Difference between revisions of "Risk Tolerance"

From CIPedia
Jump to navigation Jump to search
Line 8: Line 8:
  
 
=== National Definitions ===
 
=== National Definitions ===
 +
==== [[Philippines]] ====
 +
{{definition|Risk Tolerance:<br/>(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;<br/>(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. <ref>[http://www.dnd.gov.ph/miss/PDF/downloadables/Cybersecurity%20Glossary%20(Edited).pdf DND GLOSSARY OF CYBER SECURITY TERMS (v.4)]</ref>}}<br/><br/>
 
====[[United States]]====
 
====[[United States]]====
 
=====[[NIST]]=====
 
=====[[NIST]]=====
Line 37: Line 39:
 
[[Category:Human Aspects]]
 
[[Category:Human Aspects]]
 
[[Category:Risk]]
 
[[Category:Risk]]
{{#set:defined by=ITU-T|defined by=United States|defined by=NIST|defined by=ISO}}
+
{{#set:defined by=ITU-T|defined by=Philippines|defined by=United States|defined by=NIST|defined by=ISO}}

Revision as of 01:34, 9 December 2016

Definitions

European Definitions

Other International Definitions

ITU-T

Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. [1]


National Definitions

Philippines

Risk Tolerance:
(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;
(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. [2]



United States

NIST
The level of risk an entity is willing to assume in order to achieve a potential desired result. [3]


Standard Definition

ISO Guide 73:2009(en)

Organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives [4]

Academic Definitions

Risk Tolerance refers to a person’s capacity to accept a certain amount of risk. [5].

Note: the concept of risk tolerance is linked to the concept of Risk Perception.

See also


Notes

  1. ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008).
  2. DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
  3. NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
  4. ISO Guide 73:2009 Risk management -- Vocabulary
  5. Campbell Institute (2014). Risk perception: Theories, strategies and next steps.