Difference between revisions of "Risk Tolerance"

From CIPedia
Jump to navigation Jump to search
Line 15: Line 15:
 
====[[ISO|ISO Guide 73:2009(en)]] ====
 
====[[ISO|ISO Guide 73:2009(en)]] ====
 
{{definition|Organization's or stakeholder's readiness to bear the [[risk]] after [[Risk Treatment|risk treatment]] in order to achieve its objectives <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>}}
 
{{definition|Organization's or stakeholder's readiness to bear the [[risk]] after [[Risk Treatment|risk treatment]] in order to achieve its objectives <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>}}
 +
 +
===Academic Definitions===
 +
{{Definition|Risk Tolerance refers to a person’s capacity to accept a certain amount of [[risk]]. <ref name="Campbell">[http://www.nsc.org/CambpellInstituteandAwardDocuments/WP-Risk%20Preception.pdf Campbell Institute (2014). Risk perception: Theories, strategies and next steps. ]</ref>. }}
 +
Note: the concept of risk tolerance is linked to the concept of [[Risk Perception]].
  
 
==See also==
 
==See also==
Line 20: Line 24:
 
* [[Risk Transfer]]
 
* [[Risk Transfer]]
 
* [[Risk Mitigation]]
 
* [[Risk Mitigation]]
 +
* [[Risk Perception]]
 
* [[Risk Reduction]]
 
* [[Risk Reduction]]
 +
*[[Subjective Risk]]
 +
  
 
==Notes==
 
==Notes==
Line 28: Line 35:
 
==References==
 
==References==
 
* Test reference. -->
 
* Test reference. -->
 +
[[Category:Human Aspects]]
 
[[Category:Risk]]
 
[[Category:Risk]]
 
{{#set:defined by=ITU-T|defined by=United States|defined by=NIST|defined by=ISO}}
 
{{#set:defined by=ITU-T|defined by=United States|defined by=NIST|defined by=ISO}}

Revision as of 13:27, 24 November 2016

Definitions

European Definitions

Other International Definitions

ITU-T

Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. [1]


National Definitions

United States

NIST
The level of risk an entity is willing to assume in order to achieve a potential desired result. [2]


Standard Definition

ISO Guide 73:2009(en)

Organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives [3]

Academic Definitions

Risk Tolerance refers to a person’s capacity to accept a certain amount of risk. [4].

Note: the concept of risk tolerance is linked to the concept of Risk Perception.

See also


Notes

  1. ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008).
  2. NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
  3. ISO Guide 73:2009 Risk management -- Vocabulary
  4. Campbell Institute (2014). Risk perception: Theories, strategies and next steps.