Words of Risk Analysis

This page is a compilation of definitions offered for various common risk terms as stated in whatever texts I come across. I will be adding these definitions to SARMA’s SARMA-Pedia periodically.

Risk Management

The identification, assessment, and mitigation of probabilistic security events (risks) in information systems to a level commensurate with the value of the assets protected [1]

Risk-Based Management

Risk management that considers unquantifiable, speculative events as well as probabilistic events (that is, uncertainty as well as risk) [1]

Vulnerability

A flaw in the security procedures, software, internal system controls, or implementation of a system of any type that may affect the integrity, confidentiality, accountability , and/or availability of data or services [1]

Vulnerability Assessment

An examination of the ability of a system’s current security procedures and controls to withstand assault [1]

Threat

Any circumstance or event that could harm a critical asset through unauthorized access, compromise of data integrity, disruption of service, or physical destruction or impairment [1]

References

Erbschloe, M. (2005). Physical Security for IT. Elsevier Digital Press. ISBN: 155558327X.

Calendar of Posts
January 2009

M T W T F S S

« Dec

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30 31
Recent Posts
McGill Archives
Blogroll
Meta
Tag Cloud
311 Array Background Knowledge book reviews Consequence Decision Analysis Decision Maker Defense Intelligence definitions Elements Of Thought Expression Homeland Security hurricane Gustav Hypotheses Hypothesis infrastructure protection Intelligence Intelligence Analysis Joint Probability Lt Mitigation Natural Disasters natural hazards new orleans Peter Sandman political risk political risk assessment probability risk risk analysis risk assessment risk communication Risk Management Assessment risk perception Risk Reduction Risk Risk scenarios security Security Professionals security risk analysis Security Risk Management Source Analysis SRA 311 Triplet Vulnerability abandoned writings (1)
abstracts (1)
academic papers (3)
actionable risk assessment (1)
actionable risk information (1)
actuary (1)
analysis software (1)
analytic confidence (1)
analytic standards (1)
Antiterrorism (1)
article review (2)
articles (1)
Bayes theorem (1)
Bayesian methods (1)
blog reviews (1)
book reviews (11)
Case Study (1)
Cern (1)
chinese papers (1)
comics (1)
commentary (2)
compliance (1)
conferences (1)
conflict early warning (1)
Consequences (1)
countermeasures (1)
Counterterrorism (1)
current events (1)
Cymbolism (1)
deception (1)
decision (1)
Decision Analysis (1)
descriptive (1)
deterrence (1)
education (1)
eight elements of thought (1)
election 08 (1)
electric power (1)
emergency management (1)
emerging threats (1)
engineering (1)
ethics (1)
expert elicitation (1)
extraterrestrial hazards (1)
extreme events (1)
future ideas (1)
generalized theory of uncertainty (1)
Gustav (3)
hurricanes (4)
IAFIE (1)
ideas (1)
infrastructure (1)
infrastructure protection (2)
insurance (1)
Intellectual Standards (1)
Intelligence (2)
Intelligence Analysis (7)
international research (1)
journals (2)
language (1)
lecture (8)
lectures (3)
meaningless graphs (1)
meterological events (1)
methodologies (6)
methodology (1)
miscellaneous (1)
natural hazards (8)
naval postgraduate school (1)
Ndic (1)
neat experiments (1)
old messages (1)
ontological uncertainty (1)
p-box (1)
paper review (2)
Penn State (1)
Peter Sandman (2)
physical security (1)
political risk (5)
prediction (1)
probability (1)
probability boxes (1)
prudential algebra (1)
Psychological Impact (1)
references (1)
regulations (1)
Resilience (1)
review (5)
risk acceptance (2)
risk analysis (39)
risk assessment (4)
risk books (2)
risk communication (4)
Risk Courses (1)
risk management (5)
risk perception (3)
risk philosophy (3)
risk words (2)
safety (1)
SARMA (2)
scenarios (2)
security (5)
security risk analysis (12)
security risk professional's bookshelf (4)
snow (1)
software (2)
solar storms (1)
Source Analysis (2)
speculative risk analysis (1)
speculative threats (1)
SRA 2008 (1)
SRA 311 (12)
standards (1)
structured analysis techniques (1)
study reviews (1)
surprise (1)
terrorism (2)
threat (2)
threat analysis (1)
tradecraft (1)
Uncategorized (28)
Uncertainty (2)
uncertainty words (1)
utility theory (1)
Vulnerability (2)
Vulnerability Assessment (4)
warning analysis (1)
Weather (1)
website reviews (2)
words of risk (6)
worst reasonable consequence (1)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.