Ver:
Métodos y procesos utilizados en las empresas para
atender a los riesgos y gestionar la confianza de que la empresa alcance sus
objetivos. Incluye la identificación de las dependencias entre los objetivos y
los medios y capacidades de la empresa para conseguirlos, así como la
identificación y priorización de las amenazas sobre dichos medios y la
implantación de medidas de seguridad que los afronten. En conjunto proporciona
tanto una seguridad estática como una respuesta dinámica efectiva.
The methods and processes
used by an enterprise to manage risks to its mission and to establish the trust
necessary for the enterprise to support shared missions. It involves the
identification of mission dependencies on enterprise capabilities, the identification
and prioritization of risks due to defined threats, the implementation of
countermeasures to provide both a static risk posture and an effective dynamic
response to active threats; and it assesses enterprise performance against
threats and adjusts countermeasures as necessary. [CNSSI_4009:2010]
Enterprise risk management
(ERM) is the process of planning, organizing, leading, and controlling the
activities of an organization in order to minimize the effects of risk on an
organization's capital and earnings. Enterprise risk management expands the
process to include not just risks associated with accidental losses, but also
financial, strategic, operational, and other risks.
http://searchcio.techtarget.com/definition/enterprise-risk-management
An organization with a
defined mission/goal and a defined boundary, using information systems to
execute that mission, and with responsibility for managing its own risks and
performance. An enterprise may consist of all or some of the following business
aspects: acquisition, program management, financial management (e.g., budgets),
human resources, security, and information systems, information and mission
management. [CNSSI_4009:2010]
The description of an
enterprise’s entire set of information systems: how they are configured, how
they are integrated, how they interface to the external environment at the
enterprise’s boundary, how they are operated to support the enterprise mission,
and how they contribute to the enterprise’s overall security posture.
A set of one or more
computer applications and middleware systems hosted on computer hardware that
provides standard information systems capabilities to end users and hosted
mission applications and services. [CNSSI_4009:2010]