There should be a WikiProject Risk Management - the articles are scattered and of highly varying quality, lacking definitional and structural cohesion. Perhaps it could be a subproject of a wider WikiProject Security (might help with CompSec scope creep). Should be made useful somehow to WikiProject Risk.

It should be concerned with business/enterprise/institutional/organizational risk management, as opposed to the (already defined via WikiProject Disaster Management) more societal/governmental emergency management (sometimes called disaster management, however there is the confusing terminology of BCDR which uses 'disaster' to specifically distinguish IT assets) - although there is plenty of overlap.

How to start?

Back to basics, similar to Wikiversity:Risk Management.

According to ISO 31000, "the purpose of risk management is the creation and protection of value."^[1]

Compare with business operations, "the harvesting of value from assets owned by a business." With this it would seem even business operations are subsumed by a properly scoped risk management framework.

Further

Perhaps seeing all the content next to each other will help - obviously a WikiProject would do this with tags.

Amassing

(serious scope creep from too much CompSec)

Articles

Risk
- Risk assessment
- Outline of risk management
- Risk appetite
- Risk register
Threat
- Threat actor
- Threat assessment
- Cyber attack
Vulnerability
- Vulnerability assessment
Exploit
Failure
- Failure mode and effects analysis
  - Failure mode, effects, and criticality analysis
Incident
Security
- Outline of computer security
- Security control
  - Access control
- Security policy
- Security level
- Security software
- Cyber security regulation
- IT security
- Data security
- Security convergence
- Physical security
- Information security
  - Information security indicators
  - Information security policy (doesn't link anywhere meaningful)
  - Information security standards
- Security orchestration
Intelligence
- Business intelligence
Mitigation
Enterprise
- Enterprise information security architecture
- Enterprise resource planning
Business
- Outline of business
- BCDR, which references BCP and DR
- Business impact analysis
- Business process
- Business operations
Change control
Continuous monitoring
Information architecture
Enterprise architecture
Information design
Governance framework
Risk management framework (links to the NIST framework, should be made a general article)
Computer security model
Backup
Critical systems
Mission critical
Dependability
Downtime
- Mean time between failure (feels like mean-time articles need collecting)
- Mean time to repair
- Mean time to first failure
- Mean down time
Failing badly
Indicator of compromise
Authentication
- Risk-based authentication
- Multi-factor authentication
Validation and verification
Proactive cyber defense
Computer emergency response team
Lateral movement (cybersecurity)
Data architecture
Decision support system
Content management system
System integration
CIA triad
Separation of mechanism and policy
- Separation of protection and security
Protection mechanisms
Enforcement
Computer standards
Security standards

Theories

Practices

Management
- Risk management
  - Enterprise risk management
- Asset management
  - IT asset management
  - Digital asset management
- Content management
  - Enterprise content management
- Document management
- Data management (great topics section)
- Knowledge management
- Ignorance management
- Information management
  - Enterprise information management
- IT management
- Vulnerability management
- Threat management
- Strategic management
- Security management
  - Information security management
  - Security information and event management
    - Security information management
    - Security event management
  - Security level management
- Change management
  - Change management (engineering)
  - Change management (ITSM) (looks to have been gutted via vandalism, fix this)
- Decision management
- Incident management (Incident response redirects here, but could be an article or at least section)
  - Computer security incident management
  - Incident management (ITSM) (looks to have been gutted via vandalism, fix this)
- Identity management
  - Customer identity and access management
- Problem management (looks to have been gutted via vandalism, fix this)
- Human resources management
- Records management
Administration
Governance
- Business governance (article poorly distinguishes between Corporation and Business)
- Risk governance
- Data governance
- Information governance
- IT governance
- Internet governance
- Website governance
- Project governance
- Security governance
Engineering
Forensics
- Digital forensics
  - Cyber forensics
Operations, administration, and management
Governance, risk management, and compliance

References

^ "4 Principles". ISO 31000:2018 — Risk management — Guidelines. Feb 2018.

[1] "4 Principles". ISO 31000:2018 — Risk management — Guidelines. Feb 2018.

[1]

User:Tule-hog/Risk diaries

Contents