The IT Law Wiki

Risk tolerance

32,068pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

Risk tolerance (or risk threshold) is

[t]he level of risk an entity is willing to assume in order to achieve a potential desired result."[1]
[t]he criteria against which stakeholders evaluate a risk. Different risk tolerances may be defined for each risk, risk category, or combination of risks. Exceeding a risk threshold is a condition that triggers some action.[2]
[t]he organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives.[3]
[t]he defined impacts to an enterprise's information systems that an entity is willing to accept.[4]

Overview Edit

"Risk tolerance affects all components of the risk management process — having a direct impact on the risk management decisions made by senior leaders/executives throughout the organization and providing important constraints on those decisions."[5]

"Risk tolerance can be influenced by legal or regulatory requirements."[6]

References Edit

  1. NIST Special Publication 800-32.
  2. California Office of Systems Integration, Definitions (full-text).
  3. NIST Special Publication 800-160, at B-9.
  4. CNSSI 4009.
  5. NIST Special Publication 800-39, at 14.
  6. NIST Special Publication 800-160, at B-9.

Also on Fandom

Random Wiki