The IT Law Wiki

Risk tolerance

32,296pages on
this wiki
Add New Page
Talk0 Share

Definitions Edit

Risk tolerance (or risk threshold) is

[t]he level of risk an entity is willing to assume in order to achieve a potential desired result."[1]
[t]he criteria against which stakeholders evaluate a risk. Different risk tolerances may be defined for each risk, risk category, or combination of risks. Exceeding a risk threshold is a condition that triggers some action.[2]
[t]he organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives.[3]
[t]he defined impacts to an enterprise's information systems that an entity is willing to accept.[4]

Overview Edit

"Risk tolerance affects all components of the risk management process — having a direct impact on the risk management decisions made by senior leaders/executives throughout the organization and providing important constraints on those decisions."[5]

"Risk tolerance can be influenced by legal or regulatory requirements."[6]

References Edit

  1. NIST Special Publication 800-32.
  2. California Office of Systems Integration, Definitions (full-text).
  3. NIST Special Publication 800-160, at B-9.
  4. CNSSI 4009.
  5. NIST Special Publication 800-39, at 14.
  6. NIST Special Publication 800-160, at B-9.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Also on Fandom

Random Wiki