Risk Tolerance

From CIPedia
Jump to navigation Jump to search


European Definitions

Other International Definitions


Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. [1]

National Definitions

United States

The level of risk an entity is willing to assume in order to achieve a potential desired result. [2]

Standard Definition

ISO Guide 73:2009(en)

Organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives [3]

See also


  1. ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008).
  2. NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
  3. ISO Guide 73:2009 Risk management -- Vocabulary