User:Tule-hog/Risk diaries
There should be a WikiProject Risk Management - the articles are scattered and of highly varying quality, lacking definitional and structural cohesion. Perhaps it could be a subproject of a wider WikiProject Security (might help with CompSec scope creep). Should be made useful somehow to WikiProject Risk.
It should be concerned with business/enterprise/institutional/organizational risk management, as opposed to the (already defined via WikiProject Disaster Management) more societal/governmental emergency management (sometimes called disaster management, however there is the confusing terminology of BCDR which uses 'disaster' to specifically distinguish IT assets) - although there is plenty of overlap.
How to start?
[edit]Back to basics, similar to Wikiversity:Risk Management.
According to ISO 31000, "the purpose of risk management is the creation and protection of value."[1]
- Compare with business operations, "the harvesting of value from assets owned by a business." With this it would seem even business operations are subsumed by a properly scoped risk management framework.
Further
[edit]Perhaps seeing all the content next to each other will help - obviously a WikiProject would do this with tags.
Amassing
[edit](serious scope creep from too much CompSec)
Articles
[edit]- Risk
- Threat
- Vulnerability
- Exploit
- Failure
- Incident
- Security
- Outline of computer security
- Security control
- Security policy
- Security level
- Security software
- Cyber security regulation
- IT security
- Data security
- Security convergence
- Physical security
- Information security
- Information security indicators
- Information security policy (doesn't link anywhere meaningful)
- Information security standards
- Security orchestration
- Intelligence
- Mitigation
- Enterprise
- Business
- Outline of business
- BCDR, which references BCP and DR
- Business impact analysis
- Business process
- Business operations
- Change control
- Continuous monitoring
- Information architecture
- Enterprise architecture
- Information design
- Governance framework
- Risk management framework (links to the NIST framework, should be made a general article)
- Computer security model
- Backup
- Critical systems
- Mission critical
- Dependability
- Downtime
- Mean time between failure (feels like mean-time articles need collecting)
- Mean time to repair
- Mean time to first failure
- Mean down time
- Failing badly
- Indicator of compromise
- Authentication
- Validation and verification
- Proactive cyber defense
- Computer emergency response team
- Lateral movement (cybersecurity)
- Data architecture
- Decision support system
- Content management system
- System integration
- CIA triad
- Separation of mechanism and policy
- Protection mechanisms
- Enforcement
- Computer standards
- Security standards
Theories
[edit]Practices
[edit]- Management
- Risk management
- Asset management
- Content management
- Document management
- Data management (great topics section)
- Knowledge management
- Ignorance management
- Information management
- IT management
- Vulnerability management
- Threat management
- Strategic management
- Security management
- Change management
- Change management (engineering)
- Change management (ITSM) (looks to have been gutted via vandalism, fix this)
- Decision management
- Incident management (Incident response redirects here, but could be an article or at least section)
- Computer security incident management
- Incident management (ITSM) (looks to have been gutted via vandalism, fix this)
- Identity management
- Problem management (looks to have been gutted via vandalism, fix this)
- Human resources management
- Records management
- Administration
- Governance
- Business governance (article poorly distinguishes between Corporation and Business)
- Risk governance
- Data governance
- Information governance
- IT governance
- Internet governance
- Website governance
- Project governance
- Security governance
- Engineering
- Forensics
- Operations, administration, and management
- Governance, risk management, and compliance
Categories
[edit]References
[edit]- ^ "4 Principles". ISO 31000:2018 — Risk management — Guidelines. Feb 2018.