Risk tolerance

Definitions[]

Risk tolerance (or risk threshold) is

“

[t]he level of risk an entity is willing to assume in order to achieve a potential desired result."^[1]

”

“

[t]he criteria against which stakeholders evaluate a risk. Different risk tolerances may be defined for each risk, risk category, or combination of risks. Exceeding a risk threshold is a condition that triggers some action.^[2]

”

“

[t]he organization's or stakeholder's readiness to bear the risk after risk treatment in order to achieve its objectives.^[3]

”

“

[t]he defined impacts to an enterprise's information systems that an entity is willing to accept.^[4]

”

Overview[]

"Risk tolerance affects all components of the risk management process — having a direct impact on the risk management decisions made by senior leaders/executives throughout the organization and providing important constraints on those decisions."^[5]

"Risk tolerance can be influenced by legal or regulatory requirements."^[6]

References[]

↑ NIST Special Publication 800-32.
↑ California Office of Systems Integration, Definitions (full-text).
↑ NIST Special Publication 800-160, at B-9.
↑ CNSSI 4009.
↑ NIST Special Publication 800-39, at 14.
↑ NIST Special Publication 800-160, at B-9.

[1] NIST Special Publication 800-32.

[2] California Office of Systems Integration, Definitions (full-text).

[3] NIST Special Publication 800-160, at B-9.

[4] CNSSI 4009.

[5] NIST Special Publication 800-39, at 14.

[6] NIST Special Publication 800-160, at B-9.

[1]

[2]

[3]

[4]

[5]

[6]