Ver:
· Riesgo
proceso global que comprende la identificación del riesgo, el análisis del riesgo y la evaluación del riesgo. [UNE-ISO GUÍA 73:2010]
[UNE-ISO/IEC 27000:2014]
Proceso global que comprende la identificación del riesgo, el análisis del riesgo y la evaluación del riesgo [UNE Guía 73:2010]
Proceso que identifica los recursos valiosos de un sistema y sus amenazas; cuantifica la exposición a pérdida (es decir, el potencial de pérdida) según frecuencias estimadas y costos derivados por siniestros; y, opcionalmente, recomienda el modo de asignar recursos como medidas preventivas que minimicen el índice total de exposición.
http://es.pcisecuritystandards.org
Los pasos iniciales de la Gestión de Riesgos. Al analizar el valor de los Activos del negocio, identificando Amenazas a esos Activos, y evaluando cuan Vulnerable cada Activo es a esas Amenazas. El Gravamen de Riesgo puede ser cuantitativo (basado en información numérica) o cualitativa. [ITIL:2007]
overall process
of risk identification, risk analysis and risk evaluation [ISO Guide 73:2009]
[ISO/IEC
27000:2014]
overall process
of risk identification, risk analysis and risk evaluation [ISO Guide 73:2009]
The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. [NIST-SP800-53:2013]
The process of
identifying, prioritizing, and estimating risks. This includes determining the
extent to which adverse circumstances or events could impact an enterprise.
Uses the results of threat and vulnerability assessments to identify risk to
organizational operations and evaluates those risks in terms of likelihood of
occurrence and impacts if they occur. The product of a risk assessment is a
list of estimated, potential impacts and unmitigated vulnerabilities. Risk
assessment is part of risk management and is conducted throughout the Risk
Management Framework (RMF).
NIST SP 800-53:
The process of identifying risks to organizational operations (including
mission, functions, image, reputation), organizational assets, individuals,
other organizations, and the Nation, resulting from the operation of an information
system.
Part of risk
management, incorporates threat and vulnerability analyses, and considers
mitigations provided by security controls planned or in place. Synonymous with
risk analysis.
[CNSSI_4009:2010]
product or process
which collects information and assigns values to risks for the purpose of
informing priorities, developing or comparing courses of action, and informing
decision making
Extended
Definition: appraisal of the risks facing an entity, asset, system, network,
geographic area or other grouping Annotation: A risk assessment can be the
resulting product created through analysis of the component parts of risk.
DHS Risk
Lexicon, September 2008
set of methods,
principles, or rules for assessing risk based on non-numerical categories or
levels
DHS Risk Lexicon,
September 2008
set of methods,
principles, or rules for assessing risks based on the use of numbers where the
meanings and proportionality of values are maintained inside and outside the
context of the assessment
Annotation: While
a semi-quantitative methodology also involves the use of numbers, only a purely
quantitative methodology uses numbers in a way that allows for the consistent
use of values outside the context of the assessment.
DHS Risk Lexicon,
September 2008
Definition: set
of methods, principles, or rules to assess risk that uses bins, scales, or
representative numbers whose values and meanings are not maintained in other
contexts
Example: By
giving the "low risk, "medium risk," and "high risk"
categories corresponding numerical values, the assessor used a
semi-quantitative risk assessment methodology.
Annotation: While
numbers may be used in a semi-quantitative methodology, the values are not
applicable outside of the methodology, and numerical results from one
methodology cannot be compared with those from other methodologies.
DHS Risk
Lexicon, September 2008
The initial steps
of Risk Management. Analysing the value of Assets to the business, identifying
Threats to those Assets, and evaluating how Vulnerable each Asset is to those
Threats. Risk Assessment can be quantitative (based on numerical data) or
qualitative. [ITIL:2007]
A study of vulnerabilities, threats, likelihood, loss or impact, and theoretical effectiveness of security measures. The process of evaluating threats and vulnerabilities, known and postulated, to determine expected loss and establish the degree of acceptability to system operations. [TDIR:2003]
Process that
identifies valuable system resources and threats; quantifies loss exposures
(that is, loss potential) based on estimated frequencies and costs of
occurrence; and (optionally) recommends how to allocate resources to
countermeasures so as to minimize total exposure.
https://www.pcisecuritystandards.org/security_standards/glossary.php
Process of
evaluating the risks of information loss based on an analysis of threats to,
and vulnerabilities of, a system, operation or activity.
http://www.ioss.gov/docs/definitions.html
For the purpose
of this handbook, risk analysis is defined as the probabilistic assessment of
performance such that the probability of not meeting a particular performance
commitment can be quantified.
NASA Risk
Management Handbook, NASA/SP-2011-3422, Version 1.0, November 2011
ensemble du processus
d'identification des risques, d'analyse du risque et d'évaluation du risque
[ISO Guide 73:2009]
Processus identifiant
systématiquement les ressources système précieuses et les menaces qui leur sont
associées. Ce processus quantifie lexposition aux pertes (pertes éventuelles)
en fonction de la fréquence et des coûts doccurrence estimés, et (en option)
recommande la manière daffecter des ressources aux contre-mesures dans le but
de réduire lexposition totale.
http://fr.pcisecuritystandards.org/
Temas relacionados