Risk Tolerance

From CIPedia
Revision as of 23:23, 19 February 2022 by Eluiijf (talk | contribs) (See also)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


European Definitions

Other International Definitions


Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. [1]

National Definitions


The willingness of an organization to accept or reject a given level of residual risk. [2]

Note: Risk tolerance may differ across an organization, but must be clearly understood by those making risk-related decisions.

Kingdom of Saudi Arabia

Risk tolerance: The acceptable variation relative to performance to the achievement of objectives. [3]


Risk Tolerance:
(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;
(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. [4]

United States

The level of risk an entity is willing to assume in order to achieve a potential desired result. [5]

Risk Tolerance: Thresholds that reflect the organization’s level of risk aversion by providing levels of acceptable risk in each operational risk category that the organization has established. [6]

Standard Definition

ISO Guide 73:2009(en)

Organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives [7]

Academic Definitions

Risk Tolerance refers to a person’s capacity to accept a certain amount of risk. [8].

Note: the concept of risk tolerance is linked to the concept of Risk Perception.


Risicobereidheid: De hoeveelheid en het soort risico dat een organisatie bereid is. [9]

See also