Difference between revisions of "Risk Treatment"

From CIPedia
Jump to navigation Jump to search
(Created page with "==Definitions== === Official European Definition === === Other International Definitions === ==== UNISDR ==== <ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglis...")
 
(Luxembourg)
 
(25 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
==Definitions==
 
==Definitions==
=== Official European Definition ===
+
=== European Definitions ===
 +
====[[ENISA]]====
 +
{{definition|Risk treatment is the process of selection and implementation of [[Measure|measures]] to modify [[risk]]  (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/glossary ENISA Risk Glossary]</ref>}}<br />
  
 +
=== Other International Definitions ===
 +
 +
=== National Definitions ===
 +
==== [[Argentina]] ====
 +
{{definition|Tratamiento de Riesgos: Proceso de selección e implementación de medidas para modificar el riesgo. <ref>[http://servicios.infoleg.gob.ar/infolegInternet/anexos/215000-219999/219163/norma.htm Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)]</ref>}}<br/><br/>
  
=== Other International Definitions ===
+
==== [[Australia]] ====
==== UNISDR ====
+
{{definition| Risk treatment is the selection and implementation of appropriate options for dealing with risk.  <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}}
<ref> [http://www.unisdr.org/files/7817_UNISDRTerminologyEnglish.pdf 2009 UNISDR Terminology on Disaster Risk Reduction]</ref>.
+
<br /><br/>
 +
==== [[Czech Republic]] ====
 +
{{definition| Zvládání rizika, ošetření rizika: proces pro modifikování (změnu) rizika. <ref>[http://www.govcert.cz/download/nodeid-561  Výkladový slovník kybernetické bezpečnosti (2013)]</ref> <br/><br/> Risk treatment is the process to modify (change) a [[risk]]. <ref>[http://www.govcert.cz/download/nodeid-561  Výkladový slovník kybernetické bezpečnosti (2013)]</ref>}}<br/><br/>
 +
====[[Kingdom of Saudi Arabia]]====
 +
{{definition|Risk treatment: A process to modify risk that can involve avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; taking or increasing risk in order to pursue an opportunity; removing the risk source; changing the likelihood; changing the consequences; sharing the risk with another party or parties; and retaining the risk by informed decision. Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk elimination”, “risk prevention” and “risk reduction”. Risk treatments can create new risks or modify existing risks. (ISO/Guide 73:2009 Risk management — Vocabulary) <ref>[http://www.sama.gov.sa/en-US/Laws/BankingRules/SAMA%20Cyber%20Security%20Framework.pdf Cyber Security Framework Saudi Arabian Monetary Authority Version 1.0 May 2017 ]</ref>}}<br/><br/>
  
 +
==== [[Kiribati]] ====
 +
{{definition|Totokoan te kanganga: Te taeka ae ti tebo naba nanona ma “[[adaptation]]”. <ref>[http://www.president.gov.ki/wp-content/uploads/2014/08/KAPII-Bi-Lingual-Glossary-CLIMATE-CHANGE-TERMS.pdf Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008]</ref><br/><br/>Risk treatment: This is another term for “[[Adaptation]]”. }}<br/><br/>
 +
==== [[Luxembourg]] ====
 +
{{definition|Traitement des risques: Processus destiné à modifier un risque <ref>[https://cybersecurite.public.lu/fr/glossaire.html Glossaire]</ref>}}<br/><br/>
  
The concept and practice of reducing disaster
+
==== [[Netherlands]]====
risks through systematic efforts to analyse
+
{{definition|[Dutch] Riscobehandeling is het proces waarbij [[Risk|risico’s]] worden weggenomen en de kans of het effect ervan wordt beperkt. <ref>[https://www.brandweer.nl/publish/pages/risico_beoordeling_16_0_bhm_2015.pdf Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015]</ref>}}<br/><br/>
and manage the causal factors of disasters,
+
==== [[Philippines]] ====
including through reduced exposure to
+
{{definition|Risk Treatment  - The step in the risk management process that follows the risk assessment. The main task in the risk treatment step is to select one or more options for treating each unacceptable risk, i.e. decide how to mitigate all these risks. Four risk treatment options exist: <br/>• [[Risk Treatment]] – e.g. apply applicable security controls. <br/>• Risk Transfer – e.g. to an insurance company by buying an insurance policy. <br/>• Risk Avoidance – e.g. stopping an activity that is too risky, or by doing it in a completely different fashion. <br/>• [[Risk Acceptance]] – for instance, the cost of mitigating that risk would be higher that the damage itself.  <ref>[https://digital.nhs.uk/services/data-and-cyber-security-protecting-information-and-data-in-health-and-care/cyber-and-data-security-policy-and-good-practice-in-health-and-care/cyber-and-data-security-resources/cyber-security-glossary NHS Cyber security glossary]</ref>}}<br/><br/>
11
 
hazards, lessened vulnerability of people and
 
property, wise management of land and the
 
environment, and improved preparedness for
 
adverse events.
 
Comment: A comprehensive approach to reduce
 
disaster risks is set out in the United Nations-endorsed
 
Hyogo Framework for Action, adopted in 2005, whose
 
expected outcome is “The substantial reduction of
 
disaster losses, in lives and the social, economic and
 
environmental assets of communities and countries.
 
The International Strategy for Disaster Reduction (ISDR)
 
system provides a vehicle for cooperation among
 
Governments, organisations and civil society actors to
 
assist in the implementation of the Framework. Note
 
that while the term “disaster reduction” is sometimes
 
used, the term “disaster risk reduction” provides a
 
better recognition of the ongoing nature of disaster
 
risks and the ongoing potential to reduce these risks.
 
  
=== National Definitions ===
+
==== [[United Kingdom]] ====
====USA====
+
{{definition|Risk treatment is the process of determining those risks that should be controlled (by reducing their likelihood and/or putting impact mitigation measures in place) and those that will be tolerated at their currently assessed level.  <ref>[http://www.gov.uk/government/uploads/system/uploads/attachment_data/file/128797/LEXICON_v2_1_1-Feb-2013.xls UK Civil Protection Lexicon 2013]</ref>}}<br/><br/>
Decrease in risk through risk avoidance, risk control or risk transfer. (Source: DHS Lexicon, 2010)
 
  <ref name="DHSLex"> [http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf DHS Risk Lexicon 2010 Edition, September 2010]</ref>.
 
  
  
 
===Standard Definition===
 
===Standard Definition===
==== ISO/IEC 27000:2014 ====
+
==== [[ISO|ISO/IEC 27000:2014]] ====
process (2.61) to modify risk (2.68)[[risk]]<ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>) .
+
{{definition|Process to modify [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009 <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}}
  
Risk treatment can involve:
+
<big>Risk treatment can involve:
 
* avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
 
* avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
 
* taking or increasing risk in order to pursue an opportunity;
 
* taking or increasing risk in order to pursue an opportunity;
Line 51: Line 45:
 
* retaining the risk by informed choice.
 
* retaining the risk by informed choice.
  
Risk treatments that deal with negative consequences are sometimes referred to as “[[Risk Mitigation|risk mitigation]]”, “risk elimination”, “risk prevention” and “[[risk reduction]]”.
+
Risk treatments that deal with negative consequences are sometimes referred to as “[[Risk Mitigation]]”, “Risk Elimination”, “Risk Prevention” and “[[Risk Reduction]]”.
  
Risk treatment can create new risks or modify existing risks.
+
Risk treatment can create new risks or modify existing risks.</big>
  
 
==See also==
 
==See also==
 
* [[Risk]]
 
* [[Risk]]
 
* [[Risk Transfer]]
 
* [[Risk Transfer]]
* [[Risk Treatment]]
 
 
* [[Risk Mitigation]]
 
* [[Risk Mitigation]]
 +
* [[Risk Reduction]]
  
 
==Notes==
 
==Notes==
<references />
 
  
<!--
 
 
==References==
 
==References==
* Test reference. -->
+
<references />
  
[[Category:Main]]
+
[[Category:Risk]]
 +
{{#set:defined by=ENISA|defined by=Argentina|defined by=Australia|defined by=Czech Republic|defined by=Kingdom of Saudi Arabia|defined by=Kiribati|defined by=Luxembourg|defined by=Netherlands|defined by= Philippines|defined by=United Kingdom|defined by=ISO}}
 +
{{#set: Showmainpage=Yes}}

Latest revision as of 13:21, 15 August 2022

Definitions

European Definitions

ENISA

Risk treatment is the process of selection and implementation of measures to modify risk (refers to ISO/IEC Guide 73). [1]


Other International Definitions

National Definitions

Argentina

Tratamiento de Riesgos: Proceso de selección e implementación de medidas para modificar el riesgo. [2]



Australia

Risk treatment is the selection and implementation of appropriate options for dealing with risk. [3]



Czech Republic

Zvládání rizika, ošetření rizika: proces pro modifikování (změnu) rizika. [4]

Risk treatment is the process to modify (change) a risk. [5]



Kingdom of Saudi Arabia

Risk treatment: A process to modify risk that can involve avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; taking or increasing risk in order to pursue an opportunity; removing the risk source; changing the likelihood; changing the consequences; sharing the risk with another party or parties; and retaining the risk by informed decision. Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk elimination”, “risk prevention” and “risk reduction”. Risk treatments can create new risks or modify existing risks. (ISO/Guide 73:2009 Risk management — Vocabulary) [6]



Kiribati

Totokoan te kanganga: Te taeka ae ti tebo naba nanona ma “adaptation”. [7]

Risk treatment: This is another term for “Adaptation”.



Luxembourg

Traitement des risques: Processus destiné à modifier un risque [8]



Netherlands

[Dutch] Riscobehandeling is het proces waarbij risico’s worden weggenomen en de kans of het effect ervan wordt beperkt. [9]



Philippines

Risk Treatment - The step in the risk management process that follows the risk assessment. The main task in the risk treatment step is to select one or more options for treating each unacceptable risk, i.e. decide how to mitigate all these risks. Four risk treatment options exist:
Risk Treatment – e.g. apply applicable security controls.
• Risk Transfer – e.g. to an insurance company by buying an insurance policy.
• Risk Avoidance – e.g. stopping an activity that is too risky, or by doing it in a completely different fashion.
Risk Acceptance – for instance, the cost of mitigating that risk would be higher that the damage itself. [10]



United Kingdom

Risk treatment is the process of determining those risks that should be controlled (by reducing their likelihood and/or putting impact mitigation measures in place) and those that will be tolerated at their currently assessed level. [11]




Standard Definition

ISO/IEC 27000:2014

Process to modify risk. [12](based on the ISO Guide 73:2009 [13])

Risk treatment can involve:

  • avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
  • taking or increasing risk in order to pursue an opportunity;
  • removing the risk source;
  • changing the likelihood;
  • changing the consequences;
  • sharing the risk with another party or parties (including contracts and risk financing) (see Risk Transfer); and
  • retaining the risk by informed choice.

Risk treatments that deal with negative consequences are sometimes referred to as “Risk Mitigation”, “Risk Elimination”, “Risk Prevention” and “Risk Reduction”.

Risk treatment can create new risks or modify existing risks.

See also

Notes

References

  1. ENISA Risk Glossary
  2. Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
  3. Australian Emergency Management Glossary, Emergency Management Australia (1998)
  4. Výkladový slovník kybernetické bezpečnosti (2013)
  5. Výkladový slovník kybernetické bezpečnosti (2013)
  6. Cyber Security Framework Saudi Arabian Monetary Authority Version 1.0 May 2017
  7. Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008
  8. Glossaire
  9. Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015
  10. NHS Cyber security glossary
  11. UK Civil Protection Lexicon 2013
  12. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  13. ISO Guide 73:2009 Risk management -- Vocabulary


Retrieved from "https://websites.fraunhofer.de/CIPedia/index.php?title=Risk_Treatment&oldid=12778"