Difference between revisions of "Risk Treatment"

From CIPedia
Jump to navigation Jump to search
(Luxembourg)
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Definitions==
 
==Definitions==
 
=== European Definitions ===
 
=== European Definitions ===
 
+
====[[ENISA]]====
 +
{{definition|Risk treatment is the process of selection and implementation of [[Measure|measures]] to modify [[risk]]  (refers to [[ISO|ISO/IEC Guide 73]]). <ref name="ENISAGlos"> [http://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/glossary ENISA Risk Glossary]</ref>}}<br />
  
 
=== Other International Definitions ===
 
=== Other International Definitions ===
  
 
=== National Definitions ===
 
=== National Definitions ===
 +
==== [[Argentina]] ====
 +
{{definition|Tratamiento de Riesgos: Proceso de selección e implementación de medidas para modificar el riesgo. <ref>[http://servicios.infoleg.gob.ar/infolegInternet/anexos/215000-219999/219163/norma.htm Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)]</ref>}}<br/><br/>
 +
 
==== [[Australia]] ====  
 
==== [[Australia]] ====  
 
{{definition| Risk treatment is the selection and implementation of appropriate options for dealing with risk.  <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}}  
 
{{definition| Risk treatment is the selection and implementation of appropriate options for dealing with risk.  <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}}  
<br />
+
<br /><br/>
 
==== [[Czech Republic]] ====
 
==== [[Czech Republic]] ====
{{definition| Zvládání rizika, ošetření rizika: proces pro modifikování (změnu) rizika. <ref> http://www.govcert.cz/download/nodeid-561  Výkladový slovník kybernetické bezpečnosti (2013)</ref> <br/><br/> Risk treatment is the process to modify (change) a [[risk]]. <ref> http://www.govcert.cz/download/nodeid-561  Výkladový slovník kybernetické bezpečnosti (2013)</ref>}}<br/>
+
{{definition| Zvládání rizika, ošetření rizika: proces pro modifikování (změnu) rizika. <ref>[http://www.govcert.cz/download/nodeid-561  Výkladový slovník kybernetické bezpečnosti (2013)]</ref> <br/><br/> Risk treatment is the process to modify (change) a [[risk]]. <ref>[http://www.govcert.cz/download/nodeid-561  Výkladový slovník kybernetické bezpečnosti (2013)]</ref>}}<br/><br/>
 +
====[[Kingdom of Saudi Arabia]]====
 +
{{definition|Risk treatment: A process to modify risk that can involve avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; taking or increasing risk in order to pursue an opportunity; removing the risk source; changing the likelihood; changing the consequences; sharing the risk with another party or parties; and retaining the risk by informed decision. Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk elimination”, “risk prevention” and “risk reduction”. Risk treatments can create new risks or modify existing risks. (ISO/Guide 73:2009 Risk management — Vocabulary) <ref>[http://www.sama.gov.sa/en-US/Laws/BankingRules/SAMA%20Cyber%20Security%20Framework.pdf Cyber Security Framework Saudi Arabian Monetary Authority Version 1.0 May 2017 ]</ref>}}<br/><br/>
 +
 
 +
==== [[Kiribati]] ====
 +
{{definition|Totokoan te kanganga: Te taeka ae ti tebo naba nanona ma “[[adaptation]]”. <ref>[http://www.president.gov.ki/wp-content/uploads/2014/08/KAPII-Bi-Lingual-Glossary-CLIMATE-CHANGE-TERMS.pdf Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008]</ref><br/><br/>Risk treatment: This is another term for “[[Adaptation]]”. }}<br/><br/>
 +
==== [[Luxembourg]] ====
 +
{{definition|Traitement des risques: Processus destiné à modifier un risque <ref>[https://cybersecurite.public.lu/fr/glossaire.html Glossaire]</ref>}}<br/><br/>
 +
 
 +
==== [[Netherlands]]====
 +
{{definition|[Dutch] Riscobehandeling is het proces waarbij [[Risk|risico’s]] worden weggenomen en de kans of het effect ervan wordt beperkt. <ref>[https://www.brandweer.nl/publish/pages/risico_beoordeling_16_0_bhm_2015.pdf Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015]</ref>}}<br/><br/>
 +
==== [[Philippines]] ====
 +
{{definition|Risk Treatment  - The step in the risk management process that follows the risk assessment. The main task in the risk treatment step is to select one or more options for treating each unacceptable risk, i.e. decide how to mitigate all these risks. Four risk treatment options exist: <br/>• [[Risk Treatment]] – e.g. apply applicable security controls. <br/>• Risk Transfer – e.g. to an insurance company by buying an insurance policy. <br/>• Risk Avoidance – e.g. stopping an activity that is too risky, or by doing it in a completely different fashion. <br/>• [[Risk Acceptance]] – for instance, the cost of mitigating that risk would be higher that the damage itself.  <ref>[https://digital.nhs.uk/services/data-and-cyber-security-protecting-information-and-data-in-health-and-care/cyber-and-data-security-policy-and-good-practice-in-health-and-care/cyber-and-data-security-resources/cyber-security-glossary NHS Cyber security glossary]</ref>}}<br/><br/>
 +
 
 +
==== [[United Kingdom]] ====
 +
{{definition|Risk treatment is the process of determining those risks that should be controlled (by reducing their likelihood and/or putting impact mitigation measures in place) and those that will be tolerated at their currently assessed level.  <ref>[http://www.gov.uk/government/uploads/system/uploads/attachment_data/file/128797/LEXICON_v2_1_1-Feb-2013.xls UK Civil Protection Lexicon 2013]</ref>}}<br/><br/>
  
  
 
===Standard Definition===
 
===Standard Definition===
 
==== [[ISO|ISO/IEC 27000:2014]] ====
 
==== [[ISO|ISO/IEC 27000:2014]] ====
{{definition|Process to modify [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}}
+
{{definition|Process to modify [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009 <ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}}
  
 
<big>Risk treatment can involve:
 
<big>Risk treatment can involve:
Line 37: Line 56:
  
 
==Notes==
 
==Notes==
<references />
 
  
<!--
 
 
==References==
 
==References==
* Test reference. -->
+
<references />
  
 
[[Category:Risk]]
 
[[Category:Risk]]
{{#set:defined by=Australia|defined by=Czech Republic|defined by=ISO}}
+
{{#set:defined by=ENISA|defined by=Argentina|defined by=Australia|defined by=Czech Republic|defined by=Kingdom of Saudi Arabia|defined by=Kiribati|defined by=Luxembourg|defined by=Netherlands|defined by= Philippines|defined by=United Kingdom|defined by=ISO}}
 +
{{#set: Showmainpage=Yes}}

Latest revision as of 12:21, 15 August 2022

Definitions

European Definitions

ENISA

Risk treatment is the process of selection and implementation of measures to modify risk (refers to ISO/IEC Guide 73). [1]


Other International Definitions

National Definitions

Argentina

Tratamiento de Riesgos: Proceso de selección e implementación de medidas para modificar el riesgo. [2]



Australia

Risk treatment is the selection and implementation of appropriate options for dealing with risk. [3]



Czech Republic

Zvládání rizika, ošetření rizika: proces pro modifikování (změnu) rizika. [4]

Risk treatment is the process to modify (change) a risk. [5]



Kingdom of Saudi Arabia

Risk treatment: A process to modify risk that can involve avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; taking or increasing risk in order to pursue an opportunity; removing the risk source; changing the likelihood; changing the consequences; sharing the risk with another party or parties; and retaining the risk by informed decision. Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk elimination”, “risk prevention” and “risk reduction”. Risk treatments can create new risks or modify existing risks. (ISO/Guide 73:2009 Risk management — Vocabulary) [6]



Kiribati

Totokoan te kanganga: Te taeka ae ti tebo naba nanona ma “adaptation”. [7]

Risk treatment: This is another term for “Adaptation”.



Luxembourg

Traitement des risques: Processus destiné à modifier un risque [8]



Netherlands

[Dutch] Riscobehandeling is het proces waarbij risico’s worden weggenomen en de kans of het effect ervan wordt beperkt. [9]



Philippines

Risk Treatment - The step in the risk management process that follows the risk assessment. The main task in the risk treatment step is to select one or more options for treating each unacceptable risk, i.e. decide how to mitigate all these risks. Four risk treatment options exist:
Risk Treatment – e.g. apply applicable security controls.
• Risk Transfer – e.g. to an insurance company by buying an insurance policy.
• Risk Avoidance – e.g. stopping an activity that is too risky, or by doing it in a completely different fashion.
Risk Acceptance – for instance, the cost of mitigating that risk would be higher that the damage itself. [10]



United Kingdom

Risk treatment is the process of determining those risks that should be controlled (by reducing their likelihood and/or putting impact mitigation measures in place) and those that will be tolerated at their currently assessed level. [11]




Standard Definition

ISO/IEC 27000:2014

Process to modify risk. [12](based on the ISO Guide 73:2009 [13])

Risk treatment can involve:

  • avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
  • taking or increasing risk in order to pursue an opportunity;
  • removing the risk source;
  • changing the likelihood;
  • changing the consequences;
  • sharing the risk with another party or parties (including contracts and risk financing) (see Risk Transfer); and
  • retaining the risk by informed choice.

Risk treatments that deal with negative consequences are sometimes referred to as “Risk Mitigation”, “Risk Elimination”, “Risk Prevention” and “Risk Reduction”.

Risk treatment can create new risks or modify existing risks.

See also

Notes

References