Add Risk Management concepts from ISO 31000 series

w3c / dpv

Data Privacy Vocabularies and Controls CG (DPVCG)

https://w3id.org/dpv

Other

45 stars 27 forks source link

Add Risk Management concepts from ISO 31000 series #74

Open coolharsh55 opened 2 years ago

coolharsh55 commented 2 years ago

The DPV-Risk extension https://w3id.org/dpv/risk lists risk assessments, consequences, impacts, methodologies, matrices, etc. But does not refer to other concepts in risk management (criterias, governance, sources, threats, evaluation, etc.) These should be added.

RiskManagement
RiskAssessment
RiskIdentification
RiskAnalysis
RiskEvaluation
RiskAcceptance
ThreatIdentification
ThreatEvaluation
RiskMitigation
RiskControlAssessment
RiskTreatment
RiskPerception
RiskCriteria
Risk Source
RiskThreat
RiskOwner

coolharsh55 commented 1 year ago

Update from today's meeting https://www.w3.org/2022/12/14-dpvcg-minutes.html where we agreed to provide these concepts in the risk extension.

ghurlbot commented 1 year ago

Comment by @coolharsh55 via IRC channel #dpvcg on irc.w3.org:

discussing what concepts should be present to represent causes of risks, and whether to have 1 cause or 2 causes (cause of cause) ; require examples to see these in action and to discuss further.

ghurlbot commented 1 year ago

Comment by @coolharsh55 via IRC channel #dpvcg on irc.w3.org

the risk assessment concepts in #104 are likely to be accepted - this work should be modified to build on them.

coolharsh55 commented 1 week ago

We have added the following in v2.1:

RiskManagement
RiskAssessment
RiskAnalysis

The following are proposed to be discussed for v2.2:

RiskIdentification
RiskEvaluation
RiskAcceptance
RiskTreatment
RiskPerception
RiskCriteria
RiskOwner