Other International Definitions
Risk tolerance means the degree of exposure to security risk acceptable to policy makers/business owners. 
The willingness of an organization to accept or reject a given level of residual risk. 
Note: Risk tolerance may differ across an organization, but must be clearly understood by those making risk-related decisions.
Risk tolerance: The acceptable variation relative to performance to the achievement of objectives. 
(a) The level of risk an entity is willing to assume in order to achieve a potential desired result;
(b) The defined impacts to an enterprise‘s information systems that an entity is willing to accept. 
The level of risk an entity is willing to assume in order to achieve a potential desired result. 
Risk Tolerance: Thresholds that reflect the organization’s level of risk aversion by providing levels of acceptable risk in each operational risk category that the organization has established. 
Organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives 
Risk Tolerance refers to a person’s capacity to accept a certain amount of risk. .
Note: the concept of risk tolerance is linked to the concept of Risk Perception.
- ↑ ITU Study Group Q.22/1 Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts, ITU-D Secretariat, Geneva (2008).
- ↑ All Hazards Risk Assessment Methodology Guidelines 2012-2013, Public Safety Canada
- ↑ Cyber Security Framework Saudi Arabian Monetary Authority Version 1.0 May 2017
- ↑ DND GLOSSARY OF CYBER SECURITY TERMS (v.4)
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
- ↑ Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide (2016)
- ↑ ISO Guide 73:2009 Risk management -- Vocabulary
- ↑ Campbell Institute (2014). Risk perception: Theories, strategies and next steps.