Risk Management

From CIPedia
Revision as of 16:54, 25 December 2014 by Eluiijf (talk | contribs) (National Definitions)
Jump to navigation Jump to search

Definitions

European Definitions

[CBRN] The process, distinct from Risk Assessment, of weighing policy alternatives, in consultation with all interested parties, considering risk assessment and other factors relevant for the health protection of workers and consumers, the protection of the environment and for the promotion of fair trade practices, and, if needed, selecting appropriate prevention and control options [1].

Other International Definitions

NATO CEP / EAPC

A deliberate process of understanding risk and deciding upon and implementing actions to reduce risk to a defined level, which is an acceptable level of risk at an acceptable cost. This approach is characterised by identifying, measuring, and controlling risks to a level commensurate with an assigned level. [2].


UNISDR

The systematic approach and practice of managing uncertainty to minimize potential harm and loss.[3].

According to UNISDR, risk management comprises risk assessment and analysis, and the implementation of strategies and specific actions to control, reduce and transfer risks. It is widely practiced by organizations to minimise risk in investment decisions and to address operational risks such as those of business disruption, production failure, environmental damage, social impacts and damage from fire and natural hazards. Risk management is a core issue for sectors such as water supply, energy and agriculture whose production is directly affected by extremes of weather and climate.

National Definitions

Germany

The totality of measures to minimise the risk situation, weighing up the strategic alternatives (optional courses of action) in consultation with the parties concerned and according due consideration to the risk assessment and other factors worthy of consideration. [4].


USA

Process of identifying, analyzing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level at an acceptable cost [5].
Prioritizing, evaluating, and implementing the appropriate risk -reducing controls/countermeasures recommended from the risk management process. (Source: CNSSI-4009; NIST SP 800-30; NIST SP 800-39)

Standard Definition

ISO/IEC 27000:2014

The standard defines risk management as

Coordinated activities to direct and control an organization with regard to risk[6](based on the ISO Guide 73:2009[7]).

Risk management process is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context and identifying, analysing, evaluating, treating, monitoring and reviewing risk[6] (based on the ISO Guide 73:2009[7]). ISO/IEC 27005 uses the term ‘process’ to describe risk management overall. The elements within the risk management process are termed ‘activities’.

See also

Notes

  1. European Commission's CBRN Glossary, 2012
  2. [NATO EAPC(SCEPC) lexicon.]
  3. 2009 UNISDR Terminology on Disaster Risk Reduction
  4. http://www.kritis.bund.de/SharedDocs/Downloads/Kritis/EN/Baseline%20Protection%20Concept.pdf Protection of Critical Infrastructures – Baseline Protection Concept: Recommendation for Companies, BMI.
  5. DHS Risk Lexicon 2010 Edition, September 2010
  6. 6.0 6.1 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  7. 7.0 7.1 ISO Guide 73:2009 Risk management -- Vocabulary
Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Risk_Management&oldid=1663"