Difference between revisions of "Risk Management"
(→Switzerland) |
(→DHS) |
||
Line 126: | Line 126: | ||
====[[United States]]==== | ====[[United States]]==== | ||
=====[[DHS]]===== | =====[[DHS]]===== | ||
− | {{definition|Process of identifying, analyzing, and communicating [[risk]] and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost. <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}} | + | {{definition|Process of identifying, analyzing, and communicating [[risk]] and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost. <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>}}<br/> |
+ | |||
=====[[NIST]]===== | =====[[NIST]]===== | ||
{{definition|Prioritizing, evaluating, and implementing the appropriate risk-reducing [[control|controls]]/[[countermeasure|countermeasures]] recommended from the risk management process. (Source: CNSSI-4009; NIST SP 800-30; NIST SP 800-39)}}<br/> | {{definition|Prioritizing, evaluating, and implementing the appropriate risk-reducing [[control|controls]]/[[countermeasure|countermeasures]] recommended from the risk management process. (Source: CNSSI-4009; NIST SP 800-30; NIST SP 800-39)}}<br/> |
Revision as of 11:28, 13 September 2017
Contents
- 1 Definitions
- 1.1 European Definitions
- 1.2 Other International Definitions
- 1.3 National Definitions
- 1.3.1 Argentina
- 1.3.2 Australia
- 1.3.3 Canada
- 1.3.4 Cape Verde
- 1.3.5 Chile
- 1.3.6 Colombia
- 1.3.7 Cuba
- 1.3.8 Czech Republic
- 1.3.9 El Salvador
- 1.3.10 Finland
- 1.3.11 Germany
- 1.3.12 Guatemala
- 1.3.13 India
- 1.3.14 Ireland
- 1.3.15 Japan
- 1.3.16 Kiribati
- 1.3.17 Netherlands
- 1.3.18 New Zealand
- 1.3.19 Norway
- 1.3.20 Peru
- 1.3.21 Philippines
- 1.3.22 Portugal
- 1.3.23 Republic of Trinidad & Tobago
- 1.3.24 Romania
- 1.3.25 Serbia
- 1.3.26 Singapore
- 1.3.27 Switzerland
- 1.3.28 United Arab Emirates
- 1.3.29 United Kingdom (UK)
- 1.3.30 United States
- 1.4 Standard Definition
- 2 See also
- 3 Notes
Definitions
European Definitions
Council of Europe
EU
ENISA
Other International Definitions
CARICOM
NATO CEP / EAPC
UNISDR
According to UNISDR, risk management comprises risk assessment and analysis, and the implementation of strategies and specific actions to control, reduce and transfer risks. It is widely practiced by organizations to minimise risk in investment decisions and to address operational risks such as those of business disruption, production failure, environmental damage, social impacts and damage from fire and natural hazards. Risk management is a core issue for sectors such as water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.
National Definitions
Argentina
NOTA. La gestión de riesgos usualmente incluye la evaluación de riesgos, el tratamiento de riesgos, la aceptación de riesgos y la comunicación de riesgos.
Australia
Canada
Gestion des risques: Recours à des politiques, à des pratiques et à des ressources pour analyser, évaluer et contrôler les risques pour la santé, la sécurité, l’environnement et l’économie. [18] [19]
Cape Verde
A gestão de riscos compreende a avaliação de riscos e análise e da implementação de estratégias e acções específicas para controlar, reduzir e transferir riscos (redução de riscos). É bastante praticada por organizações para minimizar o risco nas decisões de investimento e para enfrentar os riscos operacionais, tais como de interrupção de negócios, falha de produção, danos ambientais, impactos sociais e danos causados pelo fogo e desastres naturais. A gestão de riscos é uma questão central para sectores tais como o de abastecimento de água, energia e agricultura, cuja produção é directamente afectado por eventos climáticos extremos.
Chile
Acciones integradas de reducción de riesgos a través de actividades de prevención, mitigación, preparación para, y atención de emergencias y recuperación post impacto.
Colombia
Cuba
Czech Republic
Risk management are coordinated activities to manage and control an organization in view of the risks. [26]
El Salvador
Finland
Risk management is a systematic action which includes risk analysis as well as the planning, execution and follow-up of operations needed and the corrective operations. -unofficial translation- [28]
Germany
Guatemala
India
Ireland
Japan
(Cyber) Risk management is the process of identifying, controlling, and eliminating or minimizing uncertain events that may affect system resources. [34]
Kiribati
Risk management involves doing conscious, planned activities to address climate risk.
Netherlands
Risicomanagement is het proces dat beoogt risico's te inventariseren en te beheersen. [37]
New Zealand
The level of risk is arrived at by examining the likelihood and consequences of the hazard and whether the course of action is acceptable for the outcome that needs to be achieved. (Likelihood x Consequences = Risk).
Norway
Risk management is the entire process of defining in what areas and for what adverse events risk analyses should be conducted, conducting the risk analyses, evaluating the risk results (whether the level of risk is justifiable or not) and implementing any risk-reduction measures. [40]
Peru
Philippines
Portugal
Republic of Trinidad & Tobago
Romania
Riscurile sunt uzual urmărite, în paralel cu identificarea şi analizarea unora noi, iar planurile de atenuare pentru un risc pot conduce la descoperirea altor riscuri.
Managementul riscului: un proces complex, continuu şi flexibil de identificare, evaluare şi contracarare a riscurilor la adresa securităţii cibernetice, bazat pe utilizarea unor tehnici şi instrumente complexe, pentru prevenirea pierderilor de orice natură. [48]
Serbia
Singapore
Switzerland
United Arab Emirates
United Kingdom (UK)
Risk Management is a process of identifying, understanding, managing, controlling, monitoring and communicating risk. [55]
Risk Management is putting in place plans to avoid unacceptable consequences of risks. [56]
United States
DHS
NIST
US-CERT
White House
Information sharing facilitates and supports all of these activities.
Standard Definition
IETF
ISO/IEC 27000:2014, ISO 31000:2009 and ISO 22301:2012
These standards defines risk management as
(based on the ISO Guide 73:2009 [65])
Risk management process is the systematic application of management policies, procedures and practices to the activities of
communicating, consulting, establishing the context and identifying, analysing, evaluating, treating,
monitoring and reviewing risk. [62] (based on the ISO Guide 73:2009 [65]). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.
See also
- Disaster Risk
- Risk Analysis
- Risk Assessment
- Risk Identification
- Risk Transfer
- Risk Treatment
- Risk Mitigation
Notes
- ↑ GLOSSAIRE MULTILINGUE DE LA GESTION DU RISQUE pour usagers francophones (2007)/European Centre of Technological Safety (TESEC) - TESEC-EUR-OPA 2001)
- ↑ European Commission's CBRN Glossary, 2012
- ↑ ENISA Risk Glossary
- ↑ Caribbean Disaster Emergency Management Agency (CDEMA) Regional Comprehensive Disaster Management Strategy and Results Framework 2014-2024
- ↑ NATO EAPC(SCEPC) lexicon.
- ↑ 2009 UNISDR Terminology on Disaster Risk Reduction
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary
- ↑ UNISDR glossary in Bahasa
- ↑ UNISDR glossary in Malay
- ↑ UNISDR glossary in Tagalog
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Australia AS NZS 5050 (2010)
- ↑ ADAPTATION TO CLIMATE CHANGE: KEY TERMS, E. Levina and D. Terpak, OECD (2006) - derived from (Australian Greenhouse Office. 2003)
- ↑ An Emergency Management Framework for Canada (Second Edition)
- ↑ 19.0 19.1 Vocabulaire de la gestion des urgencies/Emergency Management Emergency Management Vocabulary 281 (2012) Cite error: Invalid
<ref>
tag; name "canada" defined multiple times with different content - ↑ Avaliação das Necessidades Pós- Desastre (PDNA) ERUPÇÃO VULCÂNICA NO FOGO 2014-2015, Cape Verde
- ↑ GUÍA ANÁLISIS DE RIESGOS NATURALES PARA EL ORDENAMIENTO TERRITORIAL Subsecretaría de Desarrollo Regional y Administrativo (SUBDERE) Primera Edición, Junio 2011
- ↑ Glosario Policia Colombia
- ↑ Glosario Policia Colombia
- ↑ Glossary of Cyber terms/Glosario de términos, Centro de Seguridad del Ciberespacio
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Act No. 181 of 23 July 2014 On Cyber Security and Change of Related Acts (Act on Cyber Security)
- ↑ Glosario de Riesgo, Ministerio de Medio Ambiente y Recursos Naturales, El Salvador
- ↑ Vocabulary of Comprehensive Security. Helsinki (TSK 47) (2014)
- ↑ Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
- ↑ Glossar BBK
- ↑ Plan Estratégico de Seguridad de la Nación 2016-2020, Guatemala
- ↑ India's DGQA Cyber Security Policy (2015)
- ↑ A FRAMEWORK FOR MAJOR EMERGENCY MANAGEMENT (APPENDICES)
- ↑ RFC2828 (Japanese translation)
- ↑ 重要インフラのサイバーセキュリティを 向上させるためのフレームワーク (2014)
- ↑ Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008
- ↑ Zakboekje Preventie Cybercrime (2008
- ↑ The New Zealand Coordinated Incident Management System, Department of the Prime Minister and Cabinet, New Zealand. (2014)
- ↑ DSB, National Risikobild 2014
- ↑ DSB, National Risk Analysis 2014
- ↑ El Centro Nacional de Estimación, Prevención y Reducción del Riesgo de Desastres - CENEPRED, Glosario de Términos, Peru
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ Glossário Centro National de Cibersegurança Portugal
- ↑ Comprehensive Disaster Management Policy Framework for Trinidad and Tobago
- ↑ GLOSAR de termeni din domeniul ordinii şi siguranţei publice, MINISTERUL ADMINISTRAŢIEI ŞI INTERNELOR DIRECŢIA GENERALĂ ORGANIZARE, PLANIFICARE MISIUNI ŞI RESURSE
- ↑ Hotărârea nr. 271/2013 pentru aprobarea Strategiei de securitate cibernetică
- ↑ ЗАКОН О ИНФОРМАЦИОНОЈ БЕЗБЕДНОСТИ (Law on Information Security), Serbia
- ↑ Foresight: A Glossary, Civil Service College, Singapore
- ↑ Leitfaden Schutz kritischer Infrastrukturen 2015 pointing at ISO 31000
- ↑ Guide pour la protection des infrastructures critiques 2015/Glossaire des risques, Office fédéral de la protection de la population, 29.4.2013
- ↑ Abu Dhabi Safety and Security Planning Manual
- ↑ Glossary - Revision to Emergency Preparedness, Cabinet Office (2012)
- ↑ Cabinet Office, Section A: Introduction, Definitions and Principles of Infrastructure Resilience n.d.
- ↑ The National Adaptation Programme: Making the country resilient to a changing climate, UK Government (2013)
- ↑ DHS Risk Lexicon 2010 Edition, September 2010
- ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- ↑ Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
- ↑ Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (May 11, 2017
- ↑ IETF RFC449 Internet Security Glossary 2
- ↑ 62.0 62.1 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO/IEC 31000:2009, Risk management -- Principles and guidelines
- ↑ ISO 22301:2012 Societal security -- Business continuity management systems --- Requirements
- ↑ 65.0 65.1 ISO Guide 73:2009 Risk management -- Vocabulary