Risk Treatment
Jump to navigation
Jump to search
Contents
Definitions
European Definitions
ENISA
Risk treatment is the process of selection and implementation of measures to modify risk (refers to ISO/IEC Guide 73). [1]
Other International Definitions
National Definitions
Argentina
Tratamiento de Riesgos: Proceso de selección e implementación de medidas para modificar el riesgo. [2]
Australia
Risk treatment is the selection and implementation of appropriate options for dealing with risk. [3]
Czech Republic
Zvládání rizika, ošetření rizika: proces pro modifikování (změnu) rizika. [4]
Risk treatment is the process to modify (change) a risk. [5]
Risk treatment is the process to modify (change) a risk. [5]
Kingdom of Saudi Arabia
Risk treatment: A process to modify risk that can involve avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; taking or increasing risk in order to pursue an opportunity; removing the risk source; changing the likelihood; changing the consequences; sharing the risk with another party or parties; and retaining the risk by informed decision. Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk elimination”, “risk prevention” and “risk reduction”. Risk treatments can create new risks or modify existing risks. (ISO/Guide 73:2009 Risk management — Vocabulary) [6]
Kiribati
Totokoan te kanganga: Te taeka ae ti tebo naba nanona ma “adaptation”. [7]
Risk treatment: This is another term for “Adaptation”.
Risk treatment: This is another term for “Adaptation”.
Luxembourg
Traitement des risques: Processus destiné à modifier un risque [8]
Netherlands
[Dutch] Riscobehandeling is het proces waarbij risico’s worden weggenomen en de kans of het effect ervan wordt beperkt. [9]
Philippines
Risk Treatment - The step in the risk management process that follows the risk assessment. The main task in the risk treatment step is to select one or more options for treating each unacceptable risk, i.e. decide how to mitigate all these risks. Four risk treatment options exist:
• Risk Treatment – e.g. apply applicable security controls.
• Risk Transfer – e.g. to an insurance company by buying an insurance policy.
• Risk Avoidance – e.g. stopping an activity that is too risky, or by doing it in a completely different fashion.
• Risk Acceptance – for instance, the cost of mitigating that risk would be higher that the damage itself. [10]
• Risk Treatment – e.g. apply applicable security controls.
• Risk Transfer – e.g. to an insurance company by buying an insurance policy.
• Risk Avoidance – e.g. stopping an activity that is too risky, or by doing it in a completely different fashion.
• Risk Acceptance – for instance, the cost of mitigating that risk would be higher that the damage itself. [10]
United Kingdom
Risk treatment is the process of determining those risks that should be controlled (by reducing their likelihood and/or putting impact mitigation measures in place) and those that will be tolerated at their currently assessed level. [11]
Standard Definition
ISO/IEC 27000:2014
Risk treatment can involve:
- avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
- taking or increasing risk in order to pursue an opportunity;
- removing the risk source;
- changing the likelihood;
- changing the consequences;
- sharing the risk with another party or parties (including contracts and risk financing) (see Risk Transfer); and
- retaining the risk by informed choice.
Risk treatments that deal with negative consequences are sometimes referred to as “Risk Mitigation”, “Risk Elimination”, “Risk Prevention” and “Risk Reduction”.
Risk treatment can create new risks or modify existing risks.
See also
Notes
References
- ↑ ENISA Risk Glossary
- ↑ Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
- ↑ Australian Emergency Management Glossary, Emergency Management Australia (1998)
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Výkladový slovník kybernetické bezpečnosti (2013)
- ↑ Cyber Security Framework Saudi Arabian Monetary Authority Version 1.0 May 2017
- ↑ Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008
- ↑ Glossaire
- ↑ Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015
- ↑ NHS Cyber security glossary
- ↑ UK Civil Protection Lexicon 2013
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary