Difference between revisions of "Risk Treatment"

From CIPedia
Jump to navigation Jump to search
(See also)
Line 6: Line 6:
  
 
=== National Definitions ===
 
=== National Definitions ===
==== Australia ====  
+
==== [[Australia]] ====  
 
{{definition| Risk treatment is the selection and implementation of appropriate options for dealing with risk.  <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}}  
 
{{definition| Risk treatment is the selection and implementation of appropriate options for dealing with risk.  <ref name="MAIMAus">[https://www.em.gov.au/Documents/Manual03-AEMGlossary.PDF Australian Emergency Management Glossary, Emergency Management Australia (1998)]</ref>}}  
 
<br />
 
<br />
 +
==== [[Czech Republic]] ====
 +
{{definition| Zvládání rizika, ošetření rizika: proces pro modifikování (změnu) rizika. <ref> http://www.govcert.cz/download/nodeid-561  Výkladový slovník kybernetické bezpečnosti (2013)</ref> <br/><br/> Risk treatment is the process to modify (change) a [[risk]]. <ref> http://www.govcert.cz/download/nodeid-561  Výkladový slovník kybernetické bezpečnosti (2013)</ref>}}<br/>
 +
  
 
===Standard Definition===
 
===Standard Definition===
==== ISO/IEC 27000:2014 ====
+
==== [[ISO|ISO/IEC 27000:2014]] ====
 
{{definition|Process to modify [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}}
 
{{definition|Process to modify [[risk]]. <ref name="ISO27000-14"> [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=63411 ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary]</ref>(based on the ISO Guide 73:2009<ref name="ISOGuide73">[http://www.iso.org/iso/catalogue_detail?csnumber=44651 ISO Guide 73:2009 Risk management -- Vocabulary]</ref>)}}
  
Line 41: Line 44:
  
 
[[Category:Risk]]
 
[[Category:Risk]]
{{#set:defined by=Australia|defined by=ISO}}
+
{{#set:defined by=Australia|defined by=Czech Republic|defined by=ISO}}

Revision as of 18:33, 18 July 2015

Definitions

European Definitions

Other International Definitions

National Definitions

Australia

Risk treatment is the selection and implementation of appropriate options for dealing with risk. [1]


Czech Republic

Zvládání rizika, ošetření rizika: proces pro modifikování (změnu) rizika. [2]

Risk treatment is the process to modify (change) a risk. [3]



Standard Definition

ISO/IEC 27000:2014

Process to modify risk. [4](based on the ISO Guide 73:2009[5])

Risk treatment can involve:

  • avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
  • taking or increasing risk in order to pursue an opportunity;
  • removing the risk source;
  • changing the likelihood;
  • changing the consequences;
  • sharing the risk with another party or parties (including contracts and risk financing) (see Risk Transfer); and
  • retaining the risk by informed choice.

Risk treatments that deal with negative consequences are sometimes referred to as “Risk Mitigation”, “Risk Elimination”, “Risk Prevention” and “Risk Reduction”.

Risk treatment can create new risks or modify existing risks.

See also

Notes