Difference between revisions of "Risk Appetite"
m |
|||
Line 1: | Line 1: | ||
+ | |||
{| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px" | {| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px" | ||
− | | '''1.''' [[Risk]] Appetite is amount and the type of [[Risk|risks]] that an [[Organization|organization]] is willing to take in or absorb. | + | |- |
− | + | | '''1.''' [[Risk|Risk]] Appetite is amount and the type of [[Risk|risks]] that an [[Organization|organization]] is willing to take in or absorb. <div class="thumb tright"> | |
− | <div class="thumb tright"> | ||
{{#ev:youtube|pdNrTuYXSNw|400}} | {{#ev:youtube|pdNrTuYXSNw|400}} | ||
− | </div> | + | </div> |
+ | <br/> Related Terms: [[Risk_Likelihood|Risk Likelihood]], [[Risk_Impact|Risk Impact]], [[Risk_Rating|Risk Rating]], [[Risk_Assessment|Risk Assessment]], [[Risk_Level|Risk Level]], [[Period_of_Disruption|Period of Disruption]]. | ||
− | + | '''''Notes (1)''''': During the [[Risk_Assessment|risk assessment]], there will be some risk that were identified to be too expensive to mitigate or the [[Risk_Likelihood|risk likelihood]] is too low or a combination of both. The level of risk that an organization is willing to accept should be based on the likely consequence of a certain risk occurring. | |
− | '''''Notes ( | + | '''''Notes (2)''''': Risk appetite varies from organization to organization as the level of risk that an organization is willing to take is dependence on the organization's nature of business and the [[Executive_Management|executive management]] team managing the organization. |
− | + | [[File:3D BCM Series Analyzing and Reviewing in the context of BCM Books.jpg|thumb|left|140px|Analysing And Reviewing The Risks For Business Continuity Planning ]] | |
+ | {{BcmBoK 2 CL 2B}}<br/> <br/> {{BcmBoK 2 CL 2C}}<br/> <br/> {{BcmBoK 2 CL 2D}} | ||
− | + | | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | '''''Courses''''' | ||
+ | *[http://www.bcm-institute.org/courses/analyzing-and-reviewing-risk-col-313 Attend: Classroom: Risk Analysis Courses] | ||
+ | *[https://www.bcm-institute.org/courses/business-continuity-management-courses-2/bcm-competency-courses/competency-level-300/bcm-310-assessing-risk-and-business-impact-requirements/ Attend: Classroom: Competency-based Risk Analysis Courses] | ||
+ | *[http://www.bcm-institute.org/courses/risk-analysis-and-review Attend: E-Learning: Risk Analysis module] | ||
+ | {{Bcm Institute Source}} | ||
− | |||
− | |||
− | |||
− | |||
− | |||
|} | |} | ||
− | [[ | + | [[File:BCM Institute Risk Ratings and Levels.jpg|thumb|right|400px|BCM Institute Risk Ratings and Levels.jpg]] |
− | |||
− | |||
− | + | '''2.''' Amount and type of [[Risk|risk]] that an [[Organization|organization]] is willing to pursue or retain. | |
− | [[ | ||
− | [[ | ||
− | + | {{ISO 22301 Source}} - clause 3.49 | |
− | ''' | + | '''3.''' Total amount of risk that an [[Organization|organizationis]] prepared to accept, tolerate or be exposed to at any point in time.<br/> {{BS25999 Source}} |
− | + | '''4.''' Willingness of an [[Organization|organization]] to accept a defined level of risk. | |
− | + | {{BCI Source}} | |
− | + | {{ENISA Source}} | |
− | + | [[Category:BCM Institute Glossary]] [[Category:BCM Institute Crisis Management Glossary]] [[Category:BCM Institute DR Glossary]] [[Category:BcmBoK 2 CL 2B]] [[Category:BcmBoK 2 CL 2C]] [[Category:BcmBoK 2 CL 2D]] | |
− | |||
− |
Revision as of 07:38, 23 August 2017
1. Risk Appetite is amount and the type of risks that an organization is willing to take in or absorb.
Notes (1): During the risk assessment, there will be some risk that were identified to be too expensive to mitigate or the risk likelihood is too low or a combination of both. The level of risk that an organization is willing to accept should be based on the likely consequence of a certain risk occurring. Notes (2): Risk appetite varies from organization to organization as the level of risk that an organization is willing to take is dependence on the organization's nature of business and the executive management team managing the organization.
Courses
|
2. Amount and type of risk that an organization is willing to pursue or retain.
(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.49
3. Total amount of risk that an organizationis prepared to accept, tolerate or be exposed to at any point in time.
(Source: British Standard BS25999-1:2006 Code of Practice for Business Continuity Management)
4. Willingness of an organization to accept a defined level of risk.
(Source: Business Continuity Institute - BCI)
(Source: ENISA - the European Network and Information Security Agency. BCM & Resilience Glossary)