Process to comprehend the nature of risk and to determine the level of risk.
Sources:
NIST SP 800-160 Vol. 2 Rev. 1
from
ISO Guide 73
NIST SP 800-160v1r1
from
ISO Guide 73
Overall process of risk identification, risk analysis, and risk evaluation.
Sources:
NIST SP 800-160 Vol. 2 Rev. 1
under risk assessment
from
ISO Guide 73
NIST SP 800-160v1r1
under risk assessment
from
ISO Guide 73
The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system.
Sources:
NIST SP 800-171r3
under risk assessment
from
NIST SP 800-30 Rev. 1
NIST SP 800-172
under risk assessment
from
NIST SP 800-30 Rev. 1
NIST SP 800-172A
under risk assessment
from
NIST SP 800-30 Rev. 1
NIST SP 800-37 Rev. 2
under risk assessment
from
NIST SP 800-30 Rev. 1
NIST SP 800-53 Rev. 5
under risk assessment
from
NIST SP 800-39
NIST SP 800-53A Rev. 5
under risk assessment
from
NIST SP 800-39
The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system.
Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Sources:
CNSSI 4009-2015
under risk assessment
from
NIST SP 800-39
NIST IR 8323r1
under risk assessment
from
NIST SP 800-30 Rev. 1
NIST IR 8441
under risk assessment
from
NIST SP 800-30 Rev. 1
The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment.
Sources:
NIST SP 1800-21C
under Risk Analysis
Risk management includes threat and vulnerability analyses as well as analyses of adverse effects on individuals arising from information processing and considers mitigations provided by security and privacy controls planned or in place. Synonymous with risk analysis.
Sources:
NIST SP 800-53 Rev. 5
under risk assessment
from
NISTIR 8062 - Adapted
NIST SP 800-53A Rev. 5
under risk assessment
from
NISTIR 8062 - Adapted
The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses and analyses of privacy problems arising from information processing and considers mitigations provided by security and privacy controls planned or in place. Synonymous with risk analysis.
Sources:
NIST SP 800-53B
under risk assessment
from
NIST SP 800-39
NIST IR 8401
under risk assessment
from
NIST SP 800-30 Rev. 1
The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.
Sources:
NIST SP 1800-11B
under risk assessment
from
NIST SP 800-30 Rev. 1
NIST SP 1800-30B
under risk assessment
from
NIST SP 800-30 Rev. 1
NIST SP 1800-34B
under risk assessment
from
NIST SP 800-30 Rev. 1
The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. A part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.
Sources:
NIST SP 800-160 Vol. 2 Rev. 1
under risk assessment
from
NIST SP 800-39 - adapted
The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Sources:
NIST SP 800-188
under risk assessment
from
NIST SP 800-39
The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Sources:
NIST SP 800-82r3
under risk assessment
from
NIST SP 800-39 - adapted
The process of identifying risks to organizational operations (including mission, functions, images, and reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.
Sources:
NIST SP 800-175A
under risk assessment
The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. Risk analysis is part of risk management.
Sources:
NISTIR 4734
under Risk Analysis