Definitions[]
General[]
Risk analysis is
| “ | [t]he process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. [It is p]art of risk management and synonymous with risk assessment.[1] | ” |
| “ | [a]n analysis of threats and loss potential for an ADP facility leading to an estimate of annual loss and selection of remedial measures.[2] | ” |
| “ | [t]he evaluation of risks and risk interactions to assess the range of possible project outcomes. The determination of which risk events warrant response.[3] | ” |
| “ | [a] method by which individual vulnerabilities are compared to perceived or actual security threat scenarios in order to determine the likelihood of compromise of critical information.[4] | ” |
Risk analysis is the "systematic examination of the components and characteristics of risk."[5]
Medical device[]
Risk analysis is the "[i]nvestigation of available information to identify hazards and to estimate risks.[6]
Overview[]
"In practice, risk analysis is generally conducted to produce a risk assessment. Risk analysis can also involve aggregation of the results of risk assessments to produce a valuation of risks for the purpose of informing decisions. In addition, risk analysis can be done on proposed alternative risk management strategies to determine the likely impact of the strategies on the overall risk."[7]
References[]
- ↑ NIST Special Publication 800-33, at 21.
- ↑ NIST, FIPS 31.
- ↑ California Office of Systems Integration, Definitions (full-text).
- ↑ Glossary of Security Terms, Definitions, and Acronyms, at 209.
- ↑ DHS Risk Lexicon, at 27.
- ↑ Off-The-Shelf Software Use in Medical Devices, at 4.
- ↑ Id.