Actividades coordinadas para dirigir y controlar una
organización, con respecto al riesgo. [ISO Guía 73:2010]
[UNE-ISO/IEC 27000:2014]
Actividades coordinadas para dirigir y controlar una
organización en lo relativo al riesgo [UNE Guía 73:2010]
Conjunto de elementos que proporcionan los
fundamentos y las disposiciones de la organización para el diseño, la implantación,
el seguimiento, la revisión y la mejora continua de la gestión del riesgo en
toda la organización. [UNE Guía 73:2010]
Aplicación sistemática de políticas, procedimientos
y prácticas de gestión a las actividades de comunicación, consulta,
establecimiento del contexto, e identificación, análisis, evaluación,
tratamiento, seguimiento y revisión del riesgo [UNE Guía 73:2010]
Actividades coordinadas para dirigir y controlar una
organización con respecto a los riesgos. [UNE-71504:2008]
El Proceso responsable por la identificación,
determinación y control de Riesgos.
Ver Determinación de Riesgos.
[ITIL:2007]
The process of identifying,
assessing, and responding to risk.
Framework for Improving
Critical Infrastructure Cybersecurity, National Institute of Standards and
Technology, February 12, 2014
coordinated activities to
direct and control an organisation with regard to risk [ISO Guide 73:2009]
[ISO/IEC 27000:2014]
coordinated activities to
direct and control an organisation with regard to risk [ISO Guide 73:2009]
set of components that
provide the foundations and organizational arrangements for designing,
implementing, monitoring, reviewing and continually improving risk management
throughout the organization [ISO Guide 73:2009]
systematic application of management
policies, procedures and practices to the activities of communicating,
consulting, establishing the context, and identifying, analyzing, evaluating,
treating, monitoring and reviewing risk [ISO Guide 73:2009]
deliberate action taken to
reduce the potential for harm or maintain it at an acceptable level
DHS Risk Lexicon, September
2008
The discipline by which an
enterprise in any industry assesses, controls, exploits, finances and monitors
risks from all sources for the purpose of increasing the enterprise's short-
and long-term value to its stakeholders. [RiskIT-PG:2009]
Has been used in this
publication as an overall generic term that covers both governance and
management. [RiskIT-PG:2009]
The process of managing
risks to organizational operations (including mission, functions, image,
reputation), organizational assets, individuals, other organizations, and the
Nation, resulting from the operation of an information system, and includes:
(i) the conduct of a risk
assessment;
(ii) the implementation of a
risk mitigation strategy; and
(iii) employment of
techniques and procedures for the continuous monitoring of the security state
of the information system.
[FIPS 200, Adapted] [NIST-SP800-53:2013]
The process of managing
risks to organizational operations (including mission, functions, image, or
reputation), organizational assets, individuals, other organizations, or the
nation resulting from the operation or use of an information system, and includes:
1) the conduct of a risk assessment; 2) the implementation of a risk mitigation
strategy; 3) employment of techniques and procedures for the continuous
monitoring of the security state of the information system; and 4) documenting
the overall risk management program.
NIST SP 800-53: The process
of managing risks to organizational operations (including mission, functions,
image, or reputation), organizational assets, individuals, other organizations,
or the Nation resulting from the operation of an information system, and
includes: 1. the conduct of a risk assessment; 2. the implementation of a risk
mitigation strategy; and 3. employment of techniques and procedures for the
continuous monitoring of the security state of the information system.
[CNSSI_4009:2010]
A structured approach used
to oversee and manage risk for an enterprise. [CNSSI_4009:2010]
process of identifying,
analyzing, assessing, and communicating risk and accepting, avoiding, transferring
or controlling it to an acceptable level at an acceptable cost
Annotation: The primary goal
of risk management is to reduce or eliminate risk through mitigation measures
(avoiding the risk or reducing the negative effect of the risk), but also includes
the concepts of acceptance and/or transfer of responsibility for the risk as
appropriate. Risk management principles acknowledge that, while risk often
cannot be eliminated, actions can usually be taken to reduce risk.
DHS Risk Lexicon, September
2008
Definition: process of
systematically examining risks to develop a range of options and their
anticipated effects for decision makers
Annotation: The risk
management alternatives development step of the risk management process
generates options for decision-makers to consider before deciding on which
option to implement.
DHS Risk Lexicon, September
2008
1. (I) The process of
identifying, measuring, and controlling (i.e., mitigating) risks in information
systems so as to reduce the risks to a level commensurate with the value of the
assets protected. (See: risk analysis.)
2. (I) The process of
controlling uncertain events that may affect information system resources.
3. (O) "The total
process of identifying, controlling, and mitigating information system-related
risks. It includes risk assessment; cost-benefit analysis; and the selection,
implementation, test, and security evaluation of safeguards. This overall
system security review considers both effectiveness and efficiency, including
impact on the mission and constraints due to policy, regulations, and
laws." [SP30]
[RFC4949:2007]
The Process responsible for
identifying, assessing and controlling Risks.
See Risk Assessment.
[ITIL:2007]
The process of managing
risks to organizational operations (including mission, functions, image, or
reputation), organizational assets, or individuals resulting from the operation
of an information system, and includes: (i) the conduct of a risk assessment;
(ii) the implementation of a risk mitigation strategy; and (iii) employment of
techniques and procedures for the continuous monitoring of the security state
of the information system. [FIPS-200:2006]
The total process of
identifying, controlling, and mitigating information technology related risks.
It includes risk analysis; cost-benefit analysis; and the selection,
implementation, test, and security evaluation of safeguards. This overall
system security review considers both effectiveness and efficiency, including
impact on the mission/business and constraints due to policy, regulations, and
laws. [NIST-SP800-33:2001]
The identification,
assessment, and mitigation of probabilistic security events (risks) in
information systems to a level commensurate with the value of the assets
protected. [CIAO:2000]
A security philosophy which
considers actual threats, inherent vulnerabilities, and the availability and
costs of countermeasures as the underlying basis for making security decisions
(JSCR 1994).
http://www.ioss.gov/docs/definitions.html
Risk management includes
RIDM and CRM in an integrated framework. This is done in order to foster
proactive risk management, to better inform decision making through better use
of risk information, and then to more effectively manage implementation risks
by focusing the CRM process on the baseline performance requirements emerging
from the RIDM process.
NASA Risk Management
Handbook, NASA/SP-2011-3422, Version 1.0, November 2011
activités coordonnées
dans le but de diriger et piloter un organisme vis-à-vis du risque [ISO Guide
73:2009]
ensemble d'éléments
établissant les fondements et dispositions organisationnelles présidant à la
conception, la mise en oeuvre, la surveillance, la revue et l'amélioration
continue du management du risque dans tout l'organisme [ISO Guide 73:2009]
application
systématique de politiques, procédures et pratiques de management aux activités
de communication, de concertation, d'établissement du contexte, ainsi qu'aux
activités d'identification, d'analyse, d'évaluation, de traitement, de
surveillance et de revue des risques [ISO Guide 73:2009]
Processus en charge
d'identifier, évaluer et contrôler les risques.
Voir Évaluation du
risque.
[ITIL:2007]