Guide Complete Set of Residential Architectural Drawings PDF
Risk Management in Citizen Participative Services
1. Policies of the Use of Citizen Participative Services
in the Context of Public Administrations
Risk Management
in
Participative Web
Miriam Ruiz - Fundación CTIC
miriam.ruiz@fundacionctic.org
4. The Future of the Web
●
Web 1.0: People connecting to the Web for
Information: Unidirectional from the editors to
the readers.
●
Web 2.0: People connecting to People: social
networks, wikis, colaboration, possibility of
sharing.
●
Web 3.0: Web applications connecting to other
web applications to enrich people's experience.
5. Advantages of Web 2.0
●
Provides a meeting point for all agents involved in the
smooth running of society
●
Information sharing: knowledge, experiences, suggestions
or complaints
●
Active collaboration and greater protagonism and
involvement of citizens
●
Vehicle for providing new ideas to the Public
Administration
●
Collective generation and gathering of knowledge
●
More transparency in the Public Administration
●
Continuous improvement of public services
7. Goals
●
Develop a methodology to extract the maximum
benefit of the web 2.0 paradigm, minimizing its
risks
●
Have a knowledge as accurate as possible of the web
2.0 phenomenon and its consequences
●
Obtain the highest signal/noise ratio possible from
the information generated in a decentralized way
●
Systematize the design of new web 2.0 services
8. Participants
●
Internal Staff: Contractual Relationship, indefinite
stay
●
Hired Staff: Contractual Relationship, temporary stay
●
External People: No contractual relationship, they use
the services provided
●
Outsiders: No kind of relationship established
●
Anonymous People: Unidentified
9. Identification Level
●
Absolute identification by direct means: ID
Card, Passport or similar.
●
Absolute identification by indirect means:
Telephone number or similar.
●
Weak identification (pseudonym): Alias, e-mail,
OpenID or similar.
●
Anonymous participation: There is nothing that
can identify the person
10. Authentication Level
●
Biometric means: Biological Data
●
Safe Network: Connection from a controlled
Network (Intranet)
●
Strong Authentication: e-ID, digital signature, etc.
●
Intermediate Authentication: Private secret data
●
Weak Authentication: Password
●
No Authentication: No authentication
12. Services
Collective generation of information:
− Blogs or Weblogs
Other options: Microblogs or nanoblogs,
photoblogs, videoblogs or vblogs
− Discussion boards
− Mailing lists
− Wikis
− Survey
− Comments
− Contests
13. Services
Multimedia Contents (photos, audio, video,
flash, etc.):
− Photo Album or gallery
− Podcast
− Video Podcast, Vidcast or Vodcast
Collective Classification of Contents:
− Evaluation
− Tags, folksonomies and tag clouds
− Classification systems based on reputation
14. Services
Information Export:
− Content syndication (RSS, Atom)
− Publishing of information in semantic formats
(RDF, RDFa)
− Open APIs
Content Integration:
− Blog aggregators, planets or metablogs
− Mashups or hybrid web applications
15. Services
Relationships between people:
− Chat or cybertalk
Instant Messaging
Web Conferences
Audio and Video Conferences
Virtual Worlds
− Social Networks
Commercial or Economical Exchanges
17. Risk Management Process
Definition of the Global Strategy
Risk Identification
Initial Risk Evaluation
Planification of measures to reduce the risks
New Risk Evaluation
Risk Control (application of planned measures)
Data Collection
Periodic Review
18. Risk Management Process
Global
Strategy
Data
Collection Risk
Identification
Risk
Control Initial Risk
Evaluation
Final Risk
Evaluation Definition of
Measures to
Control the Risks
20. Quantification of the Probability
High: The hazardous event will happen
regularly
Medium: The hazardous event will happen from
time to time
Low: The hazardous event will occur rarely
Null: It's extremelly unlikely for the dangerous
event to occur
21. Quantification of the Impact
Severe or extremely harmful event: The
damage would be very important if the
dangerous event happened
Serious or harmful event: The damage would
be considerable
Mild or slightly harmful event: The damage
would not be too important
Harmless: There would be almost no damage
even when the incident occurred
22. Risk Quantification
Co nseq uences (impact)
M ild Ha rm ful Severe
Probability
Low Trivial Tolerable Moderate
(danger) M edum Tolerable Moderate Important
Hig h Moderate Important Intolerable
23. Risk Evaluation
Risk = Probability x Impact
T: Trivial (No specific actions are required)
TO: Tolerable (Improvements that do not imply a big
cost. Regular checks)
MO: Moderate (Efforts to reduce risk)
I: Important (A new service shall not be started.
Prioritize the solution of the problem if the service is
already running)
IN: Intolerable (Stop the service inmediately)
25. Dangers
R01: Violation of personal privacy, honor or self-image of people
R02: Revelation and disclosure of secrets or confidential information
R03: Illegal contents or illegal advocacy of crime
R04: Undesired contents or advocacy of undesired activities
R05: Exchanges of attacks or insults
R06: Threats
R07: Continuous psychological harassment
R08: Sexual harassment
R11: Use of the platform for personal or business promotion
R12: Negative advertisement or destructive or negative participation
R13: Irrelevant matters or unrelated to the topic being treated (off-
topic)
26. Dangers
R14: Low quality of the contributions
R15: Spreading rumors and false information
R16: Loss of confidence in the service
R17: Loss of credibility of the institution
R18: Forced participation of third parties
R21: Violation of protection rights of personal data
R22: Infringement of intellectual property rights of third persons
R23: Impersonation
R24: Violation of the protection rights of minors
R25: Fraud
R26: Deception or phishing
27. Dangers
R31: SPAM or unsolicited massive messages
R32: Sabotage: malware, virus, trojans, spyware,...
R33: Massive subscription
R34: Massive theft of personal data
R35: Accesibility problems
R41: Low participation
R42: Massive use of the service (“die of success”)
R43: Biased participation or restricted to a part of the population
R44: Emergency of power groups
R51: Inappropriate use in external information services
28. Consequences
Legal: Legal action that could be taken against the
organization due to contents published by third persons
Mediatic or Image-related: Potential impact on the media
of the contents published in the collaborative services
Economical: Financial or monetary consequences that
may affect the organization
Technical: Potential problems of a technical nature that,
involuntarily or on purpose, may be caused by other
people with their participation
Social: Related to the inherent quality of the service for
users
30. Proactive or preventive measures
Definition and information of the conditions of use of the services
Information and appropriate management of personal data
Terms of licensing of the information and published contents
Adequate information to the users of the services
Training the staff of the organization
Collaboration with copyright management organizations
Limiting the involvement of minors
Moderation prior to publication of contents provided by third parties
Automatic filtering based on the format or the content
Use of captchas (semantic or accesible)
Identification and authentication of participants
Restrictions on access to the contents or to participation
Dinamization and motivation from within the community
Proper planning of the starting up of the services
31. Reactive or corrective measures
Removal or modification of already published content
Direct participation in the service by the organization
Collective moderation by the community itself
Canceling of user accounts
Denial of access to a service
Definition of contingency plans
Notification or formal complaints to competent authorities
32. Supervision or monitoring
Active surveillance of published contents by the organization
Warning system to allow the community itself to alert of problems
Availability of an email account for personalized alerts
Active surveillance of impact and contents reuse in external services
Automated mechanisms for review of the published contents
34. Example: Illegal Contents
Initial Probability (danger) Initial Consequences (damage) Initial Risk
High Harmful Important
Proba- Conse-
Measures Taken
bility quences
Identification and authentication of participants ↓ =
Moderation based on user's reputation ↓ =
Automatic filtering of contents ↓ =
Removal of the message = ↓
Warnings from other users = ↓
Final Probability (danger) Final Consequences (damage) Final Risk
Medium Mild Moderate
35. Example: SPAM
Initial Probability (danger) Initial Impact (damage) Initial Risk
High Mild Moderate
Proba- Conse-
Measures Taken
bility quences
Identification and authentication of participants ↓ =
Moderation based on user's reputation ↓ =
Automatic anti-SPAM filtering ↓↓ =
Removal of the message = ↓
Warnings from other users = ↓
Final Probability (danger) Final Impact (damage) Final Risk
Low Mild Trivial
36. Example: Low Participation
Initial Probability (danger) Initial Consequences (damage) Initial Risk
High Mild Moderate
Proba- Conse-
Measures Taken
bility quences
Identification and authentication of participant ↑ =
Moderation based on user's reputation ↑ =
Motivate users for participation ↓ =
Provide interesting contents from the organization ↓ =
Publicize the list ↓ =
Final Probability (danger) Final Consequences (damage) Final Risk
Medium Mild Tolerable
37. Policies of the Use of Citizen Participative Services
in the Context of Public Administrations
Risk Management
in
Participative Web
Miriam Ruiz - Fundación CTIC
miriam.ruiz@fundacionctic.org
38. Authors
Promoted and developed by:
− Gobierno del Principado de Asturias - http://www.asturias.es
− CTIC Centro Tecnológico - http://www.fundacionctic.org
Members of the Working Group, in Alphabetical Order:
− Eloy Braña Gundin (Principado de Asturias)
− Chus García (Fundación CTIC)
− Marc Garriga (Ayuntamiento de Barcelona)
− Raquel Gisbert (Ayuntamiento de Barcelona)
− Mª Carmen Herrera (Principado de Asturias)
− Dolors Pou (Xperience Consulting)
− Andrés Ramos Gil de la Haza (Bardají & Honrado Abogados)
− José Luis Rodríguez (Principado de Asturias)
− Miriam Ruiz González (Fundación CTIC)
39. License
All the contents included in this work belong to Fundación CTIC and are
protected by the intellectual and industrial property rights granted by law.
Their use, reproduction, distribution, public communication, availability,
processing or any other similar or analogous activity is totally prohibited,
except in the cases that are explicitly allowed by the license under which
it is published. Fundación CTIC reserves the right to pursue legal action
as appropriate against those who violate or infringe their intellectual
property and / or industrial rights.
This work is published under a Creative Commons license
Attribution-ShareAlike 3.0
(CC-by-sa 3.0).
To read the text of this license, visit
http://creativecommons.org/licenses/by-sa/3.0/