Difference between revisions of "Risk Treatment"
Jump to navigation
Jump to search
(→Definitions) |
|||
Line 9: | Line 9: | ||
===Standard Definition=== | ===Standard Definition=== | ||
==== ISO/IEC 27000:2014 ==== | ==== ISO/IEC 27000:2014 ==== | ||
− | Process to modify [[risk]] <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>) . | + | {{definition|Process to modify [[risk]] <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>).}} |
− | Risk treatment can involve: | + | <big>Risk treatment can involve: |
* avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; | * avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; | ||
* taking or increasing risk in order to pursue an opportunity; | * taking or increasing risk in order to pursue an opportunity; | ||
Line 22: | Line 22: | ||
Risk treatments that deal with negative consequences are sometimes referred to as “[[Risk Mitigation]]”, “Risk Elimination”, “Risk Prevention” and “[[Risk Reduction]]”. | Risk treatments that deal with negative consequences are sometimes referred to as “[[Risk Mitigation]]”, “Risk Elimination”, “Risk Prevention” and “[[Risk Reduction]]”. | ||
− | Risk treatment can create new risks or modify existing risks. | + | Risk treatment can create new risks or modify existing risks.</big> |
==See also== | ==See also== |
Revision as of 10:51, 17 June 2014
Contents
Definitions
European Definitions
Other International Definitions
National Definitions
Standard Definition
ISO/IEC 27000:2014
Risk treatment can involve:
- avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
- taking or increasing risk in order to pursue an opportunity;
- removing the risk source;
- changing the likelihood;
- changing the consequences;
- sharing the risk with another party or parties (including contracts and risk financing) (see Risk Transfer); and
- retaining the risk by informed choice.
Risk treatments that deal with negative consequences are sometimes referred to as “Risk Mitigation”, “Risk Elimination”, “Risk Prevention” and “Risk Reduction”.
Risk treatment can create new risks or modify existing risks.