Policies of the Use of Citizen Participative Services
                             in the Context of Public Administration...
Index

Introduction and Global View

Services

Methodology

Dangers

Risk Control

Examples
Introduction
The Future of the Web
●
    Web 1.0: People connecting to the Web for
    Information: Unidirectional from the editors to
...
Advantages of Web 2.0
●
    Provides a meeting point for all agents involved in the
    smooth running of society
●
    In...
Global View
Goals
●
    Develop a methodology to extract the maximum
    benefit of the web 2.0 paradigm, minimizing its
    risks
●
 ...
Participants
●
    Internal Staff: Contractual Relationship, indefinite
    stay
●
    Hired Staff: Contractual Relationsh...
Identification Level

●
    Absolute identification by direct means: ID
    Card, Passport or similar.
●
    Absolute iden...
Authentication Level

●
    Biometric means: Biological Data
●
    Safe Network: Connection from a controlled
    Network ...
Services
Services

    Collective generation of information:
     − Blogs or Weblogs
       
         Other options: Microblogs o...
Services

    Multimedia Contents (photos, audio, video,
    flash, etc.):
     − Photo Album or gallery
     − Podcast
 ...
Services

    Information Export:
     − Content syndication (RSS, Atom)
     − Publishing of information in semantic for...
Services

    Relationships between people:
     − Chat or cybertalk
        
          Instant Messaging
        
    ...
Methodology
Risk Management Process

    Definition of the Global Strategy

    Risk Identification

    Initial Risk Evaluation

...
Risk Management Process

                          Global
                         Strategy
   Data
 Collection           ...
Risk Calculation




Risk = Probability x Impact
Quantification of the Probability


    High: The hazardous event will happen
    regularly

    Medium: The hazardous e...
Quantification of the Impact


    Severe or extremely harmful event: The
    damage would be very important if the
    d...
Risk Quantification


                                    Co nseq uences (impact)
                         M ild         H...
Risk Evaluation

               Risk = Probability x Impact


    T: Trivial (No specific actions are required)

    TO:...
Dangers
Dangers

    R01: Violation of personal privacy, honor or self-image of people

    R02: Revelation and disclosure of se...
Dangers

    R14: Low quality of the contributions

    R15: Spreading rumors and false information

    R16: Loss of c...
Dangers

    R31: SPAM or unsolicited massive messages

    R32: Sabotage: malware, virus, trojans, spyware,...

    R3...
Consequences

    Legal: Legal action that could be taken against the
    organization due to contents published by third...
Risk Control
Proactive or preventive measures

    Definition and information of the conditions of use of the services

    Informati...
Reactive or corrective measures

    Removal or modification of already published content

    Direct participation in t...
Supervision or monitoring

    Active surveillance of published contents by the organization

    Warning system to allo...
Examples (mailing lists)
Example: Illegal Contents
   Initial Probability (danger)   Initial Consequences (damage)           Initial Risk

        ...
Example: SPAM
   Initial Probability (danger)      Initial Impact (damage)          Initial Risk

             High       ...
Example: Low Participation
    Initial Probability (danger)   Initial Consequences (damage)          Initial Risk

       ...
Policies of the Use of Citizen Participative Services
                             in the Context of Public Administration...
Authors

    Promoted and developed by:
     − Gobierno del Principado de Asturias - http://www.asturias.es
     − CTIC C...
License

All the contents included in this work belong to Fundación CTIC and are
protected by the intellectual and industr...
Upcoming SlideShare
Loading in …5
×

Risk management in participative web (2008)

498 views

Published on

Published in: Business, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
498
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Risk management in participative web (2008)

  1. 1. Policies of the Use of Citizen Participative Services in the Context of Public Administrations Risk Management in Participative Web Miriam Ruiz - Fundación CTIC miriam.ruiz@fundacionctic.org
  2. 2. Index Introduction and Global View Services Methodology Dangers Risk Control Examples
  3. 3. Introduction
  4. 4. The Future of the Web ● Web 1.0: People connecting to the Web for Information: Unidirectional from the editors to the readers. ● Web 2.0: People connecting to People: social networks, wikis, colaboration, possibility of sharing. ● Web 3.0: Web applications connecting to other web applications to enrich people's experience.
  5. 5. Advantages of Web 2.0 ● Provides a meeting point for all agents involved in the smooth running of society ● Information sharing: knowledge, experiences, suggestions or complaints ● Active collaboration and greater protagonism and involvement of citizens ● Vehicle for providing new ideas to the Public Administration ● Collective generation and gathering of knowledge ● More transparency in the Public Administration ● Continuous improvement of public services
  6. 6. Global View
  7. 7. Goals ● Develop a methodology to extract the maximum benefit of the web 2.0 paradigm, minimizing its risks ● Have a knowledge as accurate as possible of the web 2.0 phenomenon and its consequences ● Obtain the highest signal/noise ratio possible from the information generated in a decentralized way ● Systematize the design of new web 2.0 services
  8. 8. Participants ● Internal Staff: Contractual Relationship, indefinite stay ● Hired Staff: Contractual Relationship, temporary stay ● External People: No contractual relationship, they use the services provided ● Outsiders: No kind of relationship established ● Anonymous People: Unidentified
  9. 9. Identification Level ● Absolute identification by direct means: ID Card, Passport or similar. ● Absolute identification by indirect means: Telephone number or similar. ● Weak identification (pseudonym): Alias, e-mail, OpenID or similar. ● Anonymous participation: There is nothing that can identify the person
  10. 10. Authentication Level ● Biometric means: Biological Data ● Safe Network: Connection from a controlled Network (Intranet) ● Strong Authentication: e-ID, digital signature, etc. ● Intermediate Authentication: Private secret data ● Weak Authentication: Password ● No Authentication: No authentication
  11. 11. Services
  12. 12. Services  Collective generation of information: − Blogs or Weblogs  Other options: Microblogs or nanoblogs, photoblogs, videoblogs or vblogs − Discussion boards − Mailing lists − Wikis − Survey − Comments − Contests
  13. 13. Services  Multimedia Contents (photos, audio, video, flash, etc.): − Photo Album or gallery − Podcast − Video Podcast, Vidcast or Vodcast  Collective Classification of Contents: − Evaluation − Tags, folksonomies and tag clouds − Classification systems based on reputation
  14. 14. Services  Information Export: − Content syndication (RSS, Atom) − Publishing of information in semantic formats (RDF, RDFa) − Open APIs  Content Integration: − Blog aggregators, planets or metablogs − Mashups or hybrid web applications
  15. 15. Services  Relationships between people: − Chat or cybertalk  Instant Messaging  Web Conferences  Audio and Video Conferences  Virtual Worlds − Social Networks  Commercial or Economical Exchanges
  16. 16. Methodology
  17. 17. Risk Management Process  Definition of the Global Strategy  Risk Identification  Initial Risk Evaluation  Planification of measures to reduce the risks  New Risk Evaluation  Risk Control (application of planned measures)  Data Collection  Periodic Review
  18. 18. Risk Management Process Global Strategy Data Collection Risk Identification Risk Control Initial Risk Evaluation Final Risk Evaluation Definition of Measures to Control the Risks
  19. 19. Risk Calculation Risk = Probability x Impact
  20. 20. Quantification of the Probability  High: The hazardous event will happen regularly  Medium: The hazardous event will happen from time to time  Low: The hazardous event will occur rarely  Null: It's extremelly unlikely for the dangerous event to occur
  21. 21. Quantification of the Impact  Severe or extremely harmful event: The damage would be very important if the dangerous event happened  Serious or harmful event: The damage would be considerable  Mild or slightly harmful event: The damage would not be too important  Harmless: There would be almost no damage even when the incident occurred
  22. 22. Risk Quantification Co nseq uences (impact) M ild Ha rm ful Severe Probability Low Trivial Tolerable Moderate (danger) M edum Tolerable Moderate Important Hig h Moderate Important Intolerable
  23. 23. Risk Evaluation Risk = Probability x Impact  T: Trivial (No specific actions are required)  TO: Tolerable (Improvements that do not imply a big cost. Regular checks)  MO: Moderate (Efforts to reduce risk)  I: Important (A new service shall not be started. Prioritize the solution of the problem if the service is already running)  IN: Intolerable (Stop the service inmediately)
  24. 24. Dangers
  25. 25. Dangers  R01: Violation of personal privacy, honor or self-image of people  R02: Revelation and disclosure of secrets or confidential information  R03: Illegal contents or illegal advocacy of crime  R04: Undesired contents or advocacy of undesired activities  R05: Exchanges of attacks or insults  R06: Threats  R07: Continuous psychological harassment  R08: Sexual harassment  R11: Use of the platform for personal or business promotion  R12: Negative advertisement or destructive or negative participation  R13: Irrelevant matters or unrelated to the topic being treated (off- topic)
  26. 26. Dangers  R14: Low quality of the contributions  R15: Spreading rumors and false information  R16: Loss of confidence in the service  R17: Loss of credibility of the institution  R18: Forced participation of third parties  R21: Violation of protection rights of personal data  R22: Infringement of intellectual property rights of third persons  R23: Impersonation  R24: Violation of the protection rights of minors  R25: Fraud  R26: Deception or phishing
  27. 27. Dangers  R31: SPAM or unsolicited massive messages  R32: Sabotage: malware, virus, trojans, spyware,...  R33: Massive subscription  R34: Massive theft of personal data  R35: Accesibility problems  R41: Low participation  R42: Massive use of the service (“die of success”)  R43: Biased participation or restricted to a part of the population  R44: Emergency of power groups  R51: Inappropriate use in external information services
  28. 28. Consequences  Legal: Legal action that could be taken against the organization due to contents published by third persons  Mediatic or Image-related: Potential impact on the media of the contents published in the collaborative services  Economical: Financial or monetary consequences that may affect the organization  Technical: Potential problems of a technical nature that, involuntarily or on purpose, may be caused by other people with their participation  Social: Related to the inherent quality of the service for users
  29. 29. Risk Control
  30. 30. Proactive or preventive measures  Definition and information of the conditions of use of the services  Information and appropriate management of personal data  Terms of licensing of the information and published contents  Adequate information to the users of the services  Training the staff of the organization  Collaboration with copyright management organizations  Limiting the involvement of minors  Moderation prior to publication of contents provided by third parties  Automatic filtering based on the format or the content  Use of captchas (semantic or accesible)  Identification and authentication of participants  Restrictions on access to the contents or to participation  Dinamization and motivation from within the community  Proper planning of the starting up of the services
  31. 31. Reactive or corrective measures  Removal or modification of already published content  Direct participation in the service by the organization  Collective moderation by the community itself  Canceling of user accounts  Denial of access to a service  Definition of contingency plans  Notification or formal complaints to competent authorities
  32. 32. Supervision or monitoring  Active surveillance of published contents by the organization  Warning system to allow the community itself to alert of problems  Availability of an email account for personalized alerts  Active surveillance of impact and contents reuse in external services  Automated mechanisms for review of the published contents
  33. 33. Examples (mailing lists)
  34. 34. Example: Illegal Contents Initial Probability (danger) Initial Consequences (damage) Initial Risk High Harmful Important Proba- Conse- Measures Taken bility quences Identification and authentication of participants ↓ = Moderation based on user's reputation ↓ = Automatic filtering of contents ↓ = Removal of the message = ↓ Warnings from other users = ↓ Final Probability (danger) Final Consequences (damage) Final Risk Medium Mild Moderate
  35. 35. Example: SPAM Initial Probability (danger) Initial Impact (damage) Initial Risk High Mild Moderate Proba- Conse- Measures Taken bility quences Identification and authentication of participants ↓ = Moderation based on user's reputation ↓ = Automatic anti-SPAM filtering ↓↓ = Removal of the message = ↓ Warnings from other users = ↓ Final Probability (danger) Final Impact (damage) Final Risk Low Mild Trivial
  36. 36. Example: Low Participation Initial Probability (danger) Initial Consequences (damage) Initial Risk High Mild Moderate Proba- Conse- Measures Taken bility quences Identification and authentication of participant ↑ = Moderation based on user's reputation ↑ = Motivate users for participation ↓ = Provide interesting contents from the organization ↓ = Publicize the list ↓ = Final Probability (danger) Final Consequences (damage) Final Risk Medium Mild Tolerable
  37. 37. Policies of the Use of Citizen Participative Services in the Context of Public Administrations Risk Management in Participative Web Miriam Ruiz - Fundación CTIC miriam.ruiz@fundacionctic.org
  38. 38. Authors  Promoted and developed by: − Gobierno del Principado de Asturias - http://www.asturias.es − CTIC Centro Tecnológico - http://www.fundacionctic.org  Members of the Working Group, in Alphabetical Order: − Eloy Braña Gundin (Principado de Asturias) − Chus García (Fundación CTIC) − Marc Garriga (Ayuntamiento de Barcelona) − Raquel Gisbert (Ayuntamiento de Barcelona) − Mª Carmen Herrera (Principado de Asturias) − Dolors Pou (Xperience Consulting) − Andrés Ramos Gil de la Haza (Bardají & Honrado Abogados) − José Luis Rodríguez (Principado de Asturias) − Miriam Ruiz González (Fundación CTIC)
  39. 39. License All the contents included in this work belong to Fundación CTIC and are protected by the intellectual and industrial property rights granted by law. Their use, reproduction, distribution, public communication, availability, processing or any other similar or analogous activity is totally prohibited, except in the cases that are explicitly allowed by the license under which it is published. Fundación CTIC reserves the right to pursue legal action as appropriate against those who violate or infringe their intellectual property and / or industrial rights. This work is published under a Creative Commons license Attribution-ShareAlike 3.0 (CC-by-sa 3.0). To read the text of this license, visit http://creativecommons.org/licenses/by-sa/3.0/

×