Difference between revisions of "Risk Tolerance"
Jump to navigation
Jump to search
Line 15: | Line 15: | ||
====[[ISO|ISO Guide 73:2009(en)]] ==== | ====[[ISO|ISO Guide 73:2009(en)]] ==== | ||
{{definition|Organization's or stakeholder's readiness to bear the [[risk]] after [[Risk Treatment|risk treatment]] in order to achieve its objectives <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>}} | {{definition|Organization's or stakeholder's readiness to bear the [[risk]] after [[Risk Treatment|risk treatment]] in order to achieve its objectives <ref>[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>}} | ||
+ | |||
+ | ===Academic Definitions=== | ||
+ | {{Definition|Risk Tolerance refers to a person’s capacity to accept a certain amount of [[risk]]. <ref name="Campbell">[http://www.nsc.org/CambpellInstituteandAwardDocuments/WP-Risk%20Preception.pdf Campbell Institute (2014). Risk perception: Theories, strategies and next steps. ]</ref>. }} | ||
+ | Note: the concept of risk tolerance is linked to the concept of [[Risk Perception]]. | ||
==See also== | ==See also== | ||
Line 20: | Line 24: | ||
* [[Risk Transfer]] | * [[Risk Transfer]] | ||
* [[Risk Mitigation]] | * [[Risk Mitigation]] | ||
+ | * [[Risk Perception]] | ||
* [[Risk Reduction]] | * [[Risk Reduction]] | ||
+ | *[[Subjective Risk]] | ||
+ | |||
==Notes== | ==Notes== | ||
Line 28: | Line 35: | ||
==References== | ==References== | ||
* Test reference. --> | * Test reference. --> | ||
+ | [[Category:Human Aspects]] | ||
[[Category:Risk]] | [[Category:Risk]] | ||
{{#set:defined by=ITU-T|defined by=United States|defined by=NIST|defined by=ISO}} | {{#set:defined by=ITU-T|defined by=United States|defined by=NIST|defined by=ISO}} |
Revision as of 14:27, 24 November 2016
Contents
Definitions
European Definitions
Other International Definitions
ITU-T
Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. [1]
National Definitions
United States
NIST
The level of risk an entity is willing to assume in order to achieve a potential desired result. [2]
Standard Definition
ISO Guide 73:2009(en)
Organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives [3]
Academic Definitions
Note: the concept of risk tolerance is linked to the concept of Risk Perception.
See also
Notes
- ↑ ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008).
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
- ↑ Campbell Institute (2014). Risk perception: Theories, strategies and next steps.