Term:Risk Assessment

From FISMApedia
Jump to: navigation, search

CNSSI 4009

Risk Assessment - Process of analyzing threats to and vulnerabilities of an IS, and the potential impact resulting from the loss of information or capabilities of a system. This analysis is used as a basis for identifying appropriate and cost-effective security countermeasures.

DoD 8580.02-R

Risk Assessment - For the purpose of this Regulation, risk assessment is the process of analyzing threats to and vulnerabilities of an information system, and the potential impact resulting from the loss of information or capabilities of a system. This analysis is used as a basis for identifying appropriate and cost-effective security countermeasures. DL1.46.

DoDI 8100.03

Risk Assessment - Process of analyzing threats to, and vulnerabilities of, an IT system, and the potential impact that the loss of information or capabilities of a system would have on national security. The resulting analysis is used as a basis for identifying appropriate and effective measures. E2.1.32.

DoDI 8551.01

Risk Assessment - A process of analyzing threats to, and vulnerabilities of, an IT system, and the potential impact that the loss of information or capabilities of a system would have on national security. The resulting analysis is used as a basis for identifying appropriate and effective measures ( reference (f)). E2.1.16.

DSS Glossary

Risk Assessment - Written evaluation supporting the adjudicative process, especially when a significant exception to a Personnel Security Standard is being considered.

GAO-09-232G

Risk Assessment - The identification and analysis of possible risks in meeting the entity's objectives that forms a basis for managing the risks identified and implementing deterrents.

NIST IR 7298

Risk Assessment - The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses. SOURCE: SP 800-53

NIST IR 7328 Draft

Risk Assessment - The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals arising through the operation of the information system. Part of risk management, synonymous with risk analysis, incorporates threat and vulnerability analyses, and considers mitigations provided by planned or in-place security controls. [NIST SP 800-30, Adapted]

NIST IR 7497 Draft

Risk Assessment - To identify risks to HIE operations based on threats, assets, vulnerabilities, and probabilities of threat success. Security and Privacy Principles

NIST SP 800-123

Risk Assessment - The process of analyzing and interpreting risk.

NIST SP 800-18r1

Risk Assessment - The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses. [NIST SP 800-30]

NIST SP 800-27rA

Risk Assessment - See risk analysis.

NIST SP 800-30

Risk Assessment - The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and additional safeguards that would mitigate this impact. Part of Risk Management and synonymous with Risk Analysis.

NIST SP 800-33

Risk Assessment - See risk analysis

NIST SP 800-37r1 Draft

Risk Assessment - The process of determining risks; that is, determining the extent to which an entity is threatened by potential, adverse circumstances or events. Risk assessment is part of risk management and is conducted throughout the Risk Management Framework (RMF). Risk assessment for information system-related security risks includes assessment of the susceptibility to adverse impacts through information (e.g., consideration of dependence on information, vulnerabilities in mission and business processes, and effectiveness of risk mitigations) and assessment of the threat environment with regard to causing such impacts. Synonymous with risk analysis. [NIST SP 800-30, Revision 1]

NIST SP 800-37

Risk Assessment - The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses. [NIST SP 800-3730]

NIST SP 800-39 Draft 2

Risk Assessment - The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation resulting from the operation or use of an information system. Part of risk management, synonymous with risk analysis, incorporates threat and vulnerability analyses, and considers mitigations provided by planned or in-place security controls. [NIST SP 800-30, Adapted]

NIST SP 800-53A

Risk Assessment - The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals arising through the operation of the information system. Part of risk management, synonymous with risk analysis, incorporates threat and vulnerability analyses, and considers mitigations provided by planned or in-place security controls. [NIST SP 800-30, Adapted]

NIST SP 800-53r1

Risk Assessment - The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals arising through the operation of the information system. Part of risk management, synonymous with risk analysis, incorporates threat and vulnerability analyses, and considers mitigations provided by planned or in place security controls.

NIST SP 800-53r2

Risk Assessment - The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals arising through the operation of the information system. Part of risk management, synonymous with risk analysis, incorporates threat and vulnerability analyses, and considers mitigations provided by planned or in place security controls. [NIST SP 800-53r230, Adapted]

NIST SP 800-53r3

Risk Assessment - The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.

NIST SP 800-82 Final Draft

Risk Assessment - The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.[NIST SP 800-30, Risk Management Guide for Information Technology Systems, July 2002.]

NSTISSI 1000

Risk Assessment - Process of analyzing threats to and vulnerabilities of an IS and the potential impact the loss of information or capabilities of a system would have on national security. The resulting analysis is used as a basis for identifying appropriate and cost-effective countermeasures.

Retrieved from "http://fismapedia.org/index.php?title=Term:Risk_Assessment&oldid=42387"