Ver:
· Riesgo
· Gestión del riesgo empresarial
Actividades coordinadas para dirigir y controlar una organización, con respecto al riesgo. [ISO Guía 73:2010]
[UNE-ISO/IEC 27000:2014]
Actividades coordinadas para dirigir y controlar una organización en lo relativo al riesgo [UNE Guía 73:2010]
Conjunto de elementos que proporcionan los fundamentos y las disposiciones de la organización para el diseño, la implantación, el seguimiento, la revisión y la mejora continua de la gestión del riesgo en toda la organización. [UNE Guía 73:2010]
Aplicación sistemática de políticas, procedimientos y prácticas de gestión a las actividades de comunicación, consulta, establecimiento del contexto, e identificación, análisis, evaluación, tratamiento, seguimiento y revisión del riesgo [UNE Guía 73:2010]
Actividades coordinadas para dirigir y controlar una organización con respecto a los riesgos. [UNE-71504:2008]
El Proceso responsable por la identificación, determinación y control de Riesgos.
Ver Determinación de Riesgos.
[ITIL:2007]
The process of
identifying, assessing, and responding to risk.
Framework for
Improving Critical Infrastructure Cybersecurity, National Institute of
Standards and Technology, February 12, 2014
coordinated
activities to direct and control an organisation with regard to risk [ISO Guide
73:2009]
[ISO/IEC 27000:2014]
coordinated
activities to direct and control an organisation with regard to risk [ISO Guide
73:2009]
set of components
that provide the foundations and organizational arrangements for designing,
implementing, monitoring, reviewing and continually improving risk management
throughout the organization [ISO Guide 73:2009]
systematic
application of management policies, procedures and practices to the activities
of communicating, consulting, establishing the context, and identifying,
analyzing, evaluating, treating, monitoring and reviewing risk [ISO Guide
73:2009]
deliberate action
taken to reduce the potential for harm or maintain it at an acceptable level
DHS Risk Lexicon,
September 2008
The discipline by
which an enterprise in any industry assesses, controls, exploits, finances and
monitors risks from all sources for the purpose of increasing the enterprise's
short- and long-term value to its stakeholders. [RiskIT-PG:2009]
Has been used in
this publication as an overall generic term that covers both governance and
management. [RiskIT-PG:2009]
The process of
managing risks to organizational operations (including mission, functions,
image, reputation), organizational assets, individuals, other organizations,
and the Nation, resulting from the operation of an information system, and
includes:
(i) the conduct
of a risk assessment;
(ii) the
implementation of a risk mitigation strategy; and
(iii) employment
of techniques and procedures for the continuous monitoring of the security
state of the information system.
[FIPS 200, Adapted] [NIST-SP800-53:2013]
The process of
managing risks to organizational operations (including mission, functions,
image, or reputation), organizational assets, individuals, other organizations,
or the nation resulting from the operation or use of an information system, and
includes: 1) the conduct of a risk assessment; 2) the implementation of a risk
mitigation strategy; 3) employment of techniques and procedures for the
continuous monitoring of the security state of the information system; and 4)
documenting the overall risk management program.
NIST SP 800-53:
The process of managing risks to organizational operations (including mission,
functions, image, or reputation), organizational assets, individuals, other
organizations, or the Nation resulting from the operation of an information
system, and includes: 1. the conduct of a risk assessment; 2. the
implementation of a risk mitigation strategy; and 3. employment of techniques
and procedures for the continuous monitoring of the security state of the
information system.
[CNSSI_4009:2010]
A structured
approach used to oversee and manage risk for an enterprise. [CNSSI_4009:2010]
process of
identifying, analyzing, assessing, and communicating risk and accepting,
avoiding, transferring or controlling it to an acceptable level at an
acceptable cost
Annotation: The
primary goal of risk management is to reduce or eliminate risk through
mitigation measures (avoiding the risk or reducing the negative effect of the
risk), but also includes the concepts of acceptance and/or transfer of
responsibility for the risk as appropriate. Risk management principles
acknowledge that, while risk often cannot be eliminated, actions can usually be
taken to reduce risk.
DHS Risk Lexicon,
September 2008
Definition:
process of systematically examining risks to develop a range of options and
their anticipated effects for decision makers
Annotation: The
risk management alternatives development step of the risk management process
generates options for decision-makers to consider before deciding on which
option to implement.
DHS Risk Lexicon,
September 2008
1. (I) The
process of identifying, measuring, and controlling (i.e., mitigating) risks in
information systems so as to reduce the risks to a level commensurate with the
value of the assets protected. (See: risk analysis.)
2. (I) The
process of controlling uncertain events that may affect information system
resources.
3. (O) "The total process of identifying, controlling, and mitigating information system-related risks. It includes risk assessment; cost-benefit analysis; and the selection, implementation, test, and security evaluation of safeguards. This overall system security review considers both effectiveness and efficiency, including impact on the mission and constraints due to policy, regulations, and laws." [SP30]
[RFC4949:2007]
The Process
responsible for identifying, assessing and controlling Risks.
See Risk Assessment.
[ITIL:2007]
The process of
managing risks to organizational operations (including mission, functions,
image, or reputation), organizational assets, or individuals resulting from the
operation of an information system, and includes: (i) the conduct of a risk
assessment; (ii) the implementation of a risk mitigation strategy; and (iii)
employment of techniques and procedures for the continuous monitoring of the
security state of the information system. [FIPS-200:2006]
The total process
of identifying, controlling, and mitigating information technology related
risks. It includes risk analysis; cost-benefit analysis; and the selection,
implementation, test, and security evaluation of safeguards. This overall
system security review considers both effectiveness and efficiency, including
impact on the mission/business and constraints due to policy, regulations, and
laws. [NIST-SP800-33:2001]
The
identification, assessment, and mitigation of probabilistic security events
(risks) in information systems to a level commensurate with the value of the
assets protected. [CIAO:2000]
A security
philosophy which considers actual threats, inherent vulnerabilities, and the
availability and costs of countermeasures as the underlying basis for making
security decisions (JSCR 1994).
http://www.ioss.gov/docs/definitions.html
Risk management
includes RIDM and CRM in an integrated framework. This is done in order to
foster proactive risk management, to better inform decision making through
better use of risk information, and then to more effectively manage
implementation risks by focusing the CRM process on the baseline performance
requirements emerging from the RIDM process.
NASA Risk Management
Handbook, NASA/SP-2011-3422, Version 1.0, November 2011
activités coordonnées
dans le but de diriger et piloter un organisme vis-à-vis du risque [ISO Guide
73:2009]
ensemble d'éléments
établissant les fondements et dispositions organisationnelles présidant à la
conception, la mise en oeuvre, la surveillance, la revue et l'amélioration
continue du management du risque dans tout l'organisme [ISO Guide 73:2009]
application
systématique de politiques, procédures et pratiques de management aux activités
de communication, de concertation, d'établissement du contexte, ainsi qu'aux
activités d'identification, d'analyse, d'évaluation, de traitement, de
surveillance et de revue des risques [ISO Guide 73:2009]
Processus en charge
d'identifier, évaluer et contrôler les risques.
Voir Évaluation du
risque.
[ITIL:2007]
Temas relacionados