(ITIL) Risk AcceptanceA management decision to take no action to mitigate the impact of a particular risk. (BCI) Risk AnalysisThe quantification of threats to an organization and the probability of them being realized. (BCI) Risk AppetiteTotal amount of risk that an organization is prepared to accept, tolerate, or be exposed to at any point in time.(BCI) RiskAssessment/AnalysisProcess of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls. Risk analysis often involves an evaluation of the probabilities of a particular event. (DRJ)
International Glossary for Resiliency 25Risk AvoidanceAn informed decision to not become involved in or to withdraw from a risk situation. (BCI) Risk CategoriesRisks of similar types are grouped together under key headings, otherwise known as ‘risk categories’. These categories include reputation, strategy, financial, investments, operational infrastructure, business, regulatory compliance, outsourcing, people, technology and knowledge. (DRJ) Risk CriteriaTerms of reference against which the significance of a risk is evaluated. (ISO 31000) Risk EvaluationProcess of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable. (Australia AS NZS 5050) Risk ManagementStructured development and application of management culture, policy, procedures and practices to the tasks of identifying, analyzing, evaluating, controlling and responding to risk. (UAE Standard) Risk MitigationPrioritizing, evaluating, and implementing the appropriate risk-reducing controls/countermeasures recommended from the risk management process. (CNSSI-4009) Risk ReductionA selective application of appropriate techniques and management principles to reduce either probability of an occurrence or its impact, or both. (BCI) Risk ToleranceOrganization’s readiness to bear the risk after risk treatments in order to achieve its objectives. [ISO/IEC Guide 73] ASIS Editor’s Note: Risk tolerance can be limited by legal or regulatory requirements. (ASIS) Risk TransferA common technique used by risk managers to address or mitigate potential exposures of the organization. A series of techniques describing the various means of addressing risk through insurance and similar products. (DRJ) Root CauseThe underlying or original cause of an incident or problem. (ITIL) Root Cause Analysis(RCA)An activity that identifies the root cause of an incident or problem. RCA typically concentrates on IT infrastructure failures. (ITIL)
DRI International 26S SalvageThe recovery of personal effects, documentation, office, and computer equipment. (BCI) ScenarioA pre-defined set of business continuity events and conditions that describe, for planning purposes, an interruption, disruption, or loss related to some aspect(s) of an organization’s business operations to support conducting a BIA, developing a continuity strategy, and developing continuity and exercise plans. DRJ Editor’s Note: Scenarios are neither predictions nor forecasts. (DRJ) ScopeThe boundary, or extent, to which a process, procedure, certification, contract etc. applies. (ITIL) Secondary SiteA.
Want to read all 258 pages?
Previewing 251 of 258 pages Upload your study docs or become a member.
Want to read all 258 pages?
Previewing 251 of 258 pages Upload your study docs or become a member.
End of preview
Want to read all 258 pages? Upload your study docs or become a member.