Difference between revisions of "Risk Management"
(→See also) |
(→See also) |
||
Line 25: | Line 25: | ||
* [[Risk Analysis]] | * [[Risk Analysis]] | ||
* [[Risk Assessment]] | * [[Risk Assessment]] | ||
+ | * [[Risk Transfer]] | ||
* [[Risk Treatment]] | * [[Risk Treatment]] | ||
* [[Mitigation]] | * [[Mitigation]] |
Revision as of 16:50, 21 May 2014
Contents
Definitions
Official European Definition
Other International Definitions
UNISDR
[1].
National Definitions
USA
Process of identifying, analyzing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost [2].
Standard Definition
ISO/IEC 27000:2014
The standard defines risk management as "coordinated activities to direct and control an organization with regard to risk(based on the ISO Guide 73:2009) [3]. Risk management process is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, monitoring and reviewing risk (based on the ISO Guide 73:2009)[3]. ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.