Difference between revisions of "Risk Tolerance"

From CIPedia
Jump to navigation Jump to search
Line 13: Line 13:
  
 
===Standard Definition===
 
===Standard Definition===
 +
====[[ISO|ISO Guide 73:2009(en)]] ====
 +
{{definition|Organization's or stakeholder's readiness to bear the [[risk]] after [[Risk Treatment|risk treatment]] in order to achieve its objectives <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>}}
 +
 
==See also==
 
==See also==
 
* [[Risk]]
 
* [[Risk]]
Line 26: Line 29:
 
* Test reference. -->
 
* Test reference. -->
 
[[Category:Risk]]
 
[[Category:Risk]]
{{#set:defined by=ITU-T|defined by=United States|defined by=NIST}}
+
{{#set:defined by=ITU-T|defined by=United States|defined by=NIST|defined by=ISO}}

Revision as of 16:06, 6 July 2016

Definitions

European Definitions

Other International Definitions

ITU-T

Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. [1]


National Definitions

United States

NIST
The level of risk an entity is willing to assume in order to achieve a potential desired result. [2]


Standard Definition

ISO Guide 73:2009(en)

Organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives [3]

See also

Notes

  1. ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008).
  2. NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
  3. ISO Guide 73:2009 Risk management -- Vocabulary