Refine RISK taxonomy into a single consistent hierarchy #181
Comments
|
Discussed with Rob Brennan, Delaram, and Julio who were involved in creating the risk assessment concepts. Conclusion: we have |
coolharsh55
added a commit
that referenced
this issue
Aug 16, 2024
- In RISK extension, the taxonomy has been restructured as per the discussion in #181 where there is a single taxonomy under `dpv:RiskConcept` as the top concept - The concept `dpv:RiskConcept` has been added to DPV, and the other corresponding risk concepts have been declared as its subclass - The consequences and impacts taxonomy has been restructured and grouped into more 'organic' categories rather than arbitrary ones - Cosmetic changes to RISK include a new empty incident report section to be filled in the future, and a better visual representation of the risk matrixes in a table
coolharsh55
added a commit
that referenced
this issue
Aug 17, 2024
- In RISK extension, the taxonomy has been restructured as per the discussion in #181 where there is a single taxonomy under `dpv:RiskConcept` as the top concept - The concept `dpv:RiskConcept` has been added to DPV, and the other corresponding risk concepts have been declared as its subclass - The consequences and impacts taxonomy has been restructured and grouped into more 'organic' categories rather than arbitrary ones - Cosmetic changes to RISK include a new empty incident report section to be filled in the future, and a better visual representation of the risk matrixes in a table
coolharsh55
added a commit
that referenced
this issue
Aug 19, 2024
- RiskConcepts under ExternalSecurityThreat and OperationalSecurityRisk have been reorganised under the Confidentiality, Integrity, Availability (CIA) InfoSec triad - see #181 for discussion
|
Rob suggested we have the CIA triad from InfoSec in there somewhere as it will help security folks find the right concept. I have re-organised the risk sources / threats concepts under CIA and kept the other groups regarding impact. See live at: https://dev.dpvcg.org/2.1-dev/risk/ |
coolharsh55
added a commit
that referenced
this issue
Oct 1, 2024
- creates a new structuring/organisation of RISK taxonomy related to risk sources, risks, consequences, and impacts where each concept can take on different roles depending on the use-case - to express this, each concept is created as an instance of new concepts e.g. `PotentialRiskSource` or `PotentialImpact` - the concepts are now provided in a module `risk_taxonomy` instead of `risk_consequences` (which has been deleted) - the HTML documentation provides new sections for each of the `Potential...` concept along with an overview table for roles - the HTML documentation does NOT provide description of the new model or examples, this is TODO - this work is with thanks to discussions with @DelaramGlp and Rob Brennan - #182 added bias concepts - #185 removed risk:Fee as it has been added to DPV as dpv:FeeRequirement - #190 added discrimination concepts - #184 added rights impact concepts in RISK
coolharsh55
added a commit
that referenced
this issue
Oct 21, 2024
- in RISK, the taxonomy concepts are additionally structured by technical, organisational, legal, and societal - in RISK, the taxonomy concepts have a base as potential risk source, potential risk, potential consequence, or potential impact - in RISK HTML, there is a table showing each concept and the role it can take - there are stubs in the HTML where description and examples are to be added - relevant issue is #181
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Specs
RISK
New Concept(s)
Refine the RISK taxonomy of concepts to create a single hierarchy of 'events' which the adopter then chooses with a role: risk, consequence, impact, or risk source.
Changed Concept(s)
No response
The text was updated successfully, but these errors were encountered: