[Foundation-l] Risks

GerardM gerard.meijssen at gmail.com
Thu Apr 19 14:14:22 UTC 2007

http://en.wikipedia.org/wiki/Wikipedia:Error_management is a nice essay. It
addresses different things entirely from the ones that I describe. What I
have written about is on an organisation level where your essay writes about
things on a project ie Wikipedia level.

Yes I have read the essay. How is it relevant in the context of the original
post ?


On 4/19/07, Fred Bauder <fredbaud at waterwiki.info> wrote:
> Only a partial answer, many other aspects are in operation, but please
> consider thinking about
> Wikipedia:Error management
> Fred
> >-----Original Message-----
> >From: Gerard Meijssen [mailto:gerard.meijssen at gmail.com]
> >Sent: Thursday, April 19, 2007 01:46 AM
> >To: 'Wikimedia Foundation Mailing List'
> >Subject: [Foundation-l] Risks
> >
> >Hoi,
> >Risk management is an activity that has a forerunner. This is risk
> >analysis. From everything I understand from what is happening, the
> >situation in the management and operations of the WMF is fluid. Many
> >aspects of risk aversion are hard or impossible to do because they are
> >like shooting at a moving target. When you engage in risk management, it
> >is like many other aspects of security; something you have to integrate
> >it into your organisational operations to do it well. Risk assessment
> >and analysis should be part of the implementation of and the changes to
> >procedures.
> >
> >The question: "Who is willing to take responsibility?" is imho not
> >necessarily valid at this time. Risk management is an essential part of
> >the whole management and operations set up and consequently the
> >responsibility  remains with every manager for the security issues in
> >his domain. When you have a security officer in your organisation, in
> >essence all he can do is coordinate and integrate the efforts in all
> >domains and coordinate and monitor how well relevant issues are handled.
> >As security is often seen as key to the health of the organisation, the
> >security officer is necessarily a senior manager in an organisation. It
> >is important to note that many of the tasks that need to be done in the
> >WMF are not filled in. This is a consequence of the seriously
> >underfunded and understaffed organisation that is the WMF. The question
> >is, is it more important to get the base work done or is having someone
> >tasked for security the priority. This is a management question and
> >decision.
> >
> >When an organisation takes security serious, the risk factors are taken
> >serious. This already happens. Brion has stated repeatedly that the
> >quality of the back-ups has a high priority for him. He has reported
> >repeatedly on improvements made in order to improve its quality. David
> >Gerard has raised the quality of back-ups as an issue, Jeff Merkey
> >indicated his ability and effort in order to ensure that an off-site
> >back-up exists. All this happens against this background of continually
> >improving WMF functionality. Clearly risks in this domain are managed
> >though not necessarily covered perfectly.
> >
> >When it comes to financial risks, the WMF will only get grants, funding
> >from other parties when it is able and willing to go into a dialogue
> >with organisations and people that indicate they are willing to
> >contribute / cooperate / collaborate with our organisation. This means
> >that our organisation has to be willing to go into a dialogue. It starts
> >with a willingness to listen. There are indications that this is
> improving.
> >
> >Given the relevance of the Wikimedia Foundation, there are many
> >organisations that are really keen to work together with us. Many of
> >these organisations have a wealth of data and money that they are
> >investing in activities that are complementary to what we do. By
> >collaborating, there is the potential that much of these resources will
> >be directed to Free information and resources. It may mean that things
> >do not happen in our projects. Our aim is to bring information to the
> >world, we serve our aim when we make this happen. For Free information
> >the one thing that really matters is that these resources are relevant
> >and easy to reach. Organisations want to collaborate with the WMF
> >because increased traffic for the information they care for is often
> >what they want to get out of such a collaboration. The opportunities are
> >there, one risk is that we are not able or willing to reach out, another
> >is that our community is too inward focused and consequently not willing
> >or able to collaborate.
> >
> >To me security and risk management are really important. The work done
> >that is in front of us needs to get done. Anthere indicated that issues
> >identified by the board have to be solved within specified time frames
> >by the executive. This is only feasible when the means to do this exist.
> >When the penalty for not finishing in time has the potential of
> >dismissal, it means that the risks become personal as well as
> >organisational. The consequence will be that day to day issues will
> >suffer and this will bring its own risks.
> >
> >Thanks,
> >    GerardM
> >
> >_______________________________________________
> >foundation-l mailing list
> >foundation-l at lists.wikimedia.org
> >http://lists.wikimedia.org/mailman/listinfo/foundation-l
> >
> _______________________________________________
> foundation-l mailing list
> foundation-l at lists.wikimedia.org
> http://lists.wikimedia.org/mailman/listinfo/foundation-l

More information about the foundation-l mailing list