Risk Treatment

From CIPedia
Jump to: navigation, search

Definitions

European Definitions

ENISA

Risk treatment is the process of selection and implementation of measures to modify risk (refers to ISO/IEC Guide 73). [1]

Other International Definitions

National Definitions

Argentina

Tratamiento de Riesgos: Proceso de selección e implementación de medidas para modificar el riesgo. [2]


Australia

Risk treatment is the selection and implementation of appropriate options for dealing with risk. [3]



Czech Republic

Zvládání rizika, ošetření rizika: proces pro modifikování (změnu) rizika. [4]

Risk treatment is the process to modify (change) a risk. [5]


Kingdom of Saudi Arabia

Risk treatment: A process to modify risk that can involve avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; taking or increasing risk in order to pursue an opportunity; removing the risk source; changing the likelihood; changing the consequences; sharing the risk with another party or parties; and retaining the risk by informed decision. Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk elimination”, “risk prevention” and “risk reduction”. Risk treatments can create new risks or modify existing risks. (ISO/Guide 73:2009 Risk management — Vocabulary) [6]


Kiribati

Totokoan te kanganga: Te taeka ae ti tebo naba nanona ma “adaptation”. [7]

Risk treatment: This is another term for “Adaptation”.


Luxembourg

Traitement des risques: Processus destiné à modifier un risque [8]


Netherlands

[Dutch] Riscobehandeling is het proces waarbij risico’s worden weggenomen en de kans of het effect ervan wordt beperkt. [9]


United Kingdom

Risk treatment is the process of determining those risks that should be controlled (by reducing their likelihood and/or putting impact mitigation measures in place) and those that will be tolerated at their currently assessed level. [10]



Standard Definition

ISO/IEC 27000:2014

Process to modify risk. [11](based on the ISO Guide 73:2009 [12])

Risk treatment can involve:

  • avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
  • taking or increasing risk in order to pursue an opportunity;
  • removing the risk source;
  • changing the likelihood;
  • changing the consequences;
  • sharing the risk with another party or parties (including contracts and risk financing) (see Risk Transfer); and
  • retaining the risk by informed choice.

Risk treatments that deal with negative consequences are sometimes referred to as “Risk Mitigation”, “Risk Elimination”, “Risk Prevention” and “Risk Reduction”.

Risk treatment can create new risks or modify existing risks.

See also

Notes

  1. ENISA Risk Glossary
  2. Oficina Nacional de Tecnologías de Información ADMINISTRACION PUBLICA NACIONAL Disposición 3/2013 - Apruébase la “Política de Seguridad de la Información Modelo” (2013)
  3. Australian Emergency Management Glossary, Emergency Management Australia (1998)
  4. Výkladový slovník kybernetické bezpečnosti (2013)
  5. Výkladový slovník kybernetické bezpečnosti (2013)
  6. Cyber Security Framework Saudi Arabian Monetary Authority Version 1.0 May 2017
  7. Kiribati BI-LINGUAL GLOSSARY OF CLIMATE CHANGE TERMS, Original translations by Dr Temakei Tebano & Etita Teiabauri, 2008
  8. https://cybersecurite.public.lu/fr/glossaire.html Glossaire]
  9. Risicobeoordeling 16.0: Een kansrijk kader; Theorie achter het risicomanagementproces en leidraad voor risicobeoordeling, June 2015
  10. UK Civil Protection Lexicon 2013
  11. ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
  12. ISO Guide 73:2009 Risk management -- Vocabulary