Difference between revisions of "Risk Tolerance"
Jump to navigation
Jump to search
| Line 8: | Line 8: | ||
=== National Definitions === | === National Definitions === | ||
| + | ==== [[Canada]] ==== | ||
| + | {{definition|The willingness of an organization to accept or reject a given level of residual risk. <ref>[https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ll-hzrds-ssssmnt/index-en.aspx#annex_7 All Hazards Risk Assessment Methodology Guidelines 2012-2013, Public Safety Canada]</ref>}}Note: Risk tolerance may differ across an organization, but must be clearly understood by those making risk-related decisions.<br /><br/> | ||
| + | |||
==== [[Philippines]] ==== | ==== [[Philippines]] ==== | ||
{{definition|Risk Tolerance:<br/>(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;<br/>(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/><br/> | {{definition|Risk Tolerance:<br/>(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;<br/>(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/><br/> | ||
| Line 39: | Line 42: | ||
[[Category:Human Aspects]] | [[Category:Human Aspects]] | ||
[[Category:Risk]] | [[Category:Risk]] | ||
| − | {{#set:defined by=ITU-T|defined by=Philippines|defined by=United States|defined by=NIST|defined by=ISO}} | + | {{#set:defined by=ITU-T|defined by=Canada|defined by=Philippines|defined by=United States|defined by=NIST|defined by=ISO}} |
Revision as of 20:30, 22 January 2017
Contents
Definitions
European Definitions
Other International Definitions
ITU-T
Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. [1]
National Definitions
Canada
The willingness of an organization to accept or reject a given level of residual risk. [2]
Note: Risk tolerance may differ across an organization, but must be clearly understood by those making risk-related decisions.
Philippines
Risk Tolerance:
(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;
(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. [3]
(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;
(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. [3]
United States
NIST
The level of risk an entity is willing to assume in order to achieve a potential desired result. [4]
Standard Definition
ISO Guide 73:2009(en)
Organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives [5]
Academic Definitions
Note: the concept of risk tolerance is linked to the concept of Risk Perception.
See also
Notes
- ↑ ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008).
- ↑ All Hazards Risk Assessment Methodology Guidelines 2012-2013, Public Safety Canada
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
- ↑ Campbell Institute (2014). Risk perception: Theories, strategies and next steps.
