Difference between revisions of "Risk Management"
(→Czech Republic) |
(→Definitions) |
||
Line 1: | Line 1: | ||
==Definitions== | ==Definitions== | ||
=== European Definitions === | === European Definitions === | ||
− | {{definition|[CBRN] The process, distinct from [[Risk Assessment]], of weighing policy alternatives, in consultation with all interested parties, considering risk assessment and other factors relevant for the health protection of workers and consumers, the protection of the environment and for the promotion of fair trade practices, and, if needed, selecting appropriate [[prevention]] and [[control]] options <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref> | + | {{definition|[CBRN] The process, distinct from [[Risk Assessment]], of weighing policy alternatives, in consultation with all interested parties, considering risk assessment and other factors relevant for the health protection of workers and consumers, the protection of the environment and for the promotion of fair trade practices, and, if needed, selecting appropriate [[prevention]] and [[control]] options. <ref name="CBRN">[https://cbrn.jrc.ec.europa.eu European Commission's CBRN Glossary, 2012]</ref>}} |
=== Other International Definitions === | === Other International Definitions === | ||
==== NATO CEP / EAPC ==== | ==== NATO CEP / EAPC ==== | ||
− | {{definition|A deliberate process of understanding [[risk]] and deciding upon and implementing actions to reduce risk to a defined level, which is an acceptable level of [[risk]] at an acceptable cost. This approach is characterised by identifying, measuring, and controlling risks to a level commensurate with an assigned level. <ref>[NATO EAPC(SCEPC) lexicon.]</ref> | + | {{definition|A deliberate process of understanding [[risk]] and deciding upon and implementing actions to reduce risk to a defined level, which is an acceptable level of [[risk]] at an acceptable cost. This approach is characterised by identifying, measuring, and controlling risks to a level commensurate with an assigned level. <ref>[NATO EAPC(SCEPC) lexicon.]</ref>}} |
<br /> | <br /> | ||
==== UNISDR ==== | ==== UNISDR ==== | ||
− | {{definition|The systematic approach and practice of managing uncertainty to minimize potential [[harm]] and [[loss]].<ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref> | + | {{definition|The systematic approach and practice of managing uncertainty to minimize potential [[harm]] and [[loss]]. <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref>}} |
<big>According to UNISDR, risk management comprises [[Risk Assessment|risk assessment]] and [[Risk Analysis|analysis]], and the implementation of strategies and specific actions to control, reduce and transfer risks. It is widely practiced by organizations to minimise risk in investment decisions and to address operational risks such as those of business disruption, production failure, environmental damage, social impacts and damage from fire and natural hazards. Risk management is a core issue for sectors such as water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.</big> | <big>According to UNISDR, risk management comprises [[Risk Assessment|risk assessment]] and [[Risk Analysis|analysis]], and the implementation of strategies and specific actions to control, reduce and transfer risks. It is widely practiced by organizations to minimise risk in investment decisions and to address operational risks such as those of business disruption, production failure, environmental damage, social impacts and damage from fire and natural hazards. Risk management is a core issue for sectors such as water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.</big> | ||
Line 27: | Line 27: | ||
==== Germany ==== | ==== Germany ==== | ||
− | {{definition|The totality of measures to minimise the [[risk]] situation, weighing up the strategic alternatives (optional courses of action) in consultation with the parties concerned and according due consideration to the [[Risk Assessment]] and other factors worthy of consideration <ref>http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.</ref> | + | {{definition|The totality of measures to minimise the [[risk]] situation, weighing up the strategic alternatives (optional courses of action) in consultation with the parties concerned and according due consideration to the [[Risk Assessment]] and other factors worthy of consideration. <ref>http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.</ref>}} |
<br /> | <br /> | ||
==== New Zealand ==== | ==== New Zealand ==== | ||
− | {{definition|Risk management is the process of analysing exposure to [[risk]], and determining how to manage that exposure <ref name="CIMS">[http://www.civildefence.govt.nz/assets/Uploads/publications/CIMS-2nd-edition.pdf The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)]</ref>}} | + | {{definition|Risk management is the process of analysing exposure to [[risk]], and determining how to manage that exposure. <ref name="CIMS">[http://www.civildefence.govt.nz/assets/Uploads/publications/CIMS-2nd-edition.pdf The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)]</ref>}} |
The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk). <br /> | The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk). <br /> | ||
+ | |||
+ | ====United Kingdom (UK)==== | ||
+ | {{definition|Risk Management is all activities and structures directed towards the effective assessment and management of [[risks]] and their potential adverse [[impacts]]. <ref> [https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/61046/EP_Glossary_amends_18042012_0.pdf Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)]</ref>}} <br /> | ||
====United States==== | ====United States==== | ||
=====DHS===== | =====DHS===== | ||
− | {{definition|Process of identifying, analyzing, and communicating [[risk]] and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref> | + | {{definition|Process of identifying, analyzing, and communicating [[risk]] and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost. <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}} |
=====NIST===== | =====NIST===== | ||
{{definition|Prioritizing, evaluating, and implementing the appropriate risk-reducing [[control|controls]]/[[countermeasure|countermeasures]] recommended from the risk management process. (Source: CNSSI-4009; NIST SP 800-30; NIST SP 800-39)}} | {{definition|Prioritizing, evaluating, and implementing the appropriate risk-reducing [[control|controls]]/[[countermeasure|countermeasures]] recommended from the risk management process. (Source: CNSSI-4009; NIST SP 800-30; NIST SP 800-39)}} | ||
Line 43: | Line 46: | ||
==== ISO/IEC 27000:2014 ==== | ==== ISO/IEC 27000:2014 ==== | ||
<big>The standard defines risk management as</big> | <big>The standard defines risk management as</big> | ||
− | {{definition|Coordinated activities to direct and control an organization with regard to [[risk]]<ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>) | + | {{definition|Coordinated activities to direct and control an organization with regard to [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}} |
<big>Risk management process is the systematic application of management policies, procedures and practices to the activities of | <big>Risk management process is the systematic application of management policies, procedures and practices to the activities of | ||
communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, | communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, | ||
− | monitoring and reviewing [[risk]]<ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> (based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within | + | monitoring and reviewing [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref> (based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within |
the risk management process are termed ‘activities’.</big> | the risk management process are termed ‘activities’.</big> | ||
Revision as of 00:06, 25 May 2015
Contents
Definitions
European Definitions
Other International Definitions
NATO CEP / EAPC
UNISDR
According to UNISDR, risk management comprises risk assessment and analysis, and the implementation of strategies and specific actions to control, reduce and transfer risks. It is widely practiced by organizations to minimise risk in investment decisions and to address operational risks such as those of business disruption, production failure, environmental damage, social impacts and damage from fire and natural hazards. Risk management is a core issue for sectors such as water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.
National Definitions
Australia
Canada
Czech Republic
Koordinované činnosti pro vedení a řízení organizace s ohledem na rizika.
Germany
New Zealand
The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk).
United Kingdom (UK)
United States
DHS
NIST
Standard Definition
ISO/IEC 27000:2014
The standard defines risk management as
Risk management process is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, monitoring and reviewing risk. [11] (based on the ISO Guide 73:2009[12]). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.
See also
- Disaster Risk
- Risk Analysis
- Risk Assessment
- Risk Identification
- Risk Transfer
- Risk Treatment
- Risk Mitigation
Notes
- ↑ European Commission's CBRN Glossary, 2012
- ↑ [NATO EAPC(SCEPC) lexicon.]
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ [http://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/mrgnc-mngmnt-frmwrk/index-eng.aspx An Emergency Management Framework for Canada (Second Edition)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
- ↑ The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ 11.0 11.1 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ 12.0 12.1 ISO Guide 73:2009 Risk management -- Vocabulary