Ver:
Métodos y procesos utilizados en las empresas para atender a los riesgos y gestionar la confianza de que la empresa alcance sus objetivos. Incluye la identificación de las dependencias entre los objetivos y los medios y capacidades de la empresa para conseguirlos, así como la identificación y priorización de las amenazas sobre dichos medios y la implantación de medidas de seguridad que los afronten. En conjunto proporciona tanto una seguridad estática como una respuesta dinámica efectiva.
The methods and
processes used by an enterprise to manage risks to its mission and to establish
the trust necessary for the enterprise to support shared missions. It involves
the identification of mission dependencies on enterprise capabilities, the identification
and prioritization of risks due to defined threats, the implementation of
countermeasures to provide both a static risk posture and an effective dynamic
response to active threats; and it assesses enterprise performance against
threats and adjusts countermeasures as necessary. [CNSSI_4009:2010]
Enterprise risk
management (ERM) is the process of planning, organizing, leading, and
controlling the activities of an organization in order to minimize the effects of
risk on an organization's capital and earnings. Enterprise risk management
expands the process to include not just risks associated with accidental
losses, but also financial, strategic, operational, and other risks.
http://searchcio.techtarget.com/definition/enterprise-risk-management
An organization
with a defined mission/goal and a defined boundary, using information systems
to execute that mission, and with responsibility for managing its own risks and
performance. An enterprise may consist of all or some of the following business
aspects: acquisition, program management, financial management (e.g., budgets),
human resources, security, and information systems, information and mission
management. [CNSSI_4009:2010]
The description
of an enterprises entire set of information systems: how they are configured,
how they are integrated, how they interface to the external environment at the
enterprises boundary, how they are operated to support the enterprise mission,
and how they contribute to the enterprises overall security posture.
A set of one or
more computer applications and middleware systems hosted on computer hardware
that provides standard information systems capabilities to end users and hosted
mission applications and services. [CNSSI_4009:2010]
Temas relacionados