richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iso27diy-corp/Corpus/Sparks/Risk appetite.md

15 lines
No EOL
876 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Risk appetite is "The types and amount of risk, on a broad level, an organization is willing to accept in its pursuit of value." [NIST](https://csrc.nist.gov/glossary/term/risk_appetite)
According to the PMBOK® Guide [(source)](http://cybersecurity-materiality.com/):
- Risk Tolerance is the _"specified range of acceptable results."_
- Risk Threshold is the _"level of risk exposure above which risks are addressed and below which risks may be accepted."_
- Risk Appetite is the _"degree of uncertainty an organization or individual is willing to accept in anticipation of a reward."_
Articulate the risk appetite to:
- help guide risk and reward decision-making
- help to embed the right risk culture
See [Topical InfoSec Kanbans](../Literature%20notes/Topical%20InfoSec%20Kanbans.md) for inspiration.
See also [Risk tolerance](../Sparks/Risk%20tolerance.md)
Reference in a new issue View git blame Copy permalink