User:Tule-hog/Risk diaries

There should be a WikiProject Risk Management - the articles are scattered and of highly varying quality, lacking definitional and structural cohesion. Perhaps it could be a subproject of a wider WikiProject Security (might help with CompSec scope creep).

It should be concerned with business/enterprise/institutional/organizational risk management, as opposed to the (already defined via WikiProject Disaster Management) more societal/governmental emergency management (sometimes called disaster management, however there is the confusing terminology of BCDR which uses 'disaster' to specifically distinguish IT assets) - although there is plenty of overlap.

=How to start?=

Back to basics, similar to Risk Management.

According to ISO 31000, "the purpose of risk management is the creation and protection of value."
 * Compare with business operations, "the harvesting of value from assets owned by a business." With this it would seem even business operations are subsumed by a properly scoped risk management framework.

=Further= Perhaps seeing all the content next to each other will help - obviously a WikiProject would do this with tags.

Amassing
(serious scope creep from too much CompSec)

Articles

 * Risk
 * Risk assessment
 * Outline of risk management
 * Threat
 * Threat actor
 * Threat assessment
 * Cyber attack
 * Cyberwarfare
 * Cybercrime
 * Cyber kill chain
 * Cyberterrorism
 * Cyber threat hunting
 * Cyber threat intelligence
 * Vulnerability
 * Vulnerability assessment
 * Exploit
 * Failure
 * Incident
 * Security
 * Outline of computer security
 * Security control
 * Access control
 * Access control list
 * Discretionary access control
 * Mandatory access control
 * Role-based access control
 * Policy-based access control
 * Lattice-based access control
 * Context-based access control
 * Relationship-based access control
 * Organisation-based access control
 * Security policy
 * Acceptable use policy
 * Access policy
 * Computer security policy
 * Security level
 * Security software
 * Cyber security regulation
 * IT security
 * Data security
 * Security convergence
 * Physical security
 * Information security
 * Information security indicators
 * Information security policy (doesn't link anywhere meaningful)
 * Information security standards
 * Intelligence
 * Business intelligence
 * Mitigation
 * Enterprise
 * Enterprise information security architecture
 * Enterprise resource planning
 * Business
 * Outline of business
 * BCDR, which references BCP and DR
 * Business impact analysis
 * Business process
 * Business operations
 * Change control
 * Continuous monitoring
 * Information architecture
 * Enterprise architecture
 * Information design
 * Governance framework
 * Risk management framework (links to the NIST framework, should be made a general article)
 * Computer security model
 * Backup
 * Critical systems
 * Mission critical
 * Dependability
 * Downtime
 * Mean time between failure (feels like mean-time articles need collecting)
 * Mean time to repair
 * Mean time to first failure
 * Mean down time
 * Failing badly
 * Indicator of compromise
 * Authentication
 * Risk-based authentication
 * Multi-factor authentication
 * Validation and verification
 * Proactive cyber defense
 * Computer emergency response team
 * Lateral movement (cybersecurity)
 * Data architecture
 * Decision support system
 * Content management system
 * System integration
 * CIA triad
 * Separation of mechanism and policy
 * Separation of protection and security
 * Protection mechanisms
 * Enforcement
 * Computer standards
 * Security standards
 * Security standards

Theories

 * Management science
 * Decision theory

Practices

 * Management
 * Risk management
 * Enterprise risk management
 * Asset management
 * IT asset management
 * Digital asset management
 * Content management
 * Enterprise content management
 * Document management
 * Data management (great topics section)
 * Knowledge management
 * Ignorance management
 * Information management
 * Enterprise information management
 * IT management
 * Vulnerability management
 * Threat management
 * Strategic management
 * Security management
 * Information security management
 * Security information and event management
 * Security information management
 * Security event management
 * Security level management
 * Change management
 * Change management (engineering)
 * Change management (ITSM) (looks to have been gutted via vandalism, fix this)
 * Decision management
 * Incident management (Incident response redirects here, but could be an article or at least section)
 * Computer security incident management
 * Incident management (ITSM) (looks to have been gutted via vandalism, fix this)
 * Problem management (looks to have been gutted via vandalism, fix this)
 * Human resources management
 * Records management
 * Administration
 * Business administration
 * System administration
 * Database administration
 * Governance
 * Business governance (article poorly distinguishes between Corporation and Business)
 * Risk governance
 * Data governance
 * Information governance
 * IT governance
 * Internet governance
 * Website governance
 * Project governance
 * Security governance
 * Engineering
 * Reliability engineering
 * Privacy engineering
 * Security engineering
 * Knowledge engineering
 * Content engineering
 * Operations, administration, and management
 * Governance, risk management, and compliance

Categories

 * Category:Risk management
 * Category:IT risk management
 * Category:Risk management in business
 * Category:Business
 * Category:Business process
 * Category:Business terms
 * Category:Indexes of business topics
 * Category:Business computing
 * Category:Computer security
 * Category:Computer access control
 * Category:Computer security models
 * Category:Computer security procedures
 * Category:Computer standards
 * Category:Management
 * Category:Business management
 * Category:Capital management

=References=