Difference between revisions of "Risk Tolerance"

Revision as of 09:58, 13 September 2017

Definitions

European Definitions

Other International Definitions

ITU-T

Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. ^[1]

National Definitions

Canada

The willingness of an organization to accept or reject a given level of residual risk. ^[2]

Note: Risk tolerance may differ across an organization, but must be clearly understood by those making risk-related decisions.

Risk Tolerance:
(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;
(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. ^[3]

United States

NIST

The level of risk an entity is willing to assume in order to achieve a potential desired result. ^[4]

US-CERT

Risk Tolerance: Thresholds that reflect the organization’s level of risk aversion by providing levels of acceptable risk in each operational risk category that the organization has established. ^[5]

Standard Definition

ISO Guide 73:2009(en)

Organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives ^[6]

Academic Definitions

Risk Tolerance refers to a person’s capacity to accept a certain amount of risk. ^[7].

Note: the concept of risk tolerance is linked to the concept of Risk Perception.

Notes

↑ ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008).
↑ All Hazards Risk Assessment Methodology Guidelines 2012-2013, Public Safety Canada
↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
↑ Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
↑ ISO Guide 73:2009 Risk management -- Vocabulary
↑ Campbell Institute (2014). Risk perception: Theories, strategies and next steps.

[1] ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008).

[2] All Hazards Risk Assessment Methodology Guidelines 2012-2013, Public Safety Canada

[3] DND GLOSSARY OF CYBER SECURITY TERMS (v.4)

[NISTIR7298-4] NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013

[USCERT-5] Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)

[6] ISO Guide 73:2009 Risk management -- Vocabulary

[Campbell-7] Campbell Institute (2014). Risk perception: Theories, strategies and next steps.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

@@ Line 44: / Line 44: @@
 [[Category:Human Aspects]]
 [[Category:Risk]]
-{{#set:defined by=ITU-T|defined by=Canada|defined by=Philippines|defined by=United States|defined by=NIST|defined by=ISO}}
+{{#set:defined by=ITU-T|defined by=Canada|defined by=Philippines|defined by=United States|defined by=NIST|defined by=ISO|defined by=US-CERT}}

Difference between revisions of "Risk Tolerance"

Revision as of 09:58, 13 September 2017

Contents

Definitions

European Definitions

Other International Definitions

ITU-T

National Definitions

Canada

Philippines

United States

NIST

US-CERT

Standard Definition

ISO Guide 73:2009(en)

Academic Definitions

See also

Notes

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Actions

Fraunhofer-Wiki-Farm

Tools