Difference between revisions of "Risk Tolerance"

From CIPedia
Jump to navigation Jump to search
(Kingdom of Saudi Arabia)
(See also)
 
(One intermediate revision by the same user not shown)
Line 29: Line 29:
 
Note: the concept of risk tolerance is linked to the concept of [[Risk Perception]].
 
Note: the concept of risk tolerance is linked to the concept of [[Risk Perception]].
  
 +
=== [[Dictionary]]===
 +
{{definition|Risicobereidheid: De hoeveelheid en het soort risico dat een organisatie bereid is. <ref>[https://www.cybersecurityalliantie.nl/ecp_images/2021/12/Cybersecurity-Woordenboek-2021_ZonderSpreads.pdf Cybersecurity Woordenboek 2021]</ref>}}<br/><br/>
 +
{{#set:defined by=Dictionary}}
 
==See also==
 
==See also==
 
* [[Risk]]
 
* [[Risk]]
Line 36: Line 39:
 
* [[Risk Reduction]]
 
* [[Risk Reduction]]
 
*[[Subjective Risk]]
 
*[[Subjective Risk]]
 
  
 
==Notes==
 
==Notes==
Line 47: Line 49:
 
[[Category:Risk]]
 
[[Category:Risk]]
 
{{#set:defined by=ITU-T|defined by=Canada|defined by=Kingdom of Saudi Arabia|defined by=Philippines|defined by=United States|defined by=NIST|defined by=ISO|defined by=US-CERT}}
 
{{#set:defined by=ITU-T|defined by=Canada|defined by=Kingdom of Saudi Arabia|defined by=Philippines|defined by=United States|defined by=NIST|defined by=ISO|defined by=US-CERT}}
 +
{{#set: Showmainpage=Yes}}

Latest revision as of 23:23, 19 February 2022

Definitions

European Definitions

Other International Definitions

ITU-T

Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. [1]


National Definitions

Canada

The willingness of an organization to accept or reject a given level of residual risk. [2]

Note: Risk tolerance may differ across an organization, but must be clearly understood by those making risk-related decisions.

Kingdom of Saudi Arabia

Risk tolerance: The acceptable variation relative to performance to the achievement of objectives. [3]



Philippines

Risk Tolerance:
(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;
(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. [4]



United States

NIST
The level of risk an entity is willing to assume in order to achieve a potential desired result. [5]


US-CERT
Risk Tolerance: Thresholds that reflect the organization’s level of risk aversion by providing levels of acceptable risk in each operational risk category that the organization has established. [6]


Standard Definition

ISO Guide 73:2009(en)

Organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives [7]

Academic Definitions

Risk Tolerance refers to a person’s capacity to accept a certain amount of risk. [8].

Note: the concept of risk tolerance is linked to the concept of Risk Perception.

Dictionary

Risicobereidheid: De hoeveelheid en het soort risico dat een organisatie bereid is. [9]



See also

Notes