Strategic Management: Risk Assessment (Definitions)

"An evaluation of the risks and possible bad outcomes an organization faces and the likelihood these may occur." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"identifying and aggregating the risks facing the organization." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"The overall process of risk identification, risk analysis, and risk evaluation." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"'analyze assets’ value, identify threats and evaluate their vulnerability to those threats" (ITIL)

"the overall process of risk identification, risk analysis and risk evaluation" (ISO Guide 73:2009) 

"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. (NIST SP 800-137)

"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses." (NIST SP 800-18)

"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system." (NIST SP 800-171)

Strategic Management: Assessment (Definitions)

"Evaluation of an an organization’s process performance capability against a model (e.g., Automotive SPICE PAM). The goal is the rating and improvement of processes (process capability)." (Lars Dittmann et al, "Automotive SPICE in Practice", 2008)

"(1) The comparison of the actual environment and data to requirements and expectations. (2) The first high-level step in the Information and Data Quality Improvement Cycle." (Danette McGilvray, "Executing Data Quality Projects", 2008)

"An appraisal that an organization does internally for the purposes of process improvement. The word assessment is also used in the People CMM in an everyday English sense (e.g., performance assessment)." (Sally A Miller et al, "People CMM: A Framework for Human Capital Management" 2nd Ed., 2009)

"A judgment about the implications of an influencer on either one or more means (such as particular courses of action) or one or more ends, such as particular desired results." (David C Hay, "Data Model Patterns: A Metadata Map", 2010)

"Activity of determination of quantitative or qualitative value of a product, service, activity, process in regard to given quality or acceptance criteria." (IQBBA, "Standard glossary of terms used in Software Engineering", 2011)

"Assessment is the process of evaluating or estimating the nature, ability, or quality of a thing. As a synonym for measurement, assessment implies the need to compare one thing to another in order to understand it. Assessment implies drawing a conclusion - evaluating - the object of the assessment (NOAD) whereas measurement does not always imply so." (Laura Sebastian-Coleman, "Measuring Data Quality for Ongoing Improvement ", 2012)

"Evaluation of an organization's successful execution of processes and standards. For OPM3, various tools to assess organizational project management maturity exist in the marketplace with variations of granularity." (Project Management Institute, "Organizational Project Management Maturity Model (OPM3)" 3rd Ed., 2013)

"The outcome of an evaluation of a process or event. Example: a scored exam constitutes an assessment of learning." (Gregory Lampshire, "The Data and Analytics Playbook", 2016)

"A systematic evaluation process of collecting and analyzing data to determine the current, historical or projected compliance of an organization to a standard." (ASQ).

"inspection and analysis to check whether a standard or set of guidelines are being followed, that records are accurate, or that efficiency and effectiveness targets are being met" (ITIL)

Strategic Management: Business Impact Analysis (Definitions)

"The process of delineating the functions most critical to the survival of a business." (Yvette Ghormley, "Business Continuity and Disaster Recovery Plans", 2009)

"A management-level analysis which identifies the impacts of losing company resources. The BIA measures the effect of resource loss and escalating losses over time, in order to provide senior management with reliable data on which to base decisions concerning risk mitigation and continuity planning." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"A method or exercise to determine the impact of losing the support or availability of a resource." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"Aims to (a) identify critical business processes, stakeholders, assets, resources and internal/external dependencies and (b) assesses and evaluates potential damages or losses at business level that may be caused by a threat to IT landscape." (Ulrich Winkler & Wasif Gilani, "Business Continuity Management of Business Driven IT Landscapes", 2012)

"A process used to analyze the business and identify critical functions and services. The BIA also helps the organization determine the cost impact of losing these functions and services. Organizations use the results as part of an overall business continuity plan." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)

"The identification of services and products that are critical to the organization." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"The process of analysing activities and the effect that a business disruption might have upon them." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"An exercise that determines the impact of losing the support of any resource to an organization, establishes the escalation of that loss over time, identifies the minimum resources needed to recover, and prioritizes the recovery of processes and supporting systems." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"A functional analysis in which a team collects data, documents business functions, develops a hierarchy of business functions, and applies a classification scheme to indicate each individual function’s criticality level." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"The analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"A business continuity management activity which is mainly intended for defining the core business functions, the recovery priorities regarding these functions and the corresponding time required for the resumption of each function." (Athanasios Podaras et al, "Regression-Based Recovery Time Predictions in Business Continuity Management: A Public College Case Study", 2021)

"Activity that identifies the VMF and their dependencies" (ITIL)

"An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption." (CNSSI 4009-2015)

Project Management: Risk assessment (Definitions)

"Describes risks under the initial project plan and may indicate areas of needed risk management." (Timothy J  Kloppenborg et al, "Project Leadership", 2003)

"A process to identify potential situations that could cause change to an effort from both internal and external forces, assign severity and priority ranks in order to determine overall risk, managing a situation or project to mitigate or minimize the occurrence of risk, and if the risk materializes, to minimize loss or damage." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

[Qualitative risk assessment:] "Mostly entirely subjective and therefore less accurate than quantitative risk assessments. However, their benefit is that they are much quicker to produce than the quantitative kind" (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

[Qualitative risk assessments:] "these are subjective in nature, and are generally expressed in verbal terms such as ‘high’, ‘medium’ and ‘low’. This is not an ideal state of affairs, as it renders risk assessments unreliable, and should be grounded in more rigorously." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"An analysis of threats and vulnerabilities against assets. A risk assessment allows the risks to be prioritized." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"A process used to quantitatively or qualitatively determine the risk associated with an actual or hypothesized system." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"The overall process of risk identification, risk analysis, and risk evaluation." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"'analyze assets’ value, identify threats and evaluate their vulnerability to those threats" (ITIL)

"the overall process of risk identification, risk analysis and risk evaluation" (ISO Guide 73:2009) 

"The process of identifying and subsequently analyzing the identified project or product risk to determine its level of risk, typically by assigning likelihood and impact ratings."  (ISTQB)

Data Management: Accuracy (Definitions)

"(1) A qualitative assessment of correctness, or freedom from error. (2) A quantitative measure of the magnitude of error." (IEEE, "IEEE Standard Glossary of Software Engineering Terminology", 1990)

[accuracy (of measurement):] "Closeness of the agreement between the result of a measurement and a true value of the measurand." International Vocabulary of Basic and General Terms in Metrology, 1993)

"A qualitative assessment of freedom from error or a quantitative measure of the magnitude of error, expressed as a function of relative error." (William H Inmon, "Building the Data Warehouse", 2005)

"Accuracy is the closeness of a measured value to the true value." (Steve McKillup, "Statistics Explained: An Introductory Guide for Life Scientists", 2005)

"A data element’s degree of conformity to an established business measurement or definition. Data precision is the degree to which further measurements or definitions will show the same results." (Jill Dyché & Evan Levy, "Customer Data Integration: Reaching a Single Version of the Truth", 2006)

"Degree of conformity of a measure to a standard or a true value. Level of precision or detail." (Martin J Eppler, "Managing Information Quality" 2nd Ed., 2006)

"The accuracy reflects the number of times the model is correct." (Glenn J Myatt, "Making Sense of Data: A Practical Guide to Exploratory Data Analysis and Data Mining", 2006)

"An aspect of numerical data quality connected with a standard statistical error between a real parameter value and the corresponding value given by the data. Data accuracy is inversely proportional to this error." (Juliusz L Kulikowski, "Data Quality Assessment", 2009)

"An inherent quality characteristic that is a measure of the degree to which data agrees with an original source of data (such as a form, document, or unaltered electronic data) received from an acknowledged source outside the control of the organization." (David C Hay, "Data Model Patterns: A Metadata Map", 2010) [accuracy in regard to a surrogate source]

"An inherent quality characteristic that is a measure of the degree to which data accurately reflects the real-world object or event being described. Accuracy is the highest degree of inherent information quality possible." (David C Hay, "Data Model Patterns: A Metadata Map", 2010) [accuracy in regard to reality]

"Freedom from mistakes or error, conformity to truth or to a standard, exactness, the degree of conformity of a measure to a standard or true value. (Michael Brackett, 2011)

"The degree to which a data attribute value closely and correctly describes its business entity instance (the 'real life' entities) as of a point in time." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"Accuracy is the quality or state of being correct or precise; accurate information is correct in all details (NOAD)." (Laura Sebastian-Coleman, "Measuring Data Quality for Ongoing Improvement ", 2012)

"Within the quality management system, accuracy is an assessment of correctness." (For Dummies, "PMP Certification All-in-One For Dummies" 2nd Ed., 2013)

"How closely a measurement or assessment reflects the true value. Not to be confused with precision [...]" (Kenneth A Shaw, "Integrated Management of Processes and Information", 2013)

"Accuracy is defined as a measure of whether the value of a given data element is correct and reflects the real world as viewed by a valid real-world source (SME, customer, hard-copy record, etc.)." (Rajesh Jugulum, "Competing with High Quality Data", 2014)

"Within the quality management system, accuracy is an assessment of correctness." (Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK® Guide)" 6th Ed., 2017)

"The degree to which the data reflect the truth or reality. A spelling mistake is a good example of inaccurate data." (Piethein Strengholt, "Data Management at Scale", 2020)

"The degree to which the semantic assertions of a model are accepted to be true." (Panos Alexopoulos, "Semantic Modeling for Data", 2020)

"The degree of how closely the data represents the true value of the attribute in the real-world context." (Zhamak Dehghani, "Data Mesh: Delivering Data-Driven Value at Scale", 2021)

"Closeness of computations or estimates to the exact or true values that the statistics were intended to measure." (SDMX) 

"The capability of the software product to provide the right or agreed results or effects with the needed degree of precision." [ISO/IEC 25000]

 "The closeness of agreement between an observed value and an accepted reference value." (American Society for Quality)

"The term “accuracy” refers to the degree to which information accurately reflects an event or object described." (Precisely) [source]