Risk Assessment
1. Risk Assessment is the overall process of risk identification, risk analysis and risk evaluation.
Related Terms: Risk, Risk Appetite, Risk Likelihood, Risk Impact, Risk Rating, Risk Level, Period of Disruption, Risk Analysis and Review. Note: Risk Assessment is a process to show the assets, impact, likelihood of damage; estimate of the costs of recovery; summary of all possible control measures and their costs, and estimated probable savings from better protection.
|
{{#ev:youtube|iTlPl-yUtp0|350}}
2. Overall process of risk identification, risk analysis and risk evaluation. Template:Source: ISO Guide 73 (Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.50
3. Overall process of risk identification, analysis and evaluation.
(Source: AE/HSC/NCEMA 7000:2012) |
4. Overall process of risk identification, analysis and evaluation.
Notes (1) : Risk assessment involves the process of identifying internal and external threats and vulnerabilities, identifying the likelihood of an event arising from such threats or vulnerabilities, defining critical functions necessary to continue the organization's operations, defining the controls in place necessary to reduce exposure, and evaluating the cost of such controls.
(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.35
5. Overall process of risk identification (2.15), risk analysis (2.21) and risk evaluation (2.24)
[ISO Guide 73:2009, definition 3.4.1] (Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.14 |
6. Process of identifying internal and external threats and vulnerabilities, identifying the likelihood of an event arising from such threats or vulnerabilities, defining the critical functions necessary to continue an organization’s operations, defining the controls in place or necessary to reduce exposure, and evaluating the cost for such controls.
(Source: ASIS International - ASIS International)
7. An overall process of risk identification, analysis and evaluation.
(Source: British Standard BS25999-1:2006 Code of Practice for Business Continuity Management) |
Quantitative Assessment
8. A form of assessment that analyzes the actual numbers and values involved. This type of methodology typically applies mathematical and statistical techniques and modeling.
(Source: Business Continuity Institute - BCI)
9. A form of assessment that analyzes the general structures and systems currently in place. A descriptive methodology, which typically involves risk mapping and risk matrices. These assessments do not involve detailed measurements.
(Source: Business Continuity Institute - BCI) |