Search…
Overview
Index
References
Terminology*
Standards*
(ISC)2
Code of Ethics
CCSP
Concepts/Topics
Auditing
BC/DR*
Business
Cloud
Data
Forensics
IAM
Legal
Risk
Types of Risk
Risk Identification
Risk Management
Risk Response
Risk Controls
Software
Technology
Training
Laws
Argentina
Australia
Canada
EU/EEA
International
Russia
Switzerland
United States
Standards
Auditing and Assurance
Cloud Computing
Cloud Computing Reference Architecture
Data Center Design
Forensics
Privacy
Risk Management
Secure Architecture and Design
Secure Application Development
Security Management and Controls
Supply Chain
Models and Guidance
Application Risk Management
Cloud Computing
Cloud Computing Certification
Cloud Computing Risk Management
Security Management and Controls
Threat Models
Powered By GitBook
Risk

Terminology

Acronyms

Acronym
Definition
ERM
Enterprise Risk Management
KRI
Key Risk Indicator

Definitions

Asset

Anything of value to a company.

ERM

ERM includes managing overall risk for the organization, aligned to the organization’s governance and risk tolerance. Enterprise risk management includes all areas of risk, not merely those concerned with technology. It is the overall management of risk for an organization.

Exploit

An instance of compromise.

Natural Disasters

Natural disasters are a category of risks to cloud deployments that is based solely on geography and location. Regulatory violations are not always based on location. They can also be based on the type of industry.

Reputational Risk

Reputational risk is the loss of value of a brand or the ability of an organization to persuade.

Residual Risk

The risk that exists after controls have been implemented.

Risk Appetite

Risk appetite is the total risk that the organization can bear in a given risk profile, usually expressed in aggregate. Risk appetite is set by senior management and is the level, amount, or type of risk that the organization finds acceptable.
  • Organizations accept a level of risk that allows operations to continue in a successful manner.
  • It is legal and defensible to accept risks higher than the norm, or greater than your competitors, except risks to health and human safety; these risks must be addressed to the industry standard or whatever regulator motif to which your organization adheres.
As risk appetite or tolerance increases, so does the willingness to take greater and greater risks.

Risk Owners and Players

These are the individuals in the organization who together determine the organization's overall risk profile. For example, while one department may be willing to take moderately high risks in engaging cloud activities, another may have a lower risk tolerance. It is the aggregate of these individual tolerances that determines the organization's overall risk appetite.

Risk Profiles

The risk profile of the organization is a comprehensive analysis of the possible risks the organization is exposed to. It lists the identified risks and their potential effects.
The risk profile is determined by an organization's willingness to take risks as well as the threats to which it is exposed. The risk profile should identify the level of risk to be accepted, the way risks are taken, and the way risk-based decision making is performed. Additionally, the risk profile should take into account potential costs and disruptions should one or more risks be exploited.

Risk Tolerance

Risk tolerance is the level of risk that an organization can accept per individual risk.

Secondary Risk

When one risk response triggers another risk event. For example, a fire suppression system that displaces oxygen is a means to mitigate the original risk (fire) but adds a new risk (suffocating people).

Threat

Something that could cause loss to all or part of an asset.

Threat Agent

Something or someone that carries out the attack.

Total Risk

The risk that exists before any controls are implemented.
Concepts/Topics - Previous
Legal
Next
Types of Risk
Last modified 2yr ago
Export as PDF
Copy link
Outline
Terminology
Acronyms
Definitions