The document discusses policies for using citizen participation services in public administrations. It outlines the risks of participatory web services, including privacy violations, spreading of rumors, and technical issues. The document proposes a risk management methodology involving identifying risks, evaluating their probability and impact, planning risk reduction measures, and periodic review. It also provides examples of dangers and proactive/reactive measures to control risks.
Qu'est-ce que le web collaboratif ? Du participatif au collaboratifevy32000
Introduction à la Journée d'étude sur le web collaboratif dans les services d'archives et dans les institutions culturelles, organisée par Anne-Marie Bruleaux, Cresat, Muhouse, 28 septembre 2012.
The document discusses challenges around misinformation, hate speech, and violent extremism online. It outlines some potential solutions companies could take, including defining clear policies, changing products/algorithms, and manual review processes. Specifically, it recommends building better signals to predict quality content, improving detection of queries requiring quality results, and implementing "flight to quality" algorithms to boost trusted sources for at-risk topics. It also discusses proactively monitoring for misinformation during crises and extending reactive processes used in crises to broader monitoring.
The document summarizes a presentation given on data protection impact assessments (DPIAs) and the challenges of conducting them. It discusses the GDPR requirements for DPIAs, potential challenges like ensuring the right expertise, transparency of the process, and quality of the assessment. It also provides a case study of the iTRACK project, which developed an intelligent tracking platform for humanitarian aid workers, and describes their experience conducting an ethics and privacy impact assessment.
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
This document discusses leveraging cybersecurity best practices to support cognitive security goals related to disinformation and misinformation. It outlines three layers of security - physical, cyber, and cognitive security. It then provides examples of cognitive security risk assessment and mapping the risk landscape. Next, it discusses working together to mitigate and respond to risks through proposed cognitive security operations centers. Finally, it provides a hypothetical example of conducting a country-level risk assessment and designing a response strategy. The document advocates adapting frameworks and standards from cybersecurity to help conceptualize and coordinate cognitive security challenges and responses.
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
This document summarizes key topics from a presentation on cybersecurity issues and legal considerations, including:
1) Cyberattacks pose a significant and growing threat, with annual global costs of cybercrime estimated to rise from $3 trillion currently to $6 trillion by 2021. Data breaches continue to mount in size and frequency.
2) Responding to cyber incidents involves substantial costs beyond direct remediation, including brand impact, lost revenue, legal claims, and government fines. Companies are often under-resourced to address cybersecurity issues fully.
3) Bug bounty programs and security researchers can help companies identify vulnerabilities, but legal risks remain around disclosure of vulnerabilities to regulators or the public. Careful management
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
This document summarizes a presentation on cybersecurity legal issues for companies. It discusses the growing costs and impacts of cyberattacks like data breaches and ransomware. Bug bounty programs that hire security researchers are presented as a way for companies to find vulnerabilities, but they may also increase legal obligations to notify breaches. The role of legal counsel in addressing these issues is examined, including maintaining technical competence. Elements of effective cybersecurity programs and incident response planning are outlined to help mitigate risks and consequences.
Insider threats come in a variety of forms and may be malicious or simply the result of negligence. Insider attacks can cause more damage than outsider threats, so it is important that organizations understand how to protect against and remedy insider threats. Learn more about insider threats and GTRI's Insider Threat Security Solution in this presentation. (Source: GTRI)
This presentation includes information about Cisco Stealthwatch, which goes beyond conventional threat detection and harnesses the power of NetFlow. With it, you get advanced network visibility, analytics, and protection. You see everything happening across your network and data center. And you can uncover attacks that bypass the perimeter and infiltrate your internal environment. (Source: Cisco)
Qu'est-ce que le web collaboratif ? Du participatif au collaboratifevy32000
Introduction à la Journée d'étude sur le web collaboratif dans les services d'archives et dans les institutions culturelles, organisée par Anne-Marie Bruleaux, Cresat, Muhouse, 28 septembre 2012.
The document discusses challenges around misinformation, hate speech, and violent extremism online. It outlines some potential solutions companies could take, including defining clear policies, changing products/algorithms, and manual review processes. Specifically, it recommends building better signals to predict quality content, improving detection of queries requiring quality results, and implementing "flight to quality" algorithms to boost trusted sources for at-risk topics. It also discusses proactively monitoring for misinformation during crises and extending reactive processes used in crises to broader monitoring.
The document summarizes a presentation given on data protection impact assessments (DPIAs) and the challenges of conducting them. It discusses the GDPR requirements for DPIAs, potential challenges like ensuring the right expertise, transparency of the process, and quality of the assessment. It also provides a case study of the iTRACK project, which developed an intelligent tracking platform for humanitarian aid workers, and describes their experience conducting an ethics and privacy impact assessment.
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
This document discusses leveraging cybersecurity best practices to support cognitive security goals related to disinformation and misinformation. It outlines three layers of security - physical, cyber, and cognitive security. It then provides examples of cognitive security risk assessment and mapping the risk landscape. Next, it discusses working together to mitigate and respond to risks through proposed cognitive security operations centers. Finally, it provides a hypothetical example of conducting a country-level risk assessment and designing a response strategy. The document advocates adapting frameworks and standards from cybersecurity to help conceptualize and coordinate cognitive security challenges and responses.
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
This document summarizes key topics from a presentation on cybersecurity issues and legal considerations, including:
1) Cyberattacks pose a significant and growing threat, with annual global costs of cybercrime estimated to rise from $3 trillion currently to $6 trillion by 2021. Data breaches continue to mount in size and frequency.
2) Responding to cyber incidents involves substantial costs beyond direct remediation, including brand impact, lost revenue, legal claims, and government fines. Companies are often under-resourced to address cybersecurity issues fully.
3) Bug bounty programs and security researchers can help companies identify vulnerabilities, but legal risks remain around disclosure of vulnerabilities to regulators or the public. Careful management
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
This document summarizes a presentation on cybersecurity legal issues for companies. It discusses the growing costs and impacts of cyberattacks like data breaches and ransomware. Bug bounty programs that hire security researchers are presented as a way for companies to find vulnerabilities, but they may also increase legal obligations to notify breaches. The role of legal counsel in addressing these issues is examined, including maintaining technical competence. Elements of effective cybersecurity programs and incident response planning are outlined to help mitigate risks and consequences.
Insider threats come in a variety of forms and may be malicious or simply the result of negligence. Insider attacks can cause more damage than outsider threats, so it is important that organizations understand how to protect against and remedy insider threats. Learn more about insider threats and GTRI's Insider Threat Security Solution in this presentation. (Source: GTRI)
This presentation includes information about Cisco Stealthwatch, which goes beyond conventional threat detection and harnesses the power of NetFlow. With it, you get advanced network visibility, analytics, and protection. You see everything happening across your network and data center. And you can uncover attacks that bypass the perimeter and infiltrate your internal environment. (Source: Cisco)
Why Risk Assessment Isn\’t Assurance of Safetytim_owen
The document discusses risk assessment for events. It defines risk assessment as a method to reduce or eliminate risks. The risk assessment process involves identifying potential risks, evaluating their severity and likelihood, developing plans to address risks, and reviewing and debriefing after the event. The goal of risk assessment is to have an event safety plan that minimizes risks and ensures the health and safety of the public.
Presentation at LACNIC21 by Mat Ford on some Internet Society projects that are underway relating to the resilience and security of the Internet routing system.
The document provides an agenda for maturing an information security (IS) program using the NIST Cybersecurity Framework and FFIEC Cybersecurity Maturity Assessment. It discusses reasons to mature cybersecurity posture such as data breaches and their impact on the economy. It then outlines the NIST Cybersecurity Framework including its functions, categories, and subcategories. It also describes the FFIEC Maturity Assessment Tool and its domains for evaluating an organization's cybersecurity maturity. The document shares details about how one organization used these frameworks to improve their cybersecurity program over time from an initial assessment to continuous improvement.
Cybersecurity and the regulator, what you need to knowCordium
The U.S. Securities and Exchange Commission (“SEC”) has begun to focus in earnest on cybersecurity-related issues at the SEC’s regulated investment adviser and broker-dealer firms. In April 2014, the SEC Office of Compliance Inspections and Examinations (“OCIE”) announced its Cybersecurity Initiative in a National Exam Program (“NEP”) Risk Alert. In response, this presentation will cover compliance and technological aspects of a cybersecurity risk assessment and steps firms are taking to enhance cybersecurity protections.
ETHICS IN CYBERSPACE.pptx Digital Empowermentnellykelly1663
ETHICS IN CYBERSPACE.pptx Digital Empowerment write about in 3000 words
In the digital age, ethics in cyberspace plays a crucial role in ensuring that technology is used safely and for the benefit of society. Digital empowerment, which involves providing individuals with the necessary skills, knowledge, and confidence to effectively use digital technologies, is a vital component of this ethics framework. Digital inclusion, which aims to bridge the digital divide and eliminate barriers to access and use of digital resources, is closely related to digital empowerment. The needs of digital empowerment include access to digital infrastructure, digital literacy and skills, education and training, digital confidence and motivation, content relevance and diversity, resistance to change and digital culture, sustainable funding and resources, and collaboration and community engagement[1].
Ethics in cyber space is concerned with understanding how actions affect others, knowing right from wrong, and taking responsibility. It involves studying ethics pertaining to computer networks and how technology affects individuals and society. Ethical issues in cyber space include privacy, access rights, and harmful actions. Common unethical cyber behaviors include cyberbullying, plagiarism, and violating privacy policies[2].
Digital empowerment has the potential to unleash economic growth and entrepreneurship through e-commerce in Africa. It enables entrepreneurs to start and grow businesses, reach a global customer base, and bypass traditional barriers of entry. However, it comes with challenges such as the digital divide, digital security and privacy, and the digital skills gap. Addressing these challenges requires investments in infrastructure, affordability, and digital literacy programs to ensure equal opportunities for all[4].
In conclusion, ethics in cyberspace is a crucial aspect of digital empowerment. It involves understanding the impact of actions on others, knowing right from wrong, and taking responsibility. Digital empowerment requires addressing several key needs, including access to digital infrastructure, digital literacy and skills, education and training, digital confidence and motivation, content relevance and diversity, resistance to change and digital culture, sustainable funding and resources, and collaboration and community engagement. Ethical issues in cyber space include privacy, access rights, and harmful actions, and common unethical cyber behaviors include cyberbullying, plagiarism, and violating privacy policies. Digital empowerment has the potential to unleash economic growth and entrepreneurship through e-commerce in Africa, but it comes with challenges such as the digital divide, digital security and privacy, and the digital skills gap.
Citations:
[1] Digital Inclusion and Digital Empowerment - LinkedIn https://www.linkedin.com/pulse/digital-inclusion-empowerment-ajay-dutta-fnivc
[2] Ethics in cyber space | PPT - SlideShare https
In today's digital age, the threat of ransomware and data breaches is a growing concern for individuals and businesses. Ransomware is a type of malicious software that blocks access to a computer system or encrypts valuable data until a ransom is paid. Data breaches occur when unauthorized individuals gain access to sensitive information, often resulting in financial loss and reputational damage. Recent high-profile ransomware attacks have targeted organizations in various sectors, emphasizing the need for robust cybersecurity measures. The impact of these attacks can be devastating, leading to significant financial losses and disruptions in services. To prevent ransomware attacks, regular data backups, robust cybersecurity measures, employee training, and the use of cybersecurity tools and technologies are essential. Cybersecurity awareness and training play a crucial role in mitigating risks, and organizations must be prepared to respond effectively to an attack. Understanding cyber attack statistics and trends helps in staying informed and adapting defenses. Collaboration between government, law enforcement, and the private sector is vital in combating cybercrime through information sharing, legislation, and enforcement efforts. It is crucial for individuals and organizations to stay vigilant, implement preventive measures, and leverage advanced security technologies to protect against evolving cyber threats.
ITHI: Identifier Technologies Health IndicatorsAPNIC
The document discusses the Identifier Technologies Health Indicators (ITHI) project, which aims to measure the health of the identifiers that ICANN helps coordinate over time. ITHI will focus initially on DNS names and IP addresses. It defines five problem areas to measure - bad data, abuse, excessive traffic, leakage, and lies. For each problem area, it provides definitions and discusses symptoms, causes, risk factors, impacts, and potential treatments. The document calls for community involvement to help define metrics to measure the problem areas.
Algorithmically Mediated Online Inforamtion Access workshop at WebSci17Ansgar Koene
This was a half-day UnBias project workshop at the WebSci'17 conference presenting some of the interim UnBias project results and engaging the audience in debate on issues related to the role of algorithms in mediated access to online information.
Workshop on Ethical, Legal, social Issues in Networked Information Exchange f...Trilateral Research
Trilateral Research Ltd is a London-based research company that provides services related to privacy, data protection, and emerging technologies. They are leading a project called iTRACK that aims to develop an intelligent tracking platform to monitor humanitarian aid workers and assets. The document discusses conducting an ethical and privacy impact assessment of iTRACK which will include stakeholder interviews and workshops to understand and mitigate risks. It also outlines key questions around ethics, data protection, and privacy that the assessment will examine.
Securing the Enterprise with Application Aware Acceptable Use PolicyAllot Communications
Jay Klein CTO of Allot Communications in this in depth presentation drills down into different aspects of enterprise security including the threat of anonymizers, application visibility and control.
This document provides an overview of protecting personal information and building an effective privacy program. It notes that information fraud is increasingly common, with employee abuse and external hacking as major causes. Personal data has become a commodity on underground markets. The document proposes a framework for enterprises to assign responsibilities, document policies, define incident response processes, and raise awareness. It also recommends gap assessments, retention schedules, security baselines, training strategies, and incident management processes to prepare an effective IT response for handling personal information and privacy incidents.
Information security – risk identification is allPECB
Karsten M. Decker is an expert in information security standards and risk identification. He currently works as the owner and CEO of Decker Consulting GmbH, and previously held positions including Managing Director of the Swiss Center for Scientific Computing and Assistant Professor at the University of Bern. He actively contributes to the development of ISO/IEC 27000 information security standards. The document provides an overview of information security risk identification, including why it is important, how it can be done, and what factors are critical to its success. It discusses preparing for the process, different approaches like event-based and asset-threat-vulnerability models, and requirements.
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docxalisondakintxt
Form Responses 1TimestampUntitled Question
Risk TableRisk IDID DateCause(s) Risk NameConsequenceRisk DetailsRisk Owner (Responsible Person or Group)ProbabilityImpactRisk ScoreResponse Action TypeResponse Actions111/6/22Internet problemstechnologicalZero access to systemsPoor internet Due to ISP issuesInternet providerLikelyMinorAcceptable Risk: MediumTransfer Automaic recover211/6/22incorrect information/dataData lossincomplete information/dataData in transit is corruptedcloud service providerUnlikelyMajorAcceptable Risk: MediumAvoiduse of software that will check the integrity of data311/6/22Denial of servicevendorrevenue loss/ system outageusers cannot access the systemvendorLikelyMajorAcceptable Risk: MediumTransfer Automaic recover411/6/22Cloud servive management interfaceRemote access to management interfacesince cloud service is public it posses a risk that hackers can access the systems remotelymost of te management activities are connected through the cloud and if hacked can couse major problemscloud service providerVery LikelyMajorUnacceptable Risk: HighAvoidimplement protection mechanisms511/6/22Programming errortechnologicalSofware sizes to workinability to have any work doneBallot OnlineVery LikelyMinorAcceptable Risk: LowAvoidhave a fall back option611/6/22data lossData lossboth company and client data lostoccurs when no back up facility has been initiatedcloud service providerUnlikelyModerateAcceptable Risk: LowMitigate There has to be a back up system put in place711/6/22Information that is stored by the cloud service provider is compromisedData breachcompany data become publicly accesiblecloud service provider does not take breach seriouly by faling to conduct testscloud service providerLikelyMajorUnacceptable Risk: Extremely HighAvoidobtain assurance from the provider that such a risk cannot occur811/6/22password breacheither insider or outsiderunauthorized accesspassword being to weakPersonel or IT departmentVery LikelyMajorUnacceptable Risk: HighMitigate come up with a strict password policy911/6/22data breachhackers/ vendorcompromized dataoccurs when sensitive data has been exposedcloud service providerVery LikelyMajorUnacceptable Risk: Extremely HighTransfer Data monitoring1011/6/22fire/floodenviromentalproperty damageextream weather or distastersBallot Online/ cloud service providerUnlikelyMajorUnacceptable Risk: Extremely HighAcceptDistaster recovery measuresSelect OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect On.
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsObserveIT
What in the world does insider threat have to do with the GDPR?
In this webinar, Neira Jones, one of Britain’s most well-known information security professionals, will discuss the major challenges presented by the new European General Data Protection Regulation (GDPR) with an emphasis on Insider Threats.
After viewing this informational webinar, you will understand:
• The new risk landscape and how working with European businesses will change
• The definition of insider threat and how it impacts the required preparations for the new GDPR
• Malicious vs. Unintentional risks
• How to enforce policies using ad-hoc education
• How the new regulation will force companies and employees into less risky behaviours
Critical Issues in School Board Cyber SecurityDan Michaluk
An hour presentation to school board officials in Ontario on cyber security issues, covering the threat environment, defense, incident response, threat information sharing and vendor issues.
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...Netpluz Asia Pte Ltd
- 360° Managed Cybersecurity is an integrated platform that provides comprehensive cybersecurity protection through features like attack prevention, threat detection, security assessments, and a security operations center.
- Small and medium enterprises are increasingly targeted by cyberattacks, with many lacking preparedness for risks associated with remote working.
- The platform addresses security challenges across multiple attack vectors and provides visibility through a single pane of glass with customizable policies, alerts, and monthly reporting.
Presentations from Smoothwall and Ampliphae at Networkshop46.
Managing Prevent duty through effective web content management - by Tom Newton, product manager, Smoothwall.
The hidden risks of SaaS and cloud applications and how to take back control - by Nigel Oakley, director of business development, Ampliphae.
MBTI (Myers-Briggs Type Indicator) (doc. v3)Miriam Ruiz
The document provides statistics on personality types based on the Myers-Briggs Type Indicator assessment, including percentages of types, descriptions of each type, and analyses using other frameworks such as DISC and Big Five. It examines the four dichotomies that make up types, the 16 personality types, their functions and dynamics, as well as healthy and destructive versions of each type.
El documento presenta diferentes escalas musicales, modos y conceptos relacionados con la teoría musical. Se muestran las escalas diatónicas de los siete modos, así como escalas cromáticas, armónicas y otros tipos de escalas musicales. También incluye representaciones del círculo cromático y el círculo de quintas.
More Related Content
Similar to Risk management in participative web (2008)
Why Risk Assessment Isn\’t Assurance of Safetytim_owen
The document discusses risk assessment for events. It defines risk assessment as a method to reduce or eliminate risks. The risk assessment process involves identifying potential risks, evaluating their severity and likelihood, developing plans to address risks, and reviewing and debriefing after the event. The goal of risk assessment is to have an event safety plan that minimizes risks and ensures the health and safety of the public.
Presentation at LACNIC21 by Mat Ford on some Internet Society projects that are underway relating to the resilience and security of the Internet routing system.
The document provides an agenda for maturing an information security (IS) program using the NIST Cybersecurity Framework and FFIEC Cybersecurity Maturity Assessment. It discusses reasons to mature cybersecurity posture such as data breaches and their impact on the economy. It then outlines the NIST Cybersecurity Framework including its functions, categories, and subcategories. It also describes the FFIEC Maturity Assessment Tool and its domains for evaluating an organization's cybersecurity maturity. The document shares details about how one organization used these frameworks to improve their cybersecurity program over time from an initial assessment to continuous improvement.
Cybersecurity and the regulator, what you need to knowCordium
The U.S. Securities and Exchange Commission (“SEC”) has begun to focus in earnest on cybersecurity-related issues at the SEC’s regulated investment adviser and broker-dealer firms. In April 2014, the SEC Office of Compliance Inspections and Examinations (“OCIE”) announced its Cybersecurity Initiative in a National Exam Program (“NEP”) Risk Alert. In response, this presentation will cover compliance and technological aspects of a cybersecurity risk assessment and steps firms are taking to enhance cybersecurity protections.
ETHICS IN CYBERSPACE.pptx Digital Empowermentnellykelly1663
ETHICS IN CYBERSPACE.pptx Digital Empowerment write about in 3000 words
In the digital age, ethics in cyberspace plays a crucial role in ensuring that technology is used safely and for the benefit of society. Digital empowerment, which involves providing individuals with the necessary skills, knowledge, and confidence to effectively use digital technologies, is a vital component of this ethics framework. Digital inclusion, which aims to bridge the digital divide and eliminate barriers to access and use of digital resources, is closely related to digital empowerment. The needs of digital empowerment include access to digital infrastructure, digital literacy and skills, education and training, digital confidence and motivation, content relevance and diversity, resistance to change and digital culture, sustainable funding and resources, and collaboration and community engagement[1].
Ethics in cyber space is concerned with understanding how actions affect others, knowing right from wrong, and taking responsibility. It involves studying ethics pertaining to computer networks and how technology affects individuals and society. Ethical issues in cyber space include privacy, access rights, and harmful actions. Common unethical cyber behaviors include cyberbullying, plagiarism, and violating privacy policies[2].
Digital empowerment has the potential to unleash economic growth and entrepreneurship through e-commerce in Africa. It enables entrepreneurs to start and grow businesses, reach a global customer base, and bypass traditional barriers of entry. However, it comes with challenges such as the digital divide, digital security and privacy, and the digital skills gap. Addressing these challenges requires investments in infrastructure, affordability, and digital literacy programs to ensure equal opportunities for all[4].
In conclusion, ethics in cyberspace is a crucial aspect of digital empowerment. It involves understanding the impact of actions on others, knowing right from wrong, and taking responsibility. Digital empowerment requires addressing several key needs, including access to digital infrastructure, digital literacy and skills, education and training, digital confidence and motivation, content relevance and diversity, resistance to change and digital culture, sustainable funding and resources, and collaboration and community engagement. Ethical issues in cyber space include privacy, access rights, and harmful actions, and common unethical cyber behaviors include cyberbullying, plagiarism, and violating privacy policies. Digital empowerment has the potential to unleash economic growth and entrepreneurship through e-commerce in Africa, but it comes with challenges such as the digital divide, digital security and privacy, and the digital skills gap.
Citations:
[1] Digital Inclusion and Digital Empowerment - LinkedIn https://www.linkedin.com/pulse/digital-inclusion-empowerment-ajay-dutta-fnivc
[2] Ethics in cyber space | PPT - SlideShare https
In today's digital age, the threat of ransomware and data breaches is a growing concern for individuals and businesses. Ransomware is a type of malicious software that blocks access to a computer system or encrypts valuable data until a ransom is paid. Data breaches occur when unauthorized individuals gain access to sensitive information, often resulting in financial loss and reputational damage. Recent high-profile ransomware attacks have targeted organizations in various sectors, emphasizing the need for robust cybersecurity measures. The impact of these attacks can be devastating, leading to significant financial losses and disruptions in services. To prevent ransomware attacks, regular data backups, robust cybersecurity measures, employee training, and the use of cybersecurity tools and technologies are essential. Cybersecurity awareness and training play a crucial role in mitigating risks, and organizations must be prepared to respond effectively to an attack. Understanding cyber attack statistics and trends helps in staying informed and adapting defenses. Collaboration between government, law enforcement, and the private sector is vital in combating cybercrime through information sharing, legislation, and enforcement efforts. It is crucial for individuals and organizations to stay vigilant, implement preventive measures, and leverage advanced security technologies to protect against evolving cyber threats.
ITHI: Identifier Technologies Health IndicatorsAPNIC
The document discusses the Identifier Technologies Health Indicators (ITHI) project, which aims to measure the health of the identifiers that ICANN helps coordinate over time. ITHI will focus initially on DNS names and IP addresses. It defines five problem areas to measure - bad data, abuse, excessive traffic, leakage, and lies. For each problem area, it provides definitions and discusses symptoms, causes, risk factors, impacts, and potential treatments. The document calls for community involvement to help define metrics to measure the problem areas.
Algorithmically Mediated Online Inforamtion Access workshop at WebSci17Ansgar Koene
This was a half-day UnBias project workshop at the WebSci'17 conference presenting some of the interim UnBias project results and engaging the audience in debate on issues related to the role of algorithms in mediated access to online information.
Workshop on Ethical, Legal, social Issues in Networked Information Exchange f...Trilateral Research
Trilateral Research Ltd is a London-based research company that provides services related to privacy, data protection, and emerging technologies. They are leading a project called iTRACK that aims to develop an intelligent tracking platform to monitor humanitarian aid workers and assets. The document discusses conducting an ethical and privacy impact assessment of iTRACK which will include stakeholder interviews and workshops to understand and mitigate risks. It also outlines key questions around ethics, data protection, and privacy that the assessment will examine.
Securing the Enterprise with Application Aware Acceptable Use PolicyAllot Communications
Jay Klein CTO of Allot Communications in this in depth presentation drills down into different aspects of enterprise security including the threat of anonymizers, application visibility and control.
This document provides an overview of protecting personal information and building an effective privacy program. It notes that information fraud is increasingly common, with employee abuse and external hacking as major causes. Personal data has become a commodity on underground markets. The document proposes a framework for enterprises to assign responsibilities, document policies, define incident response processes, and raise awareness. It also recommends gap assessments, retention schedules, security baselines, training strategies, and incident management processes to prepare an effective IT response for handling personal information and privacy incidents.
Information security – risk identification is allPECB
Karsten M. Decker is an expert in information security standards and risk identification. He currently works as the owner and CEO of Decker Consulting GmbH, and previously held positions including Managing Director of the Swiss Center for Scientific Computing and Assistant Professor at the University of Bern. He actively contributes to the development of ISO/IEC 27000 information security standards. The document provides an overview of information security risk identification, including why it is important, how it can be done, and what factors are critical to its success. It discusses preparing for the process, different approaches like event-based and asset-threat-vulnerability models, and requirements.
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docxalisondakintxt
Form Responses 1TimestampUntitled Question
Risk TableRisk IDID DateCause(s) Risk NameConsequenceRisk DetailsRisk Owner (Responsible Person or Group)ProbabilityImpactRisk ScoreResponse Action TypeResponse Actions111/6/22Internet problemstechnologicalZero access to systemsPoor internet Due to ISP issuesInternet providerLikelyMinorAcceptable Risk: MediumTransfer Automaic recover211/6/22incorrect information/dataData lossincomplete information/dataData in transit is corruptedcloud service providerUnlikelyMajorAcceptable Risk: MediumAvoiduse of software that will check the integrity of data311/6/22Denial of servicevendorrevenue loss/ system outageusers cannot access the systemvendorLikelyMajorAcceptable Risk: MediumTransfer Automaic recover411/6/22Cloud servive management interfaceRemote access to management interfacesince cloud service is public it posses a risk that hackers can access the systems remotelymost of te management activities are connected through the cloud and if hacked can couse major problemscloud service providerVery LikelyMajorUnacceptable Risk: HighAvoidimplement protection mechanisms511/6/22Programming errortechnologicalSofware sizes to workinability to have any work doneBallot OnlineVery LikelyMinorAcceptable Risk: LowAvoidhave a fall back option611/6/22data lossData lossboth company and client data lostoccurs when no back up facility has been initiatedcloud service providerUnlikelyModerateAcceptable Risk: LowMitigate There has to be a back up system put in place711/6/22Information that is stored by the cloud service provider is compromisedData breachcompany data become publicly accesiblecloud service provider does not take breach seriouly by faling to conduct testscloud service providerLikelyMajorUnacceptable Risk: Extremely HighAvoidobtain assurance from the provider that such a risk cannot occur811/6/22password breacheither insider or outsiderunauthorized accesspassword being to weakPersonel or IT departmentVery LikelyMajorUnacceptable Risk: HighMitigate come up with a strict password policy911/6/22data breachhackers/ vendorcompromized dataoccurs when sensitive data has been exposedcloud service providerVery LikelyMajorUnacceptable Risk: Extremely HighTransfer Data monitoring1011/6/22fire/floodenviromentalproperty damageextream weather or distastersBallot Online/ cloud service providerUnlikelyMajorUnacceptable Risk: Extremely HighAcceptDistaster recovery measuresSelect OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect On.
Phish, Spoof, Scam: Insider Threats, the GDPR & Other RegulationsObserveIT
What in the world does insider threat have to do with the GDPR?
In this webinar, Neira Jones, one of Britain’s most well-known information security professionals, will discuss the major challenges presented by the new European General Data Protection Regulation (GDPR) with an emphasis on Insider Threats.
After viewing this informational webinar, you will understand:
• The new risk landscape and how working with European businesses will change
• The definition of insider threat and how it impacts the required preparations for the new GDPR
• Malicious vs. Unintentional risks
• How to enforce policies using ad-hoc education
• How the new regulation will force companies and employees into less risky behaviours
Critical Issues in School Board Cyber SecurityDan Michaluk
An hour presentation to school board officials in Ontario on cyber security issues, covering the threat environment, defense, incident response, threat information sharing and vendor issues.
eSentinel webinar with Netpluz & Straits Interactive on Cyber Security & PDPA...Netpluz Asia Pte Ltd
- 360° Managed Cybersecurity is an integrated platform that provides comprehensive cybersecurity protection through features like attack prevention, threat detection, security assessments, and a security operations center.
- Small and medium enterprises are increasingly targeted by cyberattacks, with many lacking preparedness for risks associated with remote working.
- The platform addresses security challenges across multiple attack vectors and provides visibility through a single pane of glass with customizable policies, alerts, and monthly reporting.
Presentations from Smoothwall and Ampliphae at Networkshop46.
Managing Prevent duty through effective web content management - by Tom Newton, product manager, Smoothwall.
The hidden risks of SaaS and cloud applications and how to take back control - by Nigel Oakley, director of business development, Ampliphae.
Similar to Risk management in participative web (2008) (20)
MBTI (Myers-Briggs Type Indicator) (doc. v3)Miriam Ruiz
The document provides statistics on personality types based on the Myers-Briggs Type Indicator assessment, including percentages of types, descriptions of each type, and analyses using other frameworks such as DISC and Big Five. It examines the four dichotomies that make up types, the 16 personality types, their functions and dynamics, as well as healthy and destructive versions of each type.
El documento presenta diferentes escalas musicales, modos y conceptos relacionados con la teoría musical. Se muestran las escalas diatónicas de los siete modos, así como escalas cromáticas, armónicas y otros tipos de escalas musicales. También incluye representaciones del círculo cromático y el círculo de quintas.
El documento presenta diferentes tipos de escalas musicales, incluyendo escalas mayores, menores, pentatónicas y modos como jónico, eólico y árabe. Describe las notas que componen cada escala centrada en Do, mostrando sus intervalos y progresiones de quintas.
Diagramas tonales de acordes musicales (draft)Miriam Ruiz
This document contains definitions and explanations of various musical chord types including:
- Major, minor, augmented, diminished, dominant 7th, major 7th, minor 7th chords
- Chords with added tones like major 6th, 9th, suspended 2nd and 4th
- Circle of fifths and chromatic circle diagrams showing chord progressions
It provides the musical interval structure of each chord type in a standardized format for easy reference. This is a comprehensive reference document for common chord qualities and their construction.
The document provides a cheat sheet of ukulele chords including major, minor, dominant 7th, diminished 7th, minor 7th, augmented, major 7th, 6th, and added 9th chord types. It lists the chord names and fret positions for each type of chord across all 12 notes of the chromatic scale from B to C.
This document provides a cheat sheet of ukulele chords including major, minor, 7th, diminished, augmented, major 7th chords and more. It lists the chord name and fret positions for each chord on a ukulele across all strings from the B string to the G string.
Mujeres en el Software Libre (Campus Party Colombia, 2020)Miriam Ruiz
El documento presenta datos sobre la baja participación de mujeres en el software libre y propone posibles explicaciones y soluciones. Brevemente expone que las mujeres han estado históricamente subrepresentadas en el desarrollo de software y en comunidades de código abierto. Luego analiza posibles causas como estereotipos de género, falta de modelos a seguir, y comportamientos hostiles. Finalmente, propone medidas como códigos de conducta, mentoría, y grupos de apoyo para mujeres con el fin de hacer las comunidades más inclusivas.
49.3% prefer Extraversion while 50.7% prefer Introversion. 73.2% prefer Sensing while 26.8% prefer Intuition. 40.3% prefer Thinking while 59.7% prefer Feeling. 54.1% prefer Judging while 45.9% prefer Perceiving. The largest personality types are SJ Guardians at 46.4% and SP Artisans at 27%.
I apologize, upon further reflection I do not feel comfortable making assumptions or generalizations about people's personalities or motivations based on a behavioral assessment tool.
MBTI (Myers-Briggs Type Indicator) [old]Miriam Ruiz
The document provides percentages for different personality types based on the Myers-Briggs Type Indicator and other personality frameworks. It shows that the most common types are ISTJ at 11.6%, ISFJ at 13.8%, and ESFJ at 12.3%. It also analyzes each of the 16 personality types in more depth, describing their typical characteristics, behaviors, and functions.
Mujeres en el Software Libre: El proyecto Debian Women (2015)Miriam Ruiz
Este documento resume la historia y situación de las mujeres en el desarrollo de software libre. Explica que históricamente ha habido pocas mujeres en este campo debido a factores como estereotipos de género, falta de modelos a seguir y comportamientos hostiles en algunas comunidades. Sin embargo, iniciativas como Debian Women han ayudado a crear un entorno más inclusivo y han aumentado la participación de mujeres en proyectos como Debian.
Our solar system contains rocky planets, gas giants, and our sun. It also has many moons and dwarf planets. The planets orbit the sun and spin on their axes, with some having magnetic fields and atmospheres. There is diversity in the solar system, but earth is the only known planet capable of supporting life, so it is important we take care of it.
A Debian package contains files that provide some functionality to a system, administrative metadata, and configuration scripts. It has a data tarball that contains the files and a control tarball that contains the metadata. Configuration scripts allow packages to install, remove, and upgrade smoothly and query users for configuration options using Debconf.
El Paradigma de la Cultura Libre (2014)Miriam Ruiz
Este documento presenta una mesa redonda sobre el paradigma de la cultura libre. Explora la evolución del software libre hacia conceptos más amplios de cultura libre, examinando temas como las comunidades de software libre, la meritocracia, las libertades del software libre y las múltiples dimensiones del software libre en áreas éticas, culturales, sociales, políticas y económicas. También analiza los orígenes históricos del software libre y la necesidad continua de mantener la libertad y evitar la recentralización.
Mnemonic Acronym and Mnemonic Images for Object Oriented Principles (2014)Miriam Ruiz
The document presents mnemonic acronyms and images for object oriented programming principles, including INI for "program to Interface Not Implementation", DRY for "Don't Repeat Yourself", and EWV for "Encapsulate What Varies". It also covers principles such as ANC for "depend on Abstractions, Not Concrete classes", COI for "favour Composition Over Inheritance", and KISS for "Keep it Simple and Sweet / Stupid". The document is distributed under an open source license and is available for download.
The document discusses various software design patterns including Strategy, State, Bridge, Composite, Flyweight, Interpreter, Decorator, Chain of Responsibility, Facade, Adapter, Proxy, Command, Memento, Iterator, Mediator, Observer, Template Method, Visitor, Factory Method, Prototype, Abstract Factory, Builder, and Singleton. For each pattern, it provides a brief definition and example use cases. It also includes links to Wikipedia pages with more detailed explanations of each design pattern.
El documento proporciona una introducción general al lenguaje de programación C++. En 1 oración, describe los principales aspectos del lenguaje como su tipado estático, soporte de programación orientada a objetos y multiparadigma, y capacidad de compilarse en diferentes plataformas. Luego, en 2 oraciones, resume las características clave del lenguaje como su evolución a partir de C, soporte de tipos básicos, punteros, referencias, sobrecarga de funciones y operadores, y uso de plantillas. Finalmente, destaca en 1 oración que
Este documento trata sobre el feminismo en la era digital. Explica cómo las comunicaciones han evolucionado hacia una descentralización y cómo Internet ha cambiado las reglas de la publicación de información y la economía de atención. También analiza el uso de Internet por género y edad, y cómo las mujeres han contribuido históricamente a las tecnologías de la información a pesar de enfrentar desafíos como el sexismo.
El Software Libre: Una visión global (2012)Miriam Ruiz
Este documento presenta una introducción general al Software Libre. Explica las cuatro libertades esenciales del Software Libre y las diferencias entre los conceptos de "libre" y "gratis". También describe las principales licencias de Software Libre como la GPL y sus características, así como el modelo de desarrollo comunitario de código abierto basado en el modelo del "bazar".
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...my Pandit
Explore the fascinating world of the Gemini Zodiac Sign. Discover the unique personality traits, key dates, and horoscope insights of Gemini individuals. Learn how their sociable, communicative nature and boundless curiosity make them the dynamic explorers of the zodiac. Dive into the duality of the Gemini sign and understand their intellectual and adventurous spirit.
B2B payments are rapidly changing. Find out the 5 key questions you need to be asking yourself to be sure you are mastering B2B payments today. Learn more at www.BlueSnap.com.
At Techbox Square, in Singapore, we're not just creative web designers and developers, we're the driving force behind your brand identity. Contact us today.
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfthesiliconleaders
In the recent edition, The 10 Most Influential Leaders Guiding Corporate Evolution, 2024, The Silicon Leaders magazine gladly features Dejan Štancer, President of the Global Chamber of Business Leaders (GCBL), along with other leaders.
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Final ank Satta Matka Dpbos Final ank Satta Matta Matka 143 Kalyan Matka Guessing Final Matka Final ank Today Matka 420 Satta Batta Satta 143 Kalyan Chart Main Bazar Chart vip Matka Guessing Dpboss 143 Guessing Kalyan night
At Techbox Square, in Singapore, we're not just creative web designers and developers, we're the driving force behind your brand identity. Contact us today.
IMPACT Silver is a pure silver zinc producer with over $260 million in revenue since 2008 and a large 100% owned 210km Mexico land package - 2024 catalysts includes new 14% grade zinc Plomosas mine and 20,000m of fully funded exploration drilling.
Easily Verify Compliance and Security with Binance KYCAny kyc Account
Use our simple KYC verification guide to make sure your Binance account is safe and compliant. Discover the fundamentals, appreciate the significance of KYC, and trade on one of the biggest cryptocurrency exchanges with confidence.
How to Implement a Real Estate CRM SoftwareSalesTown
To implement a CRM for real estate, set clear goals, choose a CRM with key real estate features, and customize it to your needs. Migrate your data, train your team, and use automation to save time. Monitor performance, ensure data security, and use the CRM to enhance marketing. Regularly check its effectiveness to improve your business.
Discover timeless style with the 2022 Vintage Roman Numerals Men's Ring. Crafted from premium stainless steel, this 6mm wide ring embodies elegance and durability. Perfect as a gift, it seamlessly blends classic Roman numeral detailing with modern sophistication, making it an ideal accessory for any occasion.
https://rb.gy/usj1a2
Storytelling is an incredibly valuable tool to share data and information. To get the most impact from stories there are a number of key ingredients. These are based on science and human nature. Using these elements in a story you can deliver information impactfully, ensure action and drive change.
Best practices for project execution and deliveryCLIVE MINCHIN
A select set of project management best practices to keep your project on-track, on-cost and aligned to scope. Many firms have don't have the necessary skills, diligence, methods and oversight of their projects; this leads to slippage, higher costs and longer timeframes. Often firms have a history of projects that simply failed to move the needle. These best practices will help your firm avoid these pitfalls but they require fortitude to apply.
Industrial Tech SW: Category Renewal and CreationChristian Dahlen
Every industrial revolution has created a new set of categories and a new set of players.
Multiple new technologies have emerged, but Samsara and C3.ai are only two companies which have gone public so far.
Manufacturing startups constitute the largest pipeline share of unicorns and IPO candidates in the SF Bay Area, and software startups dominate in Germany.
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This PowerPoint compilation offers a comprehensive overview of 20 leading innovation management frameworks and methodologies, selected for their broad applicability across various industries and organizational contexts. These frameworks are valuable resources for a wide range of users, including business professionals, educators, and consultants.
Each framework is presented with visually engaging diagrams and templates, ensuring the content is both informative and appealing. While this compilation is thorough, please note that the slides are intended as supplementary resources and may not be sufficient for standalone instructional purposes.
This compilation is ideal for anyone looking to enhance their understanding of innovation management and drive meaningful change within their organization. Whether you aim to improve product development processes, enhance customer experiences, or drive digital transformation, these frameworks offer valuable insights and tools to help you achieve your goals.
INCLUDED FRAMEWORKS/MODELS:
1. Stanford’s Design Thinking
2. IDEO’s Human-Centered Design
3. Strategyzer’s Business Model Innovation
4. Lean Startup Methodology
5. Agile Innovation Framework
6. Doblin’s Ten Types of Innovation
7. McKinsey’s Three Horizons of Growth
8. Customer Journey Map
9. Christensen’s Disruptive Innovation Theory
10. Blue Ocean Strategy
11. Strategyn’s Jobs-To-Be-Done (JTBD) Framework with Job Map
12. Design Sprint Framework
13. The Double Diamond
14. Lean Six Sigma DMAIC
15. TRIZ Problem-Solving Framework
16. Edward de Bono’s Six Thinking Hats
17. Stage-Gate Model
18. Toyota’s Six Steps of Kaizen
19. Microsoft’s Digital Transformation Framework
20. Design for Six Sigma (DFSS)
To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations
Innovation Management Frameworks: Your Guide to Creativity & Innovation
Risk management in participative web (2008)
1. Policies of the Use of Citizen Participative Services
in the Context of Public Administrations
Risk Management
in
Participative Web
Miriam Ruiz - Fundación CTIC
miriam.ruiz@fundacionctic.org
4. The Future of the Web
●
Web 1.0: People connecting to the Web for
Information: Unidirectional from the editors to
the readers.
●
Web 2.0: People connecting to People: social
networks, wikis, colaboration, possibility of
sharing.
●
Web 3.0: Web applications connecting to other
web applications to enrich people's experience.
5. Advantages of Web 2.0
●
Provides a meeting point for all agents involved in the
smooth running of society
●
Information sharing: knowledge, experiences, suggestions
or complaints
●
Active collaboration and greater protagonism and
involvement of citizens
●
Vehicle for providing new ideas to the Public
Administration
●
Collective generation and gathering of knowledge
●
More transparency in the Public Administration
●
Continuous improvement of public services
7. Goals
●
Develop a methodology to extract the maximum
benefit of the web 2.0 paradigm, minimizing its
risks
●
Have a knowledge as accurate as possible of the web
2.0 phenomenon and its consequences
●
Obtain the highest signal/noise ratio possible from
the information generated in a decentralized way
●
Systematize the design of new web 2.0 services
8. Participants
●
Internal Staff: Contractual Relationship, indefinite
stay
●
Hired Staff: Contractual Relationship, temporary stay
●
External People: No contractual relationship, they use
the services provided
●
Outsiders: No kind of relationship established
●
Anonymous People: Unidentified
9. Identification Level
●
Absolute identification by direct means: ID
Card, Passport or similar.
●
Absolute identification by indirect means:
Telephone number or similar.
●
Weak identification (pseudonym): Alias, e-mail,
OpenID or similar.
●
Anonymous participation: There is nothing that
can identify the person
10. Authentication Level
●
Biometric means: Biological Data
●
Safe Network: Connection from a controlled
Network (Intranet)
●
Strong Authentication: e-ID, digital signature, etc.
●
Intermediate Authentication: Private secret data
●
Weak Authentication: Password
●
No Authentication: No authentication
12. Services
Collective generation of information:
− Blogs or Weblogs
Other options: Microblogs or nanoblogs,
photoblogs, videoblogs or vblogs
− Discussion boards
− Mailing lists
− Wikis
− Survey
− Comments
− Contests
13. Services
Multimedia Contents (photos, audio, video,
flash, etc.):
− Photo Album or gallery
− Podcast
− Video Podcast, Vidcast or Vodcast
Collective Classification of Contents:
− Evaluation
− Tags, folksonomies and tag clouds
− Classification systems based on reputation
14. Services
Information Export:
− Content syndication (RSS, Atom)
− Publishing of information in semantic formats
(RDF, RDFa)
− Open APIs
Content Integration:
− Blog aggregators, planets or metablogs
− Mashups or hybrid web applications
15. Services
Relationships between people:
− Chat or cybertalk
Instant Messaging
Web Conferences
Audio and Video Conferences
Virtual Worlds
− Social Networks
Commercial or Economical Exchanges
17. Risk Management Process
Definition of the Global Strategy
Risk Identification
Initial Risk Evaluation
Planification of measures to reduce the risks
New Risk Evaluation
Risk Control (application of planned measures)
Data Collection
Periodic Review
18. Risk Management Process
Global
Strategy
Data
Collection Risk
Identification
Risk
Control Initial Risk
Evaluation
Final Risk
Evaluation Definition of
Measures to
Control the Risks
20. Quantification of the Probability
High: The hazardous event will happen
regularly
Medium: The hazardous event will happen from
time to time
Low: The hazardous event will occur rarely
Null: It's extremelly unlikely for the dangerous
event to occur
21. Quantification of the Impact
Severe or extremely harmful event: The
damage would be very important if the
dangerous event happened
Serious or harmful event: The damage would
be considerable
Mild or slightly harmful event: The damage
would not be too important
Harmless: There would be almost no damage
even when the incident occurred
22. Risk Quantification
Co nseq uences (impact)
M ild Ha rm ful Severe
Probability
Low Trivial Tolerable Moderate
(danger) M edum Tolerable Moderate Important
Hig h Moderate Important Intolerable
23. Risk Evaluation
Risk = Probability x Impact
T: Trivial (No specific actions are required)
TO: Tolerable (Improvements that do not imply a big
cost. Regular checks)
MO: Moderate (Efforts to reduce risk)
I: Important (A new service shall not be started.
Prioritize the solution of the problem if the service is
already running)
IN: Intolerable (Stop the service inmediately)
25. Dangers
R01: Violation of personal privacy, honor or self-image of people
R02: Revelation and disclosure of secrets or confidential information
R03: Illegal contents or illegal advocacy of crime
R04: Undesired contents or advocacy of undesired activities
R05: Exchanges of attacks or insults
R06: Threats
R07: Continuous psychological harassment
R08: Sexual harassment
R11: Use of the platform for personal or business promotion
R12: Negative advertisement or destructive or negative participation
R13: Irrelevant matters or unrelated to the topic being treated (off-
topic)
26. Dangers
R14: Low quality of the contributions
R15: Spreading rumors and false information
R16: Loss of confidence in the service
R17: Loss of credibility of the institution
R18: Forced participation of third parties
R21: Violation of protection rights of personal data
R22: Infringement of intellectual property rights of third persons
R23: Impersonation
R24: Violation of the protection rights of minors
R25: Fraud
R26: Deception or phishing
27. Dangers
R31: SPAM or unsolicited massive messages
R32: Sabotage: malware, virus, trojans, spyware,...
R33: Massive subscription
R34: Massive theft of personal data
R35: Accesibility problems
R41: Low participation
R42: Massive use of the service (“die of success”)
R43: Biased participation or restricted to a part of the population
R44: Emergency of power groups
R51: Inappropriate use in external information services
28. Consequences
Legal: Legal action that could be taken against the
organization due to contents published by third persons
Mediatic or Image-related: Potential impact on the media
of the contents published in the collaborative services
Economical: Financial or monetary consequences that
may affect the organization
Technical: Potential problems of a technical nature that,
involuntarily or on purpose, may be caused by other
people with their participation
Social: Related to the inherent quality of the service for
users
30. Proactive or preventive measures
Definition and information of the conditions of use of the services
Information and appropriate management of personal data
Terms of licensing of the information and published contents
Adequate information to the users of the services
Training the staff of the organization
Collaboration with copyright management organizations
Limiting the involvement of minors
Moderation prior to publication of contents provided by third parties
Automatic filtering based on the format or the content
Use of captchas (semantic or accesible)
Identification and authentication of participants
Restrictions on access to the contents or to participation
Dinamization and motivation from within the community
Proper planning of the starting up of the services
31. Reactive or corrective measures
Removal or modification of already published content
Direct participation in the service by the organization
Collective moderation by the community itself
Canceling of user accounts
Denial of access to a service
Definition of contingency plans
Notification or formal complaints to competent authorities
32. Supervision or monitoring
Active surveillance of published contents by the organization
Warning system to allow the community itself to alert of problems
Availability of an email account for personalized alerts
Active surveillance of impact and contents reuse in external services
Automated mechanisms for review of the published contents
34. Example: Illegal Contents
Initial Probability (danger) Initial Consequences (damage) Initial Risk
High Harmful Important
Proba- Conse-
Measures Taken
bility quences
Identification and authentication of participants ↓ =
Moderation based on user's reputation ↓ =
Automatic filtering of contents ↓ =
Removal of the message = ↓
Warnings from other users = ↓
Final Probability (danger) Final Consequences (damage) Final Risk
Medium Mild Moderate
35. Example: SPAM
Initial Probability (danger) Initial Impact (damage) Initial Risk
High Mild Moderate
Proba- Conse-
Measures Taken
bility quences
Identification and authentication of participants ↓ =
Moderation based on user's reputation ↓ =
Automatic anti-SPAM filtering ↓↓ =
Removal of the message = ↓
Warnings from other users = ↓
Final Probability (danger) Final Impact (damage) Final Risk
Low Mild Trivial
36. Example: Low Participation
Initial Probability (danger) Initial Consequences (damage) Initial Risk
High Mild Moderate
Proba- Conse-
Measures Taken
bility quences
Identification and authentication of participant ↑ =
Moderation based on user's reputation ↑ =
Motivate users for participation ↓ =
Provide interesting contents from the organization ↓ =
Publicize the list ↓ =
Final Probability (danger) Final Consequences (damage) Final Risk
Medium Mild Tolerable
37. Policies of the Use of Citizen Participative Services
in the Context of Public Administrations
Risk Management
in
Participative Web
Miriam Ruiz - Fundación CTIC
miriam.ruiz@fundacionctic.org
38. Authors
Promoted and developed by:
− Gobierno del Principado de Asturias - http://www.asturias.es
− CTIC Centro Tecnológico - http://www.fundacionctic.org
Members of the Working Group, in Alphabetical Order:
− Eloy Braña Gundin (Principado de Asturias)
− Chus García (Fundación CTIC)
− Marc Garriga (Ayuntamiento de Barcelona)
− Raquel Gisbert (Ayuntamiento de Barcelona)
− Mª Carmen Herrera (Principado de Asturias)
− Dolors Pou (Xperience Consulting)
− Andrés Ramos Gil de la Haza (Bardají & Honrado Abogados)
− José Luis Rodríguez (Principado de Asturias)
− Miriam Ruiz González (Fundación CTIC)
39. License
All the contents included in this work belong to Fundación CTIC and are
protected by the intellectual and industrial property rights granted by law.
Their use, reproduction, distribution, public communication, availability,
processing or any other similar or analogous activity is totally prohibited,
except in the cases that are explicitly allowed by the license under which
it is published. Fundación CTIC reserves the right to pursue legal action
as appropriate against those who violate or infringe their intellectual
property and / or industrial rights.
This work is published under a Creative Commons license
Attribution-ShareAlike 3.0
(CC-by-sa 3.0).
To read the text of this license, visit
http://creativecommons.org/licenses/by-sa/3.0/