Difference between revisions of "Risk Treatment"

From CIPedia
Jump to navigation Jump to search
(ISO/IEC 27000:2014)
(Notes)
Line 37: Line 37:
 
* Test reference. -->
 
* Test reference. -->
  
[[Category:Main]]
+
[[Category:Risk]]

Revision as of 10:18, 4 June 2014

Definitions

Official European Definition

Other International Definitions

National Definitions

Standard Definition

ISO/IEC 27000:2014

Process to modify risk [1](based on the ISO Guide 73:2009[2]) .

Risk treatment can involve:

  • avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
  • taking or increasing risk in order to pursue an opportunity;
  • removing the risk source;
  • changing the likelihood;
  • changing the consequences;
  • sharing the risk with another party or parties (including contracts and risk financing) (see Risk Transfer); and
  • retaining the risk by informed choice.

Risk treatments that deal with negative consequences are sometimes referred to as “Risk Mitigation”, “Risk Elimination”, “Risk Prevention” and “Risk Reduction”.

Risk treatment can create new risks or modify existing risks.

See also

Notes