We use cookies to understand how this site is used and to improve the site to make use easier. We also share details with Google for analytic purposes. For more information, and to understand the limited use we have for your data, see our privacy page.

If you do not want us to handle your data in this way you can eitherstop using this site or set your browser to request that we do not track you. Continued use of this site without setting do not track explicitly provides your authority to make limited use your data.

Related concepts

assurance case
reasoned, auditable artefact created that supports the contention that its top-level claim (or set of claims), is satisfied, including systematic argumentation and its underlying evidence and explicit assumptions that support the claim(s)
event
occurrence or change of a particular set of circumstances
exploit
defined way to breach the security of information systems through vulnerability
exposure
extent to which an organization and/or stakeholder is subject to an event
harm
injury or damage to the health of people, or damage to property or the environment
hazard
potential source of harm
hazardous situation
circumstance in which people, property or the environment is/are exposed to one or more hazards
reasonably foreseeable misuse
use of a product or system in a way not intended by the manufacturer, but which can result from readily predictable human behaviour
residual risk
risk remaining after risk control measures have been implemented
risk
combination of the probability of occurrence of harm and the severity of that harm
risk analysis
systematic use of available information to identify hazards and to estimate the risk
risk assessment
overall process comprising a risk analysis and a risk evaluation
risk control
process in which decisions are made and measures implemented by which risks are reduced to, or maintained within, specified levels
risk estimation
process used to assign values to the probability of occurrence of harm and the severity of that harm
risk evaluation
process of comparing the estimated risk against given risk criteria to determine the acceptability of the risk
risk management
systematic application of management policies, procedures and practices to the tasks of analysing, evaluating, controlling and monitoring risk
risk management file
set of records and other documents that are produced by risk management
risk tolerance
organization's or stakeholder's readiness to bear the risk after risk control in order to achieve its objectives
root cause
set of conditions or actions that occur at the beginning of a sequence of events that result in the initiation of a failure mode
severity
measure of the possible consequences of a hazard
threat
potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm
vulnerability
flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy
weakness
kind of deficiency.

Diagrammatic representations

Simple graph Risk management