Difference between revisions of "Risk Management"

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
 
(7 intermediate revisions by one other user not shown)
Line 6: Line 6:
  
 
[[File:ISO31000 Risk Management Process.png|thumb|left|300px|ISO31000 Risk Management Framework]]
 
[[File:ISO31000 Risk Management Process.png|thumb|left|300px|ISO31000 Risk Management Framework]]
 
+
<br>
 
'''Note''': It starts with the identification of [[Asset|assets]] to be protected.
 
'''Note''': It starts with the identification of [[Asset|assets]] to be protected.
 
+
<br>
 
'''Related Terms''': [[Risk_Likelihood|Risk Likelihood]], [[Risk_Impact|Risk Impact]], [[Risk_Level|Risk Level]], [[Risk_Rating|Risk Rating]], [[Risk_Treatment|Risk Treatment]], [[Risk_Assessment|Risk Assessment]].
 
'''Related Terms''': [[Risk_Likelihood|Risk Likelihood]], [[Risk_Impact|Risk Impact]], [[Risk_Level|Risk Level]], [[Risk_Rating|Risk Rating]], [[Risk_Treatment|Risk Treatment]], [[Risk_Assessment|Risk Assessment]].
 
+
<br><br>
{{Template:BCM Course}}<br><br>
+
{{Template:BCM Course}}
{{BcmBoK 2 CL 2B}}<br/> <br/> {{BcmBoK 2 CL 2C}}<br/> <br/> {{BcmBoK 2 CL 2D}}
+
<br><br>
 +
{{BcmBoK 2 CL 2B}}
 +
<br><br>
 +
{{BcmBoK 2 CL 2C}}
 +
<br><br>
 +
{{BcmBoK 2 CL 2D}}
 
<br><br>
 
<br><br>
  
Line 25: Line 30:
 
{{ISO 22301 Source}} - clause 3.51
 
{{ISO 22301 Source}} - clause 3.51
  
{| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px"
+
'''3.''' Structured development and application of management culture, policy, procedures and practices to the tasks of identifying, analysing, evaluating, and controlling responding to risk.  
|-
 
| '''3.''' Structured development and application of management culture, policy, procedures and practices to the tasks of identifying, analysing, evaluating, and controlling responding to risk.  
 
 
{{NCEMA 7000 Source}}
 
{{NCEMA 7000 Source}}
  
|}
 
  
 
'''4.''' Coordinated activities to direct and control an organization with regard to risk.
 
'''4.''' Coordinated activities to direct and control an organization with regard to risk.
 
{{Template:BookPSRARLeft}}
 
{{Template:BookPSRARLeft}}
'''''Notes (1)'''''&nbsp;: Risk management generally includes [[Risk_Assessment|risk assessment]], [[Risk_Treatment|risk treatment]], [[Risk_Assessment|risk acceptance]] and [[Risk_Communication|risk communication]].
+
'''Notes (1)''': Risk management generally includes [[Risk_Assessment|risk assessment]], [[Risk_Treatment|risk treatment]], [[Risk_Assessment|risk acceptance]] and [[Risk_Communication|risk communication]].
  
 
{{ISO 22399 Source}} - clause 3.38
 
{{ISO 22399 Source}} - clause 3.38
 
+
{{Template: BookMGBCMResponse}}
{| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px"
+
'''5.''' Coordinated activities to direct and control an organization with regard to risk (2.1).  
|-
 
| '''5.''' Coordinated activities to direct and control an organization with regard to risk (2.1).  
 
 
[ISO Guide 73:2009, definition 2.1]
 
[ISO Guide 73:2009, definition 2.1]
  
 
{{ISO 31000 Source}} - clause 2.2
 
{{ISO 31000 Source}} - clause 2.2
  
|}
 
  
 
'''6.''' Structured development and application of management culture, [[Policy|policy]], [[Procedure|procedures]] and practices to the [[Task|tasks]] of identifying, analyzing, evaluating, and controlling responding to [[Risk|risk]]
 
'''6.''' Structured development and application of management culture, [[Policy|policy]], [[Procedure|procedures]] and practices to the [[Task|tasks]] of identifying, analyzing, evaluating, and controlling responding to [[Risk|risk]]
Line 51: Line 50:
 
{{BS25999 Source}}
 
{{BS25999 Source}}
  
{| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px"
+
'''7.''' The culture, [[Process|processes]] and structures that are put in place to effectively manage potential opportunities and adverse effects. As it is not possible or desirable to eliminate all [[Risk|risk]], the objective is to implement cost effective [[Process|processes]] that [[Reduce|reduce]] [[Risk|risks]] to an acceptable level, reject unacceptable [[Risk|risks]] and treat [[Risk|risk]] by financial interventions i.e. transfer other [[Risk|risks]] through insurance or other means, or by organisational intervention i.e. [[Business_Continuity_Management_(BCM)|BCM]].  
|-
 
| '''7.''' The culture, [[Process|processes]] and structures that are put in place to effectively manage potential opportunities and adverse effects. As it is not possible or desirable to eliminate all [[Risk|risk]], the objective is to implement cost effective [[Process|processes]] that [[Reduce|reduce]] [[Risk|risks]] to an acceptable level, reject unacceptable [[Risk|risks]] and treat [[Risk|risk]] by financial interventions i.e. transfer other [[Risk|risks]] through insurance or other means, or by organisational intervention i.e. [[Business_Continuity_Management_(BCM)|BCM]].  
 
 
{{BCI Source}}
 
{{BCI Source}}
  
 
'''8.''' The culture,processes and structures that are directed towards realising potential opportunities while managing adverse effects.
 
'''8.''' The culture,processes and structures that are directed towards realising potential opportunities while managing adverse effects.
{{Template: BookMGISO22301}}
+
 
 
{{HB221 Source}}
 
{{HB221 Source}}
  
{| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px"
+
'''9.''' The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects.  
|-
 
| '''9.''' The culture,processes and structures that are directed towards the effective management of potential opportunities and adverse effects.  
 
 
{{HB292 Source}}
 
{{HB292 Source}}
 
  
  

Latest revision as of 04:38, 3 November 2020

1. Risk Management or RM is the ongoing coordinated process of assessing the risk to mission/business as part of a risk-based approach used to determine adequate security for a system by analyzing the threats and vulnerabilities and selecting appropriate, cost-effective controls to achieve and maintain an acceptable level or risk.
ISO31000 Risk Management Framework


Note: It starts with the identification of assets to be protected.
Related Terms: Risk Likelihood, Risk Impact, Risk Level, Risk Rating, Risk Treatment, Risk Assessment.



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2B: Intermediate (BC)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2C: Intermediate (CM)



BCMBoK Competency Level
BCMBoK 2: Risk Analysis & Review CL 2D: Intermediate (DR)



(Source: Business Continuity Management Institute - BCM Institute)

2. Coordinated activities to direct and control an organization with regard to risk.

Template:Source: ISO Guide 73

(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.51

3. Structured development and application of management culture, policy, procedures and practices to the tasks of identifying, analysing, evaluating, and controlling responding to risk. (Source: AE/HSC/NCEMA 7000:2012)


4. Coordinated activities to direct and control an organization with regard to risk.

Notes (1): Risk management generally includes risk assessment, risk treatment, risk acceptance and risk communication.

(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.38

5. Coordinated activities to direct and control an organization with regard to risk (2.1). [ISO Guide 73:2009, definition 2.1]

(Source: ISO 31000:2009 – Risk Management — Principles and Guidelines) - clause 2.2


6. Structured development and application of management culture, policy, procedures and practices to the tasks of identifying, analyzing, evaluating, and controlling responding to risk

(Source: British Standard BS25999-1:2006 Code of Practice for Business Continuity Management)

7. The culture, processes and structures that are put in place to effectively manage potential opportunities and adverse effects. As it is not possible or desirable to eliminate all risk, the objective is to implement cost effective processes that reduce risks to an acceptable level, reject unacceptable risks and treat risk by financial interventions i.e. transfer other risks through insurance or other means, or by organisational intervention i.e. BCM. (Source: Business Continuity Institute - BCI)

8. The culture,processes and structures that are directed towards realising potential opportunities while managing adverse effects.

(Source: HB 221:2004 Business Continuity Management)

9. The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects. (Source: Australia. A Practitioner's Guide to Business Continuity Management HB292 - 2006 )


10. The identification,selection and adoption of countermeasures justified by the identified risks to assets in terms of their potential impact upon services if failure occurs,and the reduction of those risks to an acceptable level.

(Source: OGC, Information Technology Infrastructure Library (ITIL) v3)