Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refine RISK taxonomy into a single consistent hierarchy #181

Open
coolharsh55 opened this issue Aug 14, 2024 · 2 comments
Open

Refine RISK taxonomy into a single consistent hierarchy #181

coolharsh55 opened this issue Aug 14, 2024 · 2 comments
Milestone

Comments

@coolharsh55
Copy link
Collaborator

Specs

RISK

New Concept(s)

Refine the RISK taxonomy of concepts to create a single hierarchy of 'events' which the adopter then chooses with a role: risk, consequence, impact, or risk source.

Changed Concept(s)

No response

@coolharsh55
Copy link
Collaborator Author

Discussed with Rob Brennan, Delaram, and Julio who were involved in creating the risk assessment concepts. Conclusion: we have RiskConcept as the parent concept and then organise the hierarchy under it.

coolharsh55 added a commit that referenced this issue Aug 16, 2024
- In RISK extension, the taxonomy has been restructured as per the
  discussion in #181 where there is a single taxonomy under
  `dpv:RiskConcept` as the top concept
- The concept `dpv:RiskConcept` has been added to DPV, and the other
  corresponding risk concepts have been declared as its subclass
- The consequences and impacts taxonomy has been restructured and
  grouped into more 'organic' categories rather than arbitrary ones
- Cosmetic changes to RISK include a new empty incident report section
  to be filled in the future, and a better visual representation of the
  risk matrixes in a table
coolharsh55 added a commit that referenced this issue Aug 17, 2024
- In RISK extension, the taxonomy has been restructured as per the
  discussion in #181 where there is a single taxonomy under
  `dpv:RiskConcept` as the top concept
- The concept `dpv:RiskConcept` has been added to DPV, and the other
  corresponding risk concepts have been declared as its subclass
- The consequences and impacts taxonomy has been restructured and
  grouped into more 'organic' categories rather than arbitrary ones
- Cosmetic changes to RISK include a new empty incident report section
  to be filled in the future, and a better visual representation of the
  risk matrixes in a table
coolharsh55 added a commit that referenced this issue Aug 19, 2024
- RiskConcepts under ExternalSecurityThreat and OperationalSecurityRisk
  have been reorganised under the Confidentiality, Integrity,
  Availability (CIA) InfoSec triad
- see #181 for discussion
@coolharsh55
Copy link
Collaborator Author

Rob suggested we have the CIA triad from InfoSec in there somewhere as it will help security folks find the right concept. I have re-organised the risk sources / threats concepts under CIA and kept the other groups regarding impact. See live at: https://dev.dpvcg.org/2.1-dev/risk/

@coolharsh55 coolharsh55 moved this to In progress in dpv 2.1 planning Sep 18, 2024
coolharsh55 added a commit that referenced this issue Oct 1, 2024
- creates a new structuring/organisation of RISK taxonomy related to
  risk sources, risks, consequences, and impacts where each concept can
  take on different roles depending on the use-case
- to express this, each concept is created as an instance of new
  concepts e.g. `PotentialRiskSource` or `PotentialImpact`
- the concepts are now provided in a module `risk_taxonomy` instead of
  `risk_consequences` (which has been deleted)
- the HTML documentation provides new sections for each of the
  `Potential...` concept along with an overview table for roles
- the HTML documentation does NOT provide description of the new model
  or examples, this is TODO
- this work is with thanks to discussions with @DelaramGlp and Rob
  Brennan
- #182 added bias concepts
- #185 removed risk:Fee as it has been added to DPV as dpv:FeeRequirement
- #190 added discrimination concepts
- #184 added rights impact concepts in RISK
coolharsh55 added a commit that referenced this issue Oct 21, 2024
- in RISK, the taxonomy concepts are additionally structured by
  technical, organisational, legal, and societal
- in RISK, the taxonomy concepts have a base as potential risk source,
  potential risk, potential consequence, or potential impact
- in RISK HTML, there is a table showing each concept and the role it
  can take
- there are stubs in the HTML where description and examples are to be
  added
- relevant issue is #181
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant