Difference between revisions of "Risk Tolerance"

From CIPedia
Jump to navigation Jump to search
(Kingdom of Saudi Arabia)
Line 11: Line 11:
 
{{definition|The willingness of an organization to accept or reject a given level of residual risk.  <ref>[https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ll-hzrds-ssssmnt/index-en.aspx#annex_7 All Hazards Risk Assessment Methodology Guidelines 2012-2013, Public Safety Canada]</ref>}}Note: Risk tolerance may differ across an organization, but must be clearly understood by those making risk-related decisions.<br /><br/>
 
{{definition|The willingness of an organization to accept or reject a given level of residual risk.  <ref>[https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ll-hzrds-ssssmnt/index-en.aspx#annex_7 All Hazards Risk Assessment Methodology Guidelines 2012-2013, Public Safety Canada]</ref>}}Note: Risk tolerance may differ across an organization, but must be clearly understood by those making risk-related decisions.<br /><br/>
 
====[[Kingdom of Saudi Arabia]]====
 
====[[Kingdom of Saudi Arabia]]====
{{definition|Risk tolerance:  
+
{{definition|Risk tolerance: The acceptable variation relative to performance to the achievement of objectives. <ref>[http://www.sama.gov.sa/en-US/Laws/BankingRules/SAMA%20Cyber%20Security%20Framework.pdf Cyber Security Framework Saudi Arabian Monetary Authority Version 1.0 May 2017 ]</ref>}}<br/><br/>
The acceptable variation relative to performance to the achievement of objectives. <ref>[http://www.sama.gov.sa/en-US/Laws/BankingRules/SAMA%20Cyber%20Security%20Framework.pdf Cyber Security Framework Saudi Arabian Monetary Authority Version 1.0 May 2017 ]</ref>}}<br/><br/>
+
 
 
==== [[Philippines]] ====
 
==== [[Philippines]] ====
 
{{definition|Risk Tolerance:<br/>(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;<br/>(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/><br/>
 
{{definition|Risk Tolerance:<br/>(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;<br/>(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/><br/>

Revision as of 22:11, 2 December 2017

Definitions

European Definitions

Other International Definitions

ITU-T

Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. [1]


National Definitions

Canada

The willingness of an organization to accept or reject a given level of residual risk. [2]

Note: Risk tolerance may differ across an organization, but must be clearly understood by those making risk-related decisions.

Kingdom of Saudi Arabia

Risk tolerance: The acceptable variation relative to performance to the achievement of objectives. [3]



Philippines

Risk Tolerance:
(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;
(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. [4]



United States

NIST
The level of risk an entity is willing to assume in order to achieve a potential desired result. [5]


US-CERT
Risk Tolerance: Thresholds that reflect the organization’s level of risk aversion by providing levels of acceptable risk in each operational risk category that the organization has established. [6]


Standard Definition

ISO Guide 73:2009(en)

Organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives [7]

Academic Definitions

Risk Tolerance refers to a person’s capacity to accept a certain amount of risk. [8].

Note: the concept of risk tolerance is linked to the concept of Risk Perception.

See also


Notes