风险管理

¨     [ISO/IEC 17799:2000]

    Process of identifying, controlling and minimizing or eliminating security risks that may affect information systems, for an acceptable cost.

    以可接受的费用识别、控制、降低或消除可能影响信息系统的安全风险的过程。

¨     [ISO Guide 73:2002]

         Coordinated activities to direct and control an organization with regard to risk.

    指导和控制组织风险的协调活动

    NOTE: Risk management typically includes risk assessment, risk treatment, risk acceptance and risk communication

    注：风险管理活动一般包括风险评估、风险处理、风险接受和风险沟通。

¨    [ISO/IEC TR 13335-1:2004]

    The total process of identifying, controlling, and eliminating or minimizing uncertain events that may affect IT system resources.

    识别、控制、消除或降低不期望事件影响IT系统资源的全过程。