[Foundation-l] Risks

Fred Bauder fredbaud at waterwiki.info
Thu Apr 19 15:23:15 UTC 2007

Effective error management is part of an effective risk management strategy. Appropriate handling of errors and the public relations problems they present reduces risk of litigation. It was not my intention to steal your thunder though. Just to point at a neglected area.


>-----Original Message-----
>From: GerardM [mailto:gerard.meijssen at gmail.com]
>Sent: Thursday, April 19, 2007 08:14 AM
>To: fredbaud at waterwiki.info, 'Wikimedia Foundation Mailing List'
>Subject: Re: [Foundation-l] Risks
>http://en.wikipedia.org/wiki/Wikipedia:Error_management is a nice essay. It
>addresses different things entirely from the ones that I describe. What I
>have written about is on an organisation level where your essay writes about
>things on a project ie Wikipedia level.
>Yes I have read the essay. How is it relevant in the context of the original
>post ?
>    GerardM
>On 4/19/07, Fred Bauder <fredbaud at waterwiki.info> wrote:
>> Only a partial answer, many other aspects are in operation, but please
>> consider thinking about
>> Wikipedia:Error management
>> Fred
>> >-----Original Message-----
>> >From: Gerard Meijssen [mailto:gerard.meijssen at gmail.com]
>> >Sent: Thursday, April 19, 2007 01:46 AM
>> >To: 'Wikimedia Foundation Mailing List'
>> >Subject: [Foundation-l] Risks
>> >
>> >Hoi,
>> >Risk management is an activity that has a forerunner. This is risk
>> >analysis. From everything I understand from what is happening, the
>> >situation in the management and operations of the WMF is fluid. Many
>> >aspects of risk aversion are hard or impossible to do because they are
>> >like shooting at a moving target. When you engage in risk management, it
>> >is like many other aspects of security; something you have to integrate
>> >it into your organisational operations to do it well. Risk assessment
>> >and analysis should be part of the implementation of and the changes to
>> >procedures.
>> >
>> >The question: "Who is willing to take responsibility?" is imho not
>> >necessarily valid at this time. Risk management is an essential part of
>> >the whole management and operations set up and consequently the
>> >responsibility  remains with every manager for the security issues in
>> >his domain. When you have a security officer in your organisation, in
>> >essence all he can do is coordinate and integrate the efforts in all
>> >domains and coordinate and monitor how well relevant issues are handled.
>> >As security is often seen as key to the health of the organisation, the
>> >security officer is necessarily a senior manager in an organisation. It
>> >is important to note that many of the tasks that need to be done in the
>> >WMF are not filled in. This is a consequence of the seriously
>> >underfunded and understaffed organisation that is the WMF. The question
>> >is, is it more important to get the base work done or is having someone
>> >tasked for security the priority. This is a management question and
>> >decision.
>> >
>> >When an organisation takes security serious, the risk factors are taken
>> >serious. This already happens. Brion has stated repeatedly that the
>> >quality of the back-ups has a high priority for him. He has reported
>> >repeatedly on improvements made in order to improve its quality. David
>> >Gerard has raised the quality of back-ups as an issue, Jeff Merkey
>> >indicated his ability and effort in order to ensure that an off-site
>> >back-up exists. All this happens against this background of continually
>> >improving WMF functionality. Clearly risks in this domain are managed
>> >though not necessarily covered perfectly.
>> >
>> >When it comes to financial risks, the WMF will only get grants, funding
>> >from other parties when it is able and willing to go into a dialogue
>> >with organisations and people that indicate they are willing to
>> >contribute / cooperate / collaborate with our organisation. This means
>> >that our organisation has to be willing to go into a dialogue. It starts
>> >with a willingness to listen. There are indications that this is
>> improving.
>> >
>> >Given the relevance of the Wikimedia Foundation, there are many
>> >organisations that are really keen to work together with us. Many of
>> >these organisations have a wealth of data and money that they are
>> >investing in activities that are complementary to what we do. By
>> >collaborating, there is the potential that much of these resources will
>> >be directed to Free information and resources. It may mean that things
>> >do not happen in our projects. Our aim is to bring information to the
>> >world, we serve our aim when we make this happen. For Free information
>> >the one thing that really matters is that these resources are relevant
>> >and easy to reach. Organisations want to collaborate with the WMF
>> >because increased traffic for the information they care for is often
>> >what they want to get out of such a collaboration. The opportunities are
>> >there, one risk is that we are not able or willing to reach out, another
>> >is that our community is too inward focused and consequently not willing
>> >or able to collaborate.
>> >
>> >To me security and risk management are really important. The work done
>> >that is in front of us needs to get done. Anthere indicated that issues
>> >identified by the board have to be solved within specified time frames
>> >by the executive. This is only feasible when the means to do this exist.
>> >When the penalty for not finishing in time has the potential of
>> >dismissal, it means that the risks become personal as well as
>> >organisational. The consequence will be that day to day issues will
>> >suffer and this will bring its own risks.
>> >
>> >Thanks,
>> >    GerardM
>> >
>> >_______________________________________________
>> >foundation-l mailing list
>> >foundation-l at lists.wikimedia.org
>> >http://lists.wikimedia.org/mailman/listinfo/foundation-l
>> >
>> _______________________________________________
>> foundation-l mailing list
>> foundation-l at lists.wikimedia.org
>> http://lists.wikimedia.org/mailman/listinfo/foundation-l

More information about the foundation-l mailing list