Difference between revisions of "Risk Tolerance"
Jump to navigation
Jump to search
(→ITU-T) |
|||
Line 8: | Line 8: | ||
=== National Definitions === | === National Definitions === | ||
+ | ====[[United States]]==== | ||
+ | =====[[NIST]]===== | ||
+ | {{definition|The level of [[risk]] an entity is willing to assume in order to achieve a potential desired result. <ref name="NISTIR7298"> [http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013]</ref>}}<br /> | ||
===Standard Definition=== | ===Standard Definition=== | ||
Line 23: | Line 26: | ||
* Test reference. --> | * Test reference. --> | ||
[[Category:Risk]] | [[Category:Risk]] | ||
− | {{#set:defined by=ITU-T}} | + | {{#set:defined by=ITU-T|defined by=United States|defined by=NIST}} |
Revision as of 22:27, 9 May 2016
Contents
Definitions
European Definitions
Other International Definitions
ITU-T
Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. [1]
National Definitions
United States
NIST
The level of risk an entity is willing to assume in order to achieve a potential desired result. [2]
Standard Definition
See also
Notes
- ↑ ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008).
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013