[Foundation-l] Risks
Fred Bauder
fredbaud at waterwiki.info
Thu Apr 19 12:14:11 UTC 2007
Only a partial answer, many other aspects are in operation, but please consider thinking about
Wikipedia:Error management
Fred
>-----Original Message-----
>From: Gerard Meijssen [mailto:gerard.meijssen at gmail.com]
>Sent: Thursday, April 19, 2007 01:46 AM
>To: 'Wikimedia Foundation Mailing List'
>Subject: [Foundation-l] Risks
>
>Hoi,
>Risk management is an activity that has a forerunner. This is risk
>analysis. From everything I understand from what is happening, the
>situation in the management and operations of the WMF is fluid. Many
>aspects of risk aversion are hard or impossible to do because they are
>like shooting at a moving target. When you engage in risk management, it
>is like many other aspects of security; something you have to integrate
>it into your organisational operations to do it well. Risk assessment
>and analysis should be part of the implementation of and the changes to
>procedures.
>
>The question: "Who is willing to take responsibility?" is imho not
>necessarily valid at this time. Risk management is an essential part of
>the whole management and operations set up and consequently the
>responsibility remains with every manager for the security issues in
>his domain. When you have a security officer in your organisation, in
>essence all he can do is coordinate and integrate the efforts in all
>domains and coordinate and monitor how well relevant issues are handled.
>As security is often seen as key to the health of the organisation, the
>security officer is necessarily a senior manager in an organisation. It
>is important to note that many of the tasks that need to be done in the
>WMF are not filled in. This is a consequence of the seriously
>underfunded and understaffed organisation that is the WMF. The question
>is, is it more important to get the base work done or is having someone
>tasked for security the priority. This is a management question and
>decision.
>
>When an organisation takes security serious, the risk factors are taken
>serious. This already happens. Brion has stated repeatedly that the
>quality of the back-ups has a high priority for him. He has reported
>repeatedly on improvements made in order to improve its quality. David
>Gerard has raised the quality of back-ups as an issue, Jeff Merkey
>indicated his ability and effort in order to ensure that an off-site
>back-up exists. All this happens against this background of continually
>improving WMF functionality. Clearly risks in this domain are managed
>though not necessarily covered perfectly.
>
>When it comes to financial risks, the WMF will only get grants, funding
>from other parties when it is able and willing to go into a dialogue
>with organisations and people that indicate they are willing to
>contribute / cooperate / collaborate with our organisation. This means
>that our organisation has to be willing to go into a dialogue. It starts
>with a willingness to listen. There are indications that this is improving.
>
>Given the relevance of the Wikimedia Foundation, there are many
>organisations that are really keen to work together with us. Many of
>these organisations have a wealth of data and money that they are
>investing in activities that are complementary to what we do. By
>collaborating, there is the potential that much of these resources will
>be directed to Free information and resources. It may mean that things
>do not happen in our projects. Our aim is to bring information to the
>world, we serve our aim when we make this happen. For Free information
>the one thing that really matters is that these resources are relevant
>and easy to reach. Organisations want to collaborate with the WMF
>because increased traffic for the information they care for is often
>what they want to get out of such a collaboration. The opportunities are
>there, one risk is that we are not able or willing to reach out, another
>is that our community is too inward focused and consequently not willing
>or able to collaborate.
>
>To me security and risk management are really important. The work done
>that is in front of us needs to get done. Anthere indicated that issues
>identified by the board have to be solved within specified time frames
>by the executive. This is only feasible when the means to do this exist.
>When the penalty for not finishing in time has the potential of
>dismissal, it means that the risks become personal as well as
>organisational. The consequence will be that day to day issues will
>suffer and this will bring its own risks.
>
>Thanks,
> GerardM
>
>_______________________________________________
>foundation-l mailing list
>foundation-l at lists.wikimedia.org
>http://lists.wikimedia.org/mailman/listinfo/foundation-l
>
More information about the foundation-l
mailing list