Difference between revisions of "Risk Management"
(→Germany) |
(→New Zealand) |
||
(19 intermediate revisions by the same user not shown) | |||
Line 28: | Line 28: | ||
{{definition|Manajemen risiko: Pendekatan dan praktik sistematis dalam mengelola ketidakpastian untuk meminimalkan potensi kerusakan dan kerugian. <ref>[http://www.preventionweb.net/files/7817_isdrindonesia.pdf UNISDR glossary in Bahasa]</ref>}}<br/> | {{definition|Manajemen risiko: Pendekatan dan praktik sistematis dalam mengelola ketidakpastian untuk meminimalkan potensi kerusakan dan kerugian. <ref>[http://www.preventionweb.net/files/7817_isdrindonesia.pdf UNISDR glossary in Bahasa]</ref>}}<br/> | ||
{{definition|Pengurusan Risiko: Pendekatan dan pelaksanaan sistematik dalam menguruskan ketidakpastian bagi meminimumkan kerosakan dan kerugian. <ref>[http://www.preventionweb.net/files/7817_isdrmalaysiaterminology.pdf UNISDR glossary in Malay]</ref>}}<br/> | {{definition|Pengurusan Risiko: Pendekatan dan pelaksanaan sistematik dalam menguruskan ketidakpastian bagi meminimumkan kerosakan dan kerugian. <ref>[http://www.preventionweb.net/files/7817_isdrmalaysiaterminology.pdf UNISDR glossary in Malay]</ref>}}<br/> | ||
− | {{definition|Pamamahala sa Peligro: Ang sistematkong pamamaraan at praktika ng pamamahala ng kawalang-katiyakan para mabawasan ang posibilidad ng pinsala at kawalan. <ref>[http://www.preventionweb.net/files/7817_isdrphillipinesterminology.pdf UNISDR glossary in Tagalog]</ref>}}<br/><br/> | + | {{definition|Pamamahala sa Peligro: Ang sistematkong pamamaraan at praktika ng pamamahala ng kawalang-katiyakan para mabawasan ang posibilidad ng pinsala at kawalan. <ref>[http://www.preventionweb.net/files/7817_isdrphillipinesterminology.pdf UNISDR glossary in Tagalog]</ref>}}<br/> |
+ | {{definition|<ref>[https://www.preventionweb.net/files/7817_unisdr2009terminologypersianedition.pdf Internationally agreed glossary of basic terms related to Disaster Management in Farsi]</ref>مديريت خطرپذيري<br/>رويكردي نظامند و به كاربستن مديريت عدم قطعيت براي به حداقل رساندن بالقوه آسيب و زيان }}<br/><br/> | ||
=== National Definitions === | === National Definitions === | ||
Line 44: | Line 45: | ||
{{definition| Risk management is the use of policies, practices and resources to analyze, assess and control risks to health, safety, environment and the economy.<br /><br />Gestion des risques: Recours à des politiques, à des pratiques et à des ressources pour analyser, évaluer et contrôler les risques pour la santé, la sécurité, l’environnement et l’économie. <ref>[http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition) ]</ref> <ref name="canada">[http://publications.gc.ca/collections/collection_2012/tpsgc-pwgsc/S52-2-281-2012.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}} | {{definition| Risk management is the use of policies, practices and resources to analyze, assess and control risks to health, safety, environment and the economy.<br /><br />Gestion des risques: Recours à des politiques, à des pratiques et à des ressources pour analyser, évaluer et contrôler les risques pour la santé, la sécurité, l’environnement et l’économie. <ref>[http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition) ]</ref> <ref name="canada">[http://publications.gc.ca/collections/collection_2012/tpsgc-pwgsc/S52-2-281-2012.pdf Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)]</ref>}} | ||
<br /> | <br /> | ||
− | {{definition|Gestion des risques: Mesures prises pour garantir ou améliorer la sécurité d’une installation et de son fonctionnement (OCDE, 1992). <ref name=" | + | {{definition|Gestion des risques: Mesures prises pour garantir ou améliorer la sécurité d’une installation et de son fonctionnement (OCDE, 1992). <ref name="canada_fr">[http://www.mddelcc.gouv.qc.ca/evaluations/documents/guide-risque-techno.pdf Guide Analyse de risques d'accidents technologiques majeurs (2002)]</ref>}}<br /><br/> |
====[[Capo Verde|Cape Verde]]==== | ====[[Capo Verde|Cape Verde]]==== | ||
Line 58: | Line 59: | ||
==== [[Czech Republic]] ==== | ==== [[Czech Republic]] ==== | ||
− | {{definition|Řízení rizik: Koordinované činnosti pro vedení a řízení organizace s ohledem na rizika. <ref> [http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)]</ref> <br/><br/>Risk management are coordinated activities to manage and control an organization in view of the risks. <ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} | + | {{definition|Řízení rizik: Koordinované činnosti pro vedení a řízení organizace s ohledem na rizika. <ref> [http://www.govcert.cz/download/nodeid-561 Výkladový slovník kybernetické bezpečnosti (2013)]</ref> <br/><br/>Risk management are coordinated activities to manage and control an organization in view of the [[Risk|risks]]. <ref>[http://www.govcert.cz/download/nodeid-1143/ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)]</ref>}} |
<br /><br/> | <br /><br/> | ||
+ | |||
==== [[El Salvador]] ==== | ==== [[El Salvador]] ==== | ||
{{definition|Gestión de riesgos: Proceso social complejo que conduce al planeamiento y aplicación de políticas, estrategias, instrumentos y medidas orientadas a impedir, reducir, prever y controlar los efectos adversos de fenómenos peligrosos sobre la población, los bienes y servicios y el ambiente. Acciones integradas de reducción de riesgos a través de actividades de prevención, mitigación, preparación para, y atención de emergencias y recuperación post impacto.<ref>[http://www.marn.gob.sv/glosario-de-riesgo/ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador]</ref>}}<br/><br/> | {{definition|Gestión de riesgos: Proceso social complejo que conduce al planeamiento y aplicación de políticas, estrategias, instrumentos y medidas orientadas a impedir, reducir, prever y controlar los efectos adversos de fenómenos peligrosos sobre la población, los bienes y servicios y el ambiente. Acciones integradas de reducción de riesgos a través de actividades de prevención, mitigación, preparación para, y atención de emergencias y recuperación post impacto.<ref>[http://www.marn.gob.sv/glosario-de-riesgo/ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador]</ref>}}<br/><br/> | ||
Line 65: | Line 67: | ||
====[[Finland]]==== | ====[[Finland]]==== | ||
{{definition|Riskienhallinta: järjestelmällinen toiminta, joka sisältää riskianalyysin sekä tarvittavien toimenpiteiden suunnittelun, toteutuksen, seurannan ja korjaavat toimenpiteet.<br/><br/>Risk management is a systematic action which includes [[Risk Analysis|risk analysis]] as well as the planning, execution and follow-up of operations needed and the corrective operations. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /><br/> | {{definition|Riskienhallinta: järjestelmällinen toiminta, joka sisältää riskianalyysin sekä tarvittavien toimenpiteiden suunnittelun, toteutuksen, seurannan ja korjaavat toimenpiteet.<br/><br/>Risk management is a systematic action which includes [[Risk Analysis|risk analysis]] as well as the planning, execution and follow-up of operations needed and the corrective operations. -''unofficial translation''- <ref name=TSK>[http://www.spek.fi/loader.aspx?id=1c66e01d-a75e-4a9a-80ec-9816340ce752 Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)]</ref>}}<br /><br/> | ||
+ | ==== [[Gambia]] ==== | ||
+ | {{definition|Risk management: Set of coordinated activities to direct and control an organization with regard to [[risk]]. <ref>[http://www.moici.gov.gm/sites/default/files/2019-09/20160726%20Gambia%20Strategy%20-%20Cybersecurity%20Strategy_final_with_Gambia_cover_page.pdf THE GAMBIA NATIONAL CYBERSECURITY STRATEGY (2019)]</ref>}}<br /><br/> | ||
==== [[Germany]] ==== | ==== [[Germany]] ==== | ||
{{definition|The totality of measures to minimise the [[risk]] situation, weighing up the strategic alternatives (optional courses of action) in consultation with the parties concerned and according due consideration to the [[Risk Assessment]] and other factors worthy of consideration. <ref>[http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.]</ref>}} | {{definition|The totality of measures to minimise the [[risk]] situation, weighing up the strategic alternatives (optional courses of action) in consultation with the parties concerned and according due consideration to the [[Risk Assessment]] and other factors worthy of consideration. <ref>[http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.]</ref>}} | ||
<br /> | <br /> | ||
− | {{definition|Risikomanagement: Kontinuierlich ablaufendes, systematisches Verfahren zum zielgerichteten Umgang mit [[Risk|Risiken]], das die Analyse und Bewertung von Risiken sowie die Planung und Umsetzung von Maßnahmen, insbesondere zur Risikovermeidung, -minimierung und -akzeptanz, beinhaltet. <ref>[http://www.bbk.bund.de/SharedDocs/Downloads/BBK/DE/Publikationen/Praxis_Bevoelkerungsschutz/Band_8_Praxis_BS_BBK_Glossar.pdf Glossar BBK]</ref>}}<br /> | + | {{definition|Risikomanagement: Kontinuierlich ablaufendes, systematisches Verfahren zum zielgerichteten Umgang mit [[Risk|Risiken]], das die Analyse und Bewertung von Risiken sowie die Planung und Umsetzung von Maßnahmen, insbesondere zur Risikovermeidung, -minimierung und -akzeptanz, beinhaltet. <ref>[http://www.bbk.bund.de/SharedDocs/Downloads/BBK/DE/Publikationen/Praxis_Bevoelkerungsschutz/Band_8_Praxis_BS_BBK_Glossar.pdf Glossar BBK]</ref>}}<br/> |
====[[Germany]]==== | ====[[Germany]]==== | ||
{{definition|Risikomanagement: alle Aktivitäten mit Bezug auf die strategische und operative Behandlung von Risiken bezeichnet, also alle Tätigkeiten, um Risiken für eine Institution zu identifizieren, zu steuern und zu kontrollieren. <ref>[https://www.bsi.bund.de/DE/Themen/Cyber-Sicherheit/Empfehlungen/cyberglossar/Functions/glossar.html?cms_lv2=9817306 BSI Glossary]</ref>}} <br /><br/> | {{definition|Risikomanagement: alle Aktivitäten mit Bezug auf die strategische und operative Behandlung von Risiken bezeichnet, also alle Tätigkeiten, um Risiken für eine Institution zu identifizieren, zu steuern und zu kontrollieren. <ref>[https://www.bsi.bund.de/DE/Themen/Cyber-Sicherheit/Empfehlungen/cyberglossar/Functions/glossar.html?cms_lv2=9817306 BSI Glossary]</ref>}} <br /><br/> | ||
Line 77: | Line 81: | ||
====[[India]]==== | ====[[India]]==== | ||
− | {{definition|Risk management ''(in ICT)'' is the total process of identifying, controlling, and eliminating or minimizing uncertain [[event|events]] that may affect IT system resources. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /><br/> | + | {{definition|Risk management ''(in ICT)'' is the total process of identifying, controlling, and eliminating or minimizing uncertain [[event|events]] that may affect IT system resources. <ref>[http://www.dgqadefence.gov.in/documents/pdf/cyber-security-policy-dgqa-2015.pdf India's DGQA Cyber Security Policy (2015)] </ref>}} <br /> |
+ | {{definition|Risk Management: The systematic approach and practice of managing uncertainty to minimize potential harm and loss. <ref>[https://ndma.gov.in/images/policyplan/dmplan/National%20Disaster%20Management%20Plan%20May%202016.pdf National Disaster Management Plan (NDMP)- (2016)]</ref>}}<br/><br/> | ||
==== [[Ireland]] ==== | ==== [[Ireland]] ==== | ||
Line 88: | Line 93: | ||
==== [[Kiribati]] ==== | ==== [[Kiribati]] ==== | ||
{{definition|Babaire aika a kakatauraoaki imwain kanganga aika a kona na riki ni irekereke ma bibitakin kanoan te bong. <ref>[http://www.president.gov.ki/wp-content/uploads/2014/08/KAPII-Bi-Lingual-Glossary-CLIMATE-CHANGE-TERMS.pdf Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008]</ref><br/><br/>Risk management involves doing conscious, planned activities to address climate risk. }}<br/><br/> | {{definition|Babaire aika a kakatauraoaki imwain kanganga aika a kona na riki ni irekereke ma bibitakin kanoan te bong. <ref>[http://www.president.gov.ki/wp-content/uploads/2014/08/KAPII-Bi-Lingual-Glossary-CLIMATE-CHANGE-TERMS.pdf Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008]</ref><br/><br/>Risk management involves doing conscious, planned activities to address climate risk. }}<br/><br/> | ||
+ | ====[[Kuwait]]==== | ||
+ | {{definition|دارة املخاطر:هي عملية م�صتمرة لتحديد املخاطر املحتملة وحتليلها وتقييم مدى تأثريها وإبقائها عند م�صتوى مقبول، وهي عملية متكن امل ؤ�ص�صات من حتديد ال�صيا�صات وال�صوابط الأكرث تكيفا مع حماية أ�صول امل ؤ�ص�صة. <ref>[https://citra.gov.kw/sites/ar/LegalReferences/Cyber%20Security.pdf الاستراتيجية الوطنية للأمن السيبراني لدولة الكويت (2017-2020)]</ref><br/><br/>Risk management: it is a continuous process of identifying potential risks, analysis and evaluation of their impact and maintained the risk at an acceptable level. Risk management enables organizations to define policies and controls which are the most likely to protect the assets. <ref>[https://citra.gov.kw/sites/en/LegalReferences/English%20Cyber%20Security%20Strategy.pdf National Cyber Security Strategy 2017-2020]</ref>}} | ||
+ | <br /><br/> | ||
+ | |||
+ | ==== [[Liberia]] ==== | ||
+ | {{definition|Risk Management: Identifying vulnerabilities in a network and developing a strategy to protect against attack. <ref>[http://www.lta.gov.lr/doc/ICT%20_%20Telecom%20Policy%20Main%20Body.pdf Government of Liberia’s Policy for the Telecommunications and Information Communications Technology (ICT) sectors]</ref>}}<br /><br /> | ||
==== [[Luxembourg]] ==== | ==== [[Luxembourg]] ==== | ||
{{definition|Gestion des risques: Activités coordonnées dans le but de diriger et piloter une organisation en prenant en compte les risques. <ref>[https://cybersecurite.public.lu/fr/glossaire.html Glossaire]</ref>}}<br/><br/> | {{definition|Gestion des risques: Activités coordonnées dans le but de diriger et piloter une organisation en prenant en compte les risques. <ref>[https://cybersecurite.public.lu/fr/glossaire.html Glossaire]</ref>}}<br/><br/> | ||
==== [[Netherlands]]==== | ==== [[Netherlands]]==== | ||
− | {{definition|Risk management is the process that aims to identify and control the [[risk]].<br/><br/>Risicomanagement is het proces dat beoogt risico's te inventariseren en te beheersen. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref>}} | + | {{definition|Risicomanagement: inzichtelijk en systematisch inventariseren, beoordelen en – door het treffen van maatregelen – beheersbaar maken van [[risk|risico’s]] en kansen, die het bereiken van de doelstellingen van de organisatie bedreigen dan wel bevorderen, op een zodanige wijze dat verantwoording kan worden afgelegd over de gemaakte keuzes. <ref>[https://wetten.overheid.nl/BWBR0033512 Beveiligingsvoorschrift Rijksdienst 2013]</ref>}}<br/> |
+ | |||
+ | {{definition|Risk management is the process that aims to identify and control the [[risk]].<br/><br/>Risicomanagement is het proces dat beoogt risico's te inventariseren en te beheersen. <ref>[http://www.pblq.nl/media/63123/HEC%20Zakboekje%20preventie%20cybercrime.pdf Zakboekje Preventie Cybercrime (2008]</ref>}}<br/> | ||
− | ==== [[New Zealand]] ==== | + | {{definition|[HEALTH sector]<br/>Risico management/manipulatie: Het proces van afweging van beleidsalternatieven om geschatte risico’s te accepteren, minimaliseren of reduceren en de geschikte mogelijkheden te selecteren en uitvoeren. <br/><br/>Risk management: The process of weighing policy alternatives to accept, minimize or reduce assessed [[Risk|risks]] and to select and implement appropriate options. <ref>[https://www.medischcontact.nl/web/file?uuid=56770c4f-4440-4b02-b568-177eb7b1ab9f&owner=1e836119-cfd1-4e33-a731-da3efbb2a701&contentid=23865 Patiëntveiligheid Definitielijst (2005)]</ref>}}<br/><br/> |
+ | |||
+ | ==== [[New Zealand]]/[[AOTEAROA]] ==== | ||
{{definition|Risk management is the process of analysing exposure to [[risk]], and determining how to manage that exposure. <ref name="CIMS">[http://www.civildefence.govt.nz/assets/Uploads/publications/CIMS-2nd-edition.pdf The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)]</ref>}} | {{definition|Risk management is the process of analysing exposure to [[risk]], and determining how to manage that exposure. <ref name="CIMS">[http://www.civildefence.govt.nz/assets/Uploads/publications/CIMS-2nd-edition.pdf The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)]</ref>}} | ||
The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk).<br /><br/> | The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk).<br /><br/> | ||
Line 106: | Line 121: | ||
{{definition|Risk Management: The process of managing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/> | {{definition|Risk Management: The process of managing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/> | ||
{{definition|Risk Management: The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: 1. the conduct of a risk assessment; 2. the implementation of a risk mitigation strategy; and 3. Employment of techniques and procedures for the continuous monitoring of the security state of the information system. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/> | {{definition|Risk Management: The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: 1. the conduct of a risk assessment; 2. the implementation of a risk mitigation strategy; and 3. Employment of techniques and procedures for the continuous monitoring of the security state of the information system. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/> | ||
− | {{definition|Risk Management is the process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/><br/> | + | {{definition|Risk Management is the process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/> |
+ | {{definition|Risk Management: The identification, analysis, assessment, control, and avoidance, minimisation, or elimination of unacceptable risks. <ref>[https://digital.nhs.uk/services/data-and-cyber-security-protecting-information-and-data-in-health-and-care/cyber-and-data-security-policy-and-good-practice-in-health-and-care/cyber-and-data-security-resources/cyber-security-glossary NHS Cyber security glossary]</ref>}}<br/><br/> | ||
+ | |||
+ | ==== [[Poland]] ==== | ||
+ | {{definition|Zarządzanie ryzykiem – skoordynowane działania w zakresie zarządzania [[Cyber Security|cyberbezpieczeństwem]] w odniesieniu do oszacowanego [[Risk|ryzyka]]. <ref name=Poland>[http://bip.kprm.gov.pl/download/75/30991/RM-10-64-18.pdf U S TAWA z dnia o krajowym systemie cyberbezpieczeństwa / Polish (draft) law on the national cybersecurity system (2018)]</ref>}}<br /> | ||
+ | |||
====[[Portugal]] ==== | ====[[Portugal]] ==== | ||
{{definition|[Definição]Tratamento do Risco: Atenuação, eliminação, redução (mediante uma combinação adequada de medidas técnicas, materiais, organizativas e processuais), transferência ou monitorização do risco. <ref>[https://www.cncs.gov.pt/recursos/glossario/ Glossário Centro National de Cibersegurança Portugal]</ref>}}<br /><br/> | {{definition|[Definição]Tratamento do Risco: Atenuação, eliminação, redução (mediante uma combinação adequada de medidas técnicas, materiais, organizativas e processuais), transferência ou monitorização do risco. <ref>[https://www.cncs.gov.pt/recursos/glossario/ Glossário Centro National de Cibersegurança Portugal]</ref>}}<br /><br/> | ||
Line 153: | Line 173: | ||
communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, | communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, | ||
monitoring and reviewing [[risk]]. <ref name="ISO27000-14">[http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> (based on the ISO Guide 73:2009 <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.<br /><br/> | monitoring and reviewing [[risk]]. <ref name="ISO27000-14">[http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> (based on the ISO Guide 73:2009 <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.<br /><br/> | ||
+ | |||
+ | === [[Dictionary]]=== | ||
+ | {{definition|Risicomanagement: Een continu proces waarbij bedrijfsrisico's voortdurend worden bewaakt. Onderdelen van dit proces zijn bijvoorbeeld het identifi�ceren, evalueren, prioriteren van risico’s en het nemen van maatregelen (accepteren, mitigeren, overdragen of vermijden). <ref>[https://www.cybersecurityalliantie.nl/ecp_images/2021/12/Cybersecurity-Woordenboek-2021_ZonderSpreads.pdf Cybersecurity Woordenboek 2021]</ref>}}<br/><br/> | ||
+ | {{#set:defined by=Dictionary}} | ||
==See also== | ==See also== | ||
Line 164: | Line 188: | ||
==Notes== | ==Notes== | ||
+ | |||
+ | ==References== | ||
<references /> | <references /> | ||
− | |||
− | |||
− | |||
[[Category:Risk]] | [[Category:Risk]] | ||
− | {{#set:defined by=Council of Europe|defined by=EU|defined by=ENISA|defined by=NATO|defined by=UNISDR|defined by=Argentina|defined by=Australia|defined by=Canada|defined by=Cape Verde|defined by=Chile|defined by=Colombia|defined by=Cuba|defined by=Czech Republic|defined by=El Salvador|defined by=Finland|defined by=Germany|defined by=Guatemala|defined by=India|defined by=Ireland|defined by=Japan|defined by=Kiribati|defined by=Luxembourg|defined by=Netherlands|defined by=New Zealand|defined by=Norway|defined by=Peru|defined by=Philippines|defined by=Portugal|defined by=Republic of Trinidad & Tobago|defined by=Romania|defined by=Serbia|defined by=Singapore|defined by=Spain|defined by=Switzerland|defined by=United Arab Emirates|defined by=United Kingdom|defined by=United States|defined by=ISO|defined by=NIST|defined by=White House|defined by=IETF|defined by=Caricom|defined by=US-CERT}} | + | {{#set:defined by=Council of Europe|defined by=EU|defined by=ENISA|defined by=NATO|defined by=UNISDR|defined by=Argentina|defined by=Australia|defined by=Canada|defined by=Cape Verde|defined by=Chile|defined by=Colombia|defined by=Cuba|defined by=Czech Republic|defined by=El Salvador|defined by=Finland|defined by=Gambia|defined by=Germany|defined by=Guatemala|defined by=India|defined by=Ireland|defined by=Japan|defined by=Kiribati|defined by=Kuwait|defined by=Liberia|defined by=Luxembourg|defined by=Netherlands|defined by=New Zealand|defined by=Norway|defined by=Peru|defined by=Philippines|defined by=Poland|defined by=Portugal|defined by=Republic of Trinidad & Tobago|defined by=Romania|defined by=Serbia|defined by=Singapore|defined by=Spain|defined by=Switzerland|defined by=United Arab Emirates|defined by=United Kingdom|defined by=United States|defined by=ISO|defined by=NIST|defined by=White House|defined by=IETF|defined by=Caricom|defined by=US-CERT}} |
+ | {{#set: Showmainpage=Yes}} |
Latest revision as of 11:25, 1 April 2024
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 Other International Definitions
- 1.3 National Definitions
- 1.3.1 Argentina
- 1.3.2 Australia
- 1.3.3 Canada
- 1.3.4 Cape Verde
- 1.3.5 Chile
- 1.3.6 Colombia
- 1.3.7 Cuba
- 1.3.8 Czech Republic
- 1.3.9 El Salvador
- 1.3.10 Finland
- 1.3.11 Gambia
- 1.3.12 Germany
- 1.3.13 Germany
- 1.3.14 Guatemala
- 1.3.15 India
- 1.3.16 Ireland
- 1.3.17 Japan
- 1.3.18 Kiribati
- 1.3.19 Kuwait
- 1.3.20 Liberia
- 1.3.21 Luxembourg
- 1.3.22 Netherlands
- 1.3.23 New Zealand/AOTEAROA
- 1.3.24 Norway
- 1.3.25 Peru
- 1.3.26 Philippines
- 1.3.27 Poland
- 1.3.28 Portugal
- 1.3.29 Republic of Trinidad & Tobago
- 1.3.30 Romania
- 1.3.31 Serbia
- 1.3.32 Singapore
- 1.3.33 Spain
- 1.3.34 Switzerland
- 1.3.35 United Arab Emirates
- 1.3.36 United Kingdom (UK)
- 1.3.37 United States
- 1.4 Standard Definition
- 1.5 Dictionary
- 2 See also
- 3 Notes
- 4 References
Definitions
European Definitions
Council of Europe
EU
ENISA
Other International Definitions
CARICOM
NATO CEP / EAPC
UNISDR
According to UNISDR, risk management comprises risk assessment and analysis, and the implementation of strategies and specific actions to control, reduce and transfer risks. It is widely practiced by organizations to minimise risk in investment decisions and to address operational risks such as those of business disruption, production failure, environmental damage, social impacts and damage from fire and natural hazards. Risk management is a core issue for sectors such as water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.
رويكردي نظامند و به كاربستن مديريت عدم قطعيت براي به حداقل رساندن بالقوه آسيب و زيان
National Definitions
Argentina
NOTA. La gestión de riesgos usualmente incluye la evaluación de riesgos, el tratamiento de riesgos, la aceptación de riesgos y la comunicación de riesgos.
Australia
Canada
Gestion des risques: Recours à des politiques, à des pratiques et à des ressources pour analyser, évaluer et contrôler les risques pour la santé, la sécurité, l’environnement et l’économie. [19] [20]
Cape Verde
A gestão de riscos compreende a avaliação de riscos e análise e da implementação de estratégias e acções específicas para controlar, reduzir e transferir riscos (redução de riscos). É bastante praticada por organizações para minimizar o risco nas decisões de investimento e para enfrentar os riscos operacionais, tais como de interrupção de negócios, falha de produção, danos ambientais, impactos sociais e danos causados pelo fogo e desastres naturais. A gestão de riscos é uma questão central para sectores tais como o de abastecimento de água, energia e agricultura, cuja produção é directamente afectado por eventos climáticos extremos.
Chile
Acciones integradas de reducción de riesgos a través de actividades de prevención, mitigación, preparación para, y atención de emergencias y recuperación post impacto.
Colombia
Cuba
Czech Republic
Risk management are coordinated activities to manage and control an organization in view of the risks. [28]
El Salvador
Finland
Risk management is a systematic action which includes risk analysis as well as the planning, execution and follow-up of operations needed and the corrective operations. -unofficial translation- [30]
Gambia
Germany
Germany
Guatemala
India
Ireland
Japan
(Cyber) Risk management is the process of identifying, controlling, and eliminating or minimizing uncertain events that may affect system resources. [39]
Kiribati
Risk management involves doing conscious, planned activities to address climate risk.
Kuwait
Risk management: it is a continuous process of identifying potential risks, analysis and evaluation of their impact and maintained the risk at an acceptable level. Risk management enables organizations to define policies and controls which are the most likely to protect the assets. [43]
Liberia
Luxembourg
Netherlands
Risicomanagement is het proces dat beoogt risico's te inventariseren en te beheersen. [47]
Risico management/manipulatie: Het proces van afweging van beleidsalternatieven om geschatte risico’s te accepteren, minimaliseren of reduceren en de geschikte mogelijkheden te selecteren en uitvoeren.
Risk management: The process of weighing policy alternatives to accept, minimize or reduce assessed risks and to select and implement appropriate options. [48]
New Zealand/AOTEAROA
The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk).
Norway
Risk management is the entire process of defining in what areas and for what adverse events risk analyses should be conducted, conducting the risk analyses, evaluating the risk results (whether the level of risk is justifiable or not) and implementing any risk-reduction measures. [51]
Peru
Philippines
Poland
Portugal
Republic of Trinidad & Tobago
Romania
Riscurile sunt uzual urmărite, în paralel cu identificarea şi analizarea unora noi, iar planurile de atenuare pentru un risc pot conduce la descoperirea altor riscuri.
Managementul riscului: un proces complex, continuu şi flexibil de identificare, evaluare şi contracarare a riscurilor la adresa securităţii cibernetice, bazat pe utilizarea unor tehnici şi instrumente complexe, pentru prevenirea pierderilor de orice natură. [61]
Serbia
Singapore
Spain
Switzerland
United Arab Emirates
United Kingdom (UK)
Risk Management is a process of identifying, understanding, managing, controlling, monitoring and communicating risk. [70]
Risk Management is putting in place plans to avoid unacceptable consequences of risks. [71]
United States
DHS
NIST
US-CERT
White House
Information sharing facilitates and supports all of these activities.
Standard Definition
IETF
ISO/IEC 27000:2014, ISO 31000:2009 and ISO 22301:2012
These standards defines risk management as:
Definition is based on the ISO Guide 73:2009. [80]
Risk management process is the systematic application of management policies, procedures and practices to the activities of
communicating, consulting, establishing the context and identifying, analysing, evaluating, treating,
monitoring and reviewing risk. [77] (based on the ISO Guide 73:2009 [80]). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.
Dictionary
See also
- Disaster Risk
- Risk Analysis
- Risk Assessment
- Risk Identification
- Risk Transfer
- Risk Treatment
- Risk Mitigation
Notes
References
- ↑ GLOSSAIRE MULTILINGUE DE LA GESTION DU RISQUE pour usagers francophones (2007)/European Centre of Technological Safety (TESEC) - TESEC-EUR-OPA 2001)
- ↑ European Commission's CBRN Glossary, 2012
- ↑ ENISA Risk Glossary
- ↑ Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
- ↑ NATO EAPC(SCEPC) lexicon.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary in Bahasa
- ↑ UNISDR glossary in Malay
- ↑ UNISDR glossary in Tagalog
- ↑ Internationally agreed glossary of basic terms related to Disaster Management in Farsi
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Australia AS NZS 5050 (2010)
- ↑ ADAPTATION TO CLIMATE CHANGE: KEY TERMS, E. Levina and D. Terpak, OECD (2006) - derived from (Australian Greenhouse Office. 2003)
- ↑ An Emergency Management Framework for Canada (Second Edition)
- ↑ Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012)
- ↑ Guide Analyse de risques d'accidents technologiques majeurs (2002)
- ↑ Avaliação das Necessidades Pós- Desastre (PDNA) ERUPÇÃO VULCÂNICA NO FOGO 2014-2015, Cape Verde
- ↑ GUÍA ANÁLISIS DE RIESGOS NATURALES PARA EL ORDENAMIENTO TERRITORIAL Subsecretaría de Desarrollo Regional y Administrativo (SUBDERE) Primera Edición, Junio 2011
- ↑ Glosario Policia Colombia
- ↑ Glosario Policia Colombia
- ↑ Glossary of Cyber terms/Glosario de términos, Centro de Seguridad del Ciberespacio
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ THE GAMBIA NATIONAL CYBERSECURITY STRATEGY (2019)
- ↑ Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
- ↑ Glossar BBK
- ↑ BSI Glossary
- ↑ Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ National Disaster Management Plan (NDMP)- (2016)
- ↑ A FRAMEWORK FOR MAJOR EMERGENCY MANAGEMENT (APPENDICES)
- ↑ RFC2828 (Japanese translation)
- ↑ 重要インフラのサイバーセキュリティを 向上させるためのフレームワーク (2014)
- ↑ Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008
- ↑ الاستراتيجية الوطنية للأمن السيبراني لدولة الكويت (2017-2020)
- ↑ National Cyber Security Strategy 2017-2020
- ↑ Government of Liberia’s Policy for the Telecommunications and Information Communications Technology (ICT) sectors
- ↑ Glossaire
- ↑ Beveiligingsvoorschrift Rijksdienst 2013
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ Patiëntveiligheid Definitielijst (2005)
- ↑ The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)
- ↑ DSB, National Risikobild 2014
- ↑ DSB, National Risk Analysis 2014
- ↑ El Centro Nacional de Estimación, Prevención y Reducción del Riesgo de Desastres - CENEPRED, Glosario de Términos, Peru
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ NHS Cyber security glossary
- ↑ U S TAWA z dnia o krajowym systemie cyberbezpieczeństwa / Polish (draft) law on the national cybersecurity system (2018)
- ↑ Glossário Centro National de Cibersegurança Portugal
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
- ↑ Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică
- ↑ ЗАКОН О ИНФОРМАЦИОНОЈ БЕЗБЕДНОСТИ (Law on Information Security), Serbia
- ↑ Foresight: A Glossary, Civil Service College, Singapore
- ↑ CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)
- ↑ CIBERSEGURIDAD. RETOS Y AMENAZAS A LA SEGURIDAD NACIONAL EN EL CIBERESPACIO, MINISTERIO DE DEFENSA (2010)
- ↑ Leitfaden Schutz kritischer Infrastrukturen 2015 pointing at ISO 31000
- ↑ Guide pour la protection des infrastructures critiques 2015/Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
- ↑ Abu Dhabi Safety and Security Planning Manual
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ Cabinet Office, Section A: Introduction, Definitions and Principles of Infrastructure Resilience n.d.
- ↑ The National Adaptation Programme: Making the country resilient to a changing climate, UK Government (2013)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- ↑ Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
- ↑ Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (May 11, 2017
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ 77.0 77.1 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ ISO 22301:2012 Societal security -- Business continuity management systems --- Requirements
- ↑ 80.0 80.1 ISO Guide 73:2009 Risk management -- Vocabulary
- ↑ Cybersecurity Woordenboek 2021