberate process of understanding [[risk]] and deciding upon and implementing actions to reduce risk to a defined level, which is an acceptable level of [[risk]] at an acceptable cost. This approach is characterised by identifying, measuring, and controlling risks to a level commensurate with an assigned level. <ref>[NATO EAPC(SCEPC) lexicon.]</ref>}} | ||
<br /> | <br /> | ||
| − | ==== UNISDR ==== | + | ==== [[UNISDR]] ==== |
{{definition|The systematic approach and practice of managing uncertainty to minimize potential [[harm]] and [[loss]]. <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref>}} | {{definition|The systematic approach and practice of managing uncertainty to minimize potential [[harm]] and [[loss]]. <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref>}} | ||
| Line 14: | Line 15: | ||
=== National Definitions === | === National Definitions === | ||
| − | ==== Australia ==== | + | ==== [[Australia]] ==== |
{{definition| Risk management is the systematic application of management policies, procedures and practices to the tasks of [[Risk Identification| identifying]], analyzing, [[Risk Evaluation|evaluating]], treating and monitoring risk. <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}} | {{definition| Risk management is the systematic application of management policies, procedures and practices to the tasks of [[Risk Identification| identifying]], analyzing, [[Risk Evaluation|evaluating]], treating and monitoring risk. <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}} | ||
<br /> | <br /> | ||
| Line 20: | Line 21: | ||
{{definition|Coordinated activities to direct and control an organization with regard to risk. <ref> [http://www.risknz.org.nz/files/3114/0868%2F4596%2F5050-2010.pdf Australia AS NZS 5050 (2010)]</ref>}}<br /> | {{definition|Coordinated activities to direct and control an organization with regard to risk. <ref> [http://www.risknz.org.nz/files/3114/0868%2F4596%2F5050-2010.pdf Australia AS NZS 5050 (2010)]</ref>}}<br /> | ||
| − | ==== Canada ==== | + | ==== [[Canada]] ==== |
{{definition| Risk management is the use of policies, practices and resources to analyze, assess and control risks to health, safety, environment and the economy.<br /><br />Recours à des politiques, à des pratiques et à des ressources pour analyser, évaluer et contrôler les risques pour la santé, la sécurité, l’environnement et l’économie. <ref> [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition) </ref> <ref name="canada">[http://www.bt-tb.tpsgc-pwgsc.gc.ca/publications/documents/urgence-emergency.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}} | {{definition| Risk management is the use of policies, practices and resources to analyze, assess and control risks to health, safety, environment and the economy.<br /><br />Recours à des politiques, à des pratiques et à des ressources pour analyser, évaluer et contrôler les risques pour la santé, la sécurité, l’environnement et l’économie. <ref> [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition) </ref> <ref name="canada">[http://www.bt-tb.tpsgc-pwgsc.gc.ca/publications/documents/urgence-emergency.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}} | ||
<br /> | <br /> | ||
| − | ==== Czech Republic ==== | + | ==== [[Czech Republic]] ==== |
| − | {{definition|Risk management are coordinated activities to manage and control an organization in view of the risks. <ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} | + | {{definition|Řízení rizik: Koordinované činnosti pro vedení a řízení organizace s ohledem na rizika. <ref> http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)</ref> <br/><br/>Risk management are coordinated activities to manage and control an organization in view of the risks. <ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} |
| − | + | <br /> | |
| − | ====Finland==== | + | ====[[Finland]]==== |
{{definition|Riskienhallinta: järjestelmällinen toiminta, joka sisältää riskianalyysin sekä tarvittavien toimenpiteiden suunnittelun, toteutuksen, seurannan ja korjaavat toimenpiteet.<br/><br/>Risk management is a systematic action which includes [[Risk Analysis|risk analysis]] as well as the planning, execution and follow-up of operations needed and the corrective operations. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /> | {{definition|Riskienhallinta: järjestelmällinen toiminta, joka sisältää riskianalyysin sekä tarvittavien toimenpiteiden suunnittelun, toteutuksen, seurannan ja korjaavat toimenpiteet.<br/><br/>Risk management is a systematic action which includes [[Risk Analysis|risk analysis]] as well as the planning, execution and follow-up of operations needed and the corrective operations. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /> | ||
| − | ==== Germany ==== | + | ==== [[Germany]] ==== |
{{definition|The totality of measures to minimise the [[risk]] situation, weighing up the strategic alternatives (optional courses of action) in consultation with the parties concerned and according due consideration to the [[Risk Assessment]] and other factors worthy of consideration. <ref>http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.</ref>}} | {{definition|The totality of measures to minimise the [[risk]] situation, weighing up the strategic alternatives (optional courses of action) in consultation with the parties concerned and according due consideration to the [[Risk Assessment]] and other factors worthy of consideration. <ref>http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.</ref>}} | ||
<br /> | <br /> | ||
| − | ====India==== | + | ====[[India]]==== |
{{definition|Risk management ''(in ICT)'' is the total process of identifying, controlling, and eliminating or minimizing uncertain [[event|events]] that may affect IT system resources. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /> | {{definition|Risk management ''(in ICT)'' is the total process of identifying, controlling, and eliminating or minimizing uncertain [[event|events]] that may affect IT system resources. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /> | ||
| − | ==== Netherlands==== | + | ==== [[Netherlands]]==== |
{{definition|Risk management is the process that aims to identify and control the [[risk]].<br/><br/>Risicomanagement is het proces dat beoogt risico's te inventariseren en te beheersen. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref>}}<br /> | {{definition|Risk management is the process that aims to identify and control the [[risk]].<br/><br/>Risicomanagement is het proces dat beoogt risico's te inventariseren en te beheersen. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref>}}<br /> | ||
| − | ==== New Zealand ==== | + | ==== [[New Zealand]] ==== |
{{definition|Risk management is the process of analysing exposure to [[risk]], and determining how to manage that exposure. <ref name="CIMS">[http://www.civildefence.govt.nz/assets/Uploads/publications/CIMS-2nd-edition.pdf The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)]</ref>}} | {{definition|Risk management is the process of analysing exposure to [[risk]], and determining how to manage that exposure. <ref name="CIMS">[http://www.civildefence.govt.nz/assets/Uploads/publications/CIMS-2nd-edition.pdf The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)]</ref>}} | ||
The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk). <br /> | The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk). <br /> | ||
| − | ==== Republic of Trinidad & Tobago ==== | + | ==== [[Republic of Trinidad & Tobago]] ==== |
{{definition|The systematic approach and practice of managing uncertainty to minimize potential [[harm]] and loss. <ref>[http://www.odpm.gov.tt/sites/default/files/Comprehensive%20Disaster%20Management%20Policy%20Framework%20for%20Trinidad%20and%20Tobago.pdf Comprehensive Disaster Management Policy Framework for Trinidad and Tobago]</ref>}}<br /> | {{definition|The systematic approach and practice of managing uncertainty to minimize potential [[harm]] and loss. <ref>[http://www.odpm.gov.tt/sites/default/files/Comprehensive%20Disaster%20Management%20Policy%20Framework%20for%20Trinidad%20and%20Tobago.pdf Comprehensive Disaster Management Policy Framework for Trinidad and Tobago]</ref>}}<br /> | ||
| − | ==== Romania ==== | + | ==== [[Romania]] ==== |
{{definition|Risk management (''in ICT'') is a complex, continuous and flexible identification, evaluation and fighting of [[Cyber Security|cyber security]] [[Risk|risks]], based on the use of complex tools and techniques to prevent losses of any kind.<br/><br/>Managementul riscului: un proces complex, continuu şi flexibil de identificare, evaluare şi contracarare a riscurilor la adresa securităţii cibernetice, bazat pe utilizarea unor tehnici şi instrumente complexe, pentru prevenirea pierderilor de orice natură. <ref>[https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/StrategiaDeSecuritateCiberneticaARomaniei.pdf Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică]</ref>}} | {{definition|Risk management (''in ICT'') is a complex, continuous and flexible identification, evaluation and fighting of [[Cyber Security|cyber security]] [[Risk|risks]], based on the use of complex tools and techniques to prevent losses of any kind.<br/><br/>Managementul riscului: un proces complex, continuu şi flexibil de identificare, evaluare şi contracarare a riscurilor la adresa securităţii cibernetice, bazat pe utilizarea unor tehnici şi instrumente complexe, pentru prevenirea pierderilor de orice natură. <ref>[https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/StrategiaDeSecuritateCiberneticaARomaniei.pdf Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică]</ref>}} | ||
<br /> | <br /> | ||
| − | ====United Kingdom (UK)==== | + | ====[[United Kingdom|United Kingdom (UK)]]==== |
{{definition|Risk Management is all activities and structures directed towards the effective assessment and management of [[Risk|risks]] and their potential adverse [[Impact|impacts]]. <ref>[https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br /> | {{definition|Risk Management is all activities and structures directed towards the effective assessment and management of [[Risk|risks]] and their potential adverse [[Impact|impacts]]. <ref>[https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br /> | ||
| − | ====United States==== | + | ====[[United States]]==== |
| − | =====DHS===== | + | =====[[DHS]]===== |
{{definition|Process of identifying, analyzing, and communicating [[risk]] and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost. <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}} | {{definition|Process of identifying, analyzing, and communicating [[risk]] and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost. <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}} | ||
| − | =====NIST===== | + | =====[[NIST]]===== |
{{definition|Prioritizing, evaluating, and implementing the appropriate risk-reducing [[control|controls]]/[[countermeasure|countermeasures]] recommended from the risk management process. (Source: CNSSI-4009; NIST SP 800-30; NIST SP 800-39)}} | {{definition|Prioritizing, evaluating, and implementing the appropriate risk-reducing [[control|controls]]/[[countermeasure|countermeasures]] recommended from the risk management process. (Source: CNSSI-4009; NIST SP 800-30; NIST SP 800-39)}} | ||
===Standard Definition=== | ===Standard Definition=== | ||
| − | ==== ISO/IEC 27000:2014 and ISO 31000:2009 ==== | + | ==== [[ISO|ISO/IEC 27000:2014 and ISO 31000:2009]] ==== |
<big>These standards defines risk management as</big> | <big>These standards defines risk management as</big> | ||
{{definition|Coordinated activities to direct and control an organization with regard to [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref> <br />(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}} | {{definition|Coordinated activities to direct and control an organization with regard to [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> <ref name="ISO31000-09"> [http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=43170 ISO/IEC 31000:2009, Risk management -- Principles and guidelines]</ref> <br />(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}} | ||
Revision as of 19:03, 18 July 2015
Contents
Definitions
European Definitions
EU
[CBRN] The process, distinct from Risk Assessment, of weighing policy alternatives, in consultation with all interested parties, considering risk assessment and other factors relevant for the health protection of workers and consumers, the protection of the environment and for the promotion of fair trade practices, and, if needed, selecting appropriate prevention and control options. [1]
Other International Definitions
NATO CEP / EAPC
A deliberate process of understanding risk and deciding upon and implementing actions to reduce risk to a defined level, which is an acceptable level of risk at an acceptable cost. This approach is characterised by identifying, measuring, and controlling risks to a level commensurate with an assigned level. [2]
UNISDR
The systematic approach and practice of managing uncertainty to minimize potential harm and loss. [3]
According to UNISDR, risk management comprises risk assessment and analysis, and the implementation of strategies and specific actions to control, reduce and transfer risks. It is widely practiced by organizations to minimise risk in investment decisions and to address operational risks such as those of business disruption, production failure, environmental damage, social impacts and damage from fire and natural hazards. Risk management is a core issue for sectors such as water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.
National Definitions
Australia
Risk management is the systematic application of management policies, procedures and practices to the tasks of identifying, analyzing, evaluating, treating and monitoring risk. [4]
Coordinated activities to direct and control an organization with regard to risk. [5]
Canada
Risk management is the use of policies, practices and resources to analyze, assess and control risks to health, safety, environment and the economy.
Recours à des politiques, à des pratiques et à des ressources pour analyser, évaluer et contrôler les risques pour la santé, la sécurité, l’environnement et l’économie. [6] [7]
Recours à des politiques, à des pratiques et à des ressources pour analyser, évaluer et contrôler les risques pour la santé, la sécurité, l’environnement et l’économie. [6] [7]
Czech Republic
Řízení rizik: Koordinované činnosti pro vedení a řízení organizace s ohledem na rizika. [8]
Risk management are coordinated activities to manage and control an organization in view of the risks. [9]
Risk management are coordinated activities to manage and control an organization in view of the risks. [9]
Finland
Riskienhallinta: järjestelmällinen toiminta, joka sisältää riskianalyysin sekä tarvittavien toimenpiteiden suunnittelun, toteutuksen, seurannan ja korjaavat toimenpiteet.
Risk management is a systematic action which includes risk analysis as well as the planning, execution and follow-up of operations needed and the corrective operations. -unofficial translation- [10]
Risk management is a systematic action which includes risk analysis as well as the planning, execution and follow-up of operations needed and the corrective operations. -unofficial translation- [10]
Germany
The totality of measures to minimise the risk situation, weighing up the strategic alternatives (optional courses of action) in consultation with the parties concerned and according due consideration to the Risk Assessment and other factors worthy of consideration. [11]
India
Risk management (in ICT) is the total process of identifying, controlling, and eliminating or minimizing uncertain events that may affect IT system resources. [12]
Netherlands
Risk management is the process that aims to identify and control the risk.
Risicomanagement is het proces dat beoogt risico's te inventariseren en te beheersen. [13]
Risicomanagement is het proces dat beoogt risico's te inventariseren en te beheersen. [13]
New Zealand
Risk management is the process of analysing exposure to risk, and determining how to manage that exposure. [14]
The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk).
Republic of Trinidad & Tobago
The systematic approach and practice of managing uncertainty to minimize potential harm and loss. [15]
Romania
Risk management (in ICT) is a complex, continuous and flexible identification, evaluation and fighting of cyber security risks, based on the use of complex tools and techniques to prevent losses of any kind.
Managementul riscului: un proces complex, continuu şi flexibil de identificare, evaluare şi contracarare a riscurilor la adresa securităţii cibernetice, bazat pe utilizarea unor tehnici şi instrumente complexe, pentru prevenirea pierderilor de orice natură. [16]
Managementul riscului: un proces complex, continuu şi flexibil de identificare, evaluare şi contracarare a riscurilor la adresa securităţii cibernetice, bazat pe utilizarea unor tehnici şi instrumente complexe, pentru prevenirea pierderilor de orice natură. [16]
United Kingdom (UK)
Risk Management is all activities and structures directed towards the effective assessment and management of risks and their potential adverse impacts. [17]
United States
DHS
Process of identifying, analyzing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost. [18]
NIST
Prioritizing, evaluating, and implementing the appropriate risk-reducing controls/countermeasures recommended from the risk management process. (Source: CNSSI-4009; NIST SP 800-30; NIST SP 800-39)
Standard Definition
ISO/IEC 27000:2014 and ISO 31000:2009
These standards defines risk management as
Coordinated activities to direct and control an organization with regard to risk. [19] [20]
(based on the ISO Guide 73:2009[21])
(based on the ISO Guide 73:2009[21])
Risk management process is the systematic application of management policies, procedures and practices to the activities of
communicating, consulting, establishing the context and identifying, analysing, evaluating, treating,
monitoring and reviewing risk. [19] (based on the ISO Guide 73:2009 [21]). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.
See also
- Disaster Risk
- Risk Analysis
- Risk Assessment
- Risk Identification
- Risk Transfer
- Risk Treatment
- Risk Mitigation
Notes
- ↑ European Commission's CBRN Glossary, 2012
- ↑ [NATO EAPC(SCEPC) lexicon.]
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Australia AS NZS 5050 (2010)
- ↑ [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ 19.0 19.1 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ 21.0 21.1 ISO Guide 73:2009 Risk management -- Vocabulary
