Contributors: (ordered alphabetically) Axel Polleres (Vienna University of Economics and Business), Beatriz Esteves (IDLab, IMEC, Ghent University), Daniel Doherty (Trinity College Dublin), Delaram Golpayegani (ADAPT Centre, Trinity College Dublin), Fajar Ekaputra (Vienna University of Technology), Georg P. Krog (Signatu AS), Harshvardhan J. Pandit (ADAPT Centre, Dublin City University), Julian Flake (University of Koblenz), Julio Fernandez (Dublin City University), Rob Brennan (University College Dublin). NOTE: The affiliations are informative, do not represent formal endorsements, and may be outdated as this list is generated automatically from existing data.

The RISK extension to [[[DPV]]] provides concepts for representing information associated with risk management, assessment, controls, and consequences. The namespace for terms in risk is https://www.w3id.org/dpv/risk#. The suggested prefix for the namespace is risk. The risk vocabulary and its documentation is available on GitHub.

DPV v2.1-RC feedback/review period until FEB-16 The DPVCG welcomes feedback and review on the v2.1 Release Candidate containing DPV and related specifications until FEB-16, after which, these documents will be published unless unresolved major issues have been identified. Feedback/review can be e.g., suggestions for improvements, fixing grammar/typos, additional information and references, and technical changes to files. The DPVCG shall discuss all submitted feedback and will resolve in through the weekly meetings. See the changelog for changes.

DPV Specifications: The [[DPV]] is the core specification within the DPV family, with the following extensions: Personal Data [[PD]], Locations [[LOC]], Risk Management [[RISK]], Technology [[TECH]] and [[AI]], [[JUSTIFICATIONS]], [[SECTOR]] specific extensions, and [[LEGAL]] extensions modelling specific jurisdictions and regulations. A [[PRIMER]] introduces the concepts and modelling of DPV specifications, and [[GUIDES]] describe application of DPV for specific applications and use-cases. The Search Index page provides a searchable hierarchy of all concepts. The Data Privacy Vocabularies and Controls Community Group (DPVCG) develops and manages these specifications through GitHub. For meetings, see the DPVCG calendar.

To cite and understand the structure of DPV, the article "Data Privacy Vocabulary (DPV) - Version 2.0" (2024) describes the current state of DPV and extensions from version 2.0 onwards (open access version here). The earlier article "Creating A Vocabulary for Data Privacy" (2019) describes how the DPV was developed (open access versions here, here, and here).

Contributing: The DPVCG welcomes participation to improve the DPV and associated resources, including expansion or refinement of concepts, requesting information and applications, and addressing open issues. See contributing guide for further information.

Introduction

The [[[DPV]]] specification provides a minimal set of risk assessment concepts which enable simple representations of risks and impacts, and associating them with other concepts. To further assist tasks and representation of information regarding risk assessments, as well as to support the implementation of risk management, the [[RISK]] extension provide additional concepts and taxonomies through which risks and impacts can be defined - such as to describe incidents, data breaches, their associate reports and notices, risk matrices, and other risk management processes.

The RISK extension utilises the following sources to guide and define its concepts and taxonomies:

  1. ISO 31000 series, which includes:
    1. ISO 31073:2022 Risk management — Vocabulary
    2. ISO 31000:2018 Risk management — Guidelines
    3. IEC 31010:2019 Risk management – Risk assessment techniques
  2. Requirements from regulations to perform risk and impact assessments, which includes:
    1. [[[GDPR]]]
    2. [[[NIS2]]]
    3. [[[AIAct]]]
Overview of Risk Assessment and Management concepts in DPV and RISK extension

The RISK extension relies on the following concepts defined in the [[DPV]]:

This extension adds additional concepts related to Risk Management, including Risk Assessment, Incident Management, and Taxonomies for risks and impacts - including rights.

Risk Management

The RISK extension utilises the ISO 31000 series of standards for risk management to define and provide relevant concepts. In this, it considers the use and interpretation of these concepts within organisational as well as legal processes, and provides a framework through which the risk management information can be expressed in a consistent manner. The concept [=RiskManagement=] represents the process of risk management, and which can be associated with a context using the relation [=hasRiskManagement=]. Specific aspects of risk management are expressed through the following concepts and relations:

  1. Context establishment, which includes determination of scope and characteristics to define [=RiskPerception=] and [=RiskCriteria=], which are associated using the relations [=hasRiskPerception=] and [=hasRiskCriteria=] respectively.
  2. Carrying out a [=RiskAssessment=], which is associated using the relation [=hasRiskAssessment=], and further includes:
    1. [=RiskIdentification=] which is associated using the relation [=hasRiskIdentification=], and which identifies Risk based on an analysis of the following:
      1. [=RiskSource=], associated using [=hasRiskSource=] relation;
      2. [=Threat=], which is associated with a context using [=causedByThreat=], and [=ThreatSource=] associated with a [=Threat=] using [=hasThreatSource=];
      3. [=Vulnerability=], which is indicated as being applicable in a context through [=hasVulnerability=], and being the cause of a context through [=causedByVulnerability=]. It is indicated to be exploited by a [=Threat=] using [=exploitsVulnerability=], and conversely by [=isExploitedBy=].
    2. [=RiskAnalysis=], associated using [=hasRiskAnalysis=], where each risk is analysed for:
      1. Determining Likelihood ;
      2. Determining Severity based on Consequence and Impact ;
      3. Determining RiskLevel based on likelihood and severity, such as through a [=RiskMatrix=].
    3. [=RiskEvaluation=], associated using [=hasRiskEvaluation=], to determine acceptance and tolerance of identified risks
  3. [=RiskTreatment=] where identifies risks are treated with [=RiskControl=], and which is associated using [=hasRiskTreatment=].
  4. Orthogonal to these are organisational processes (which are part of OrganisationalMeasure taxonomy), and include assigning a [=RiskOwner=] (associated using [=hasRiskOwner=]) for accountability and management. Further organisational concepts can be expanded here in future iterations, such as to represent communication, consultation, monitoring and reviewing processes.

Risk Assessment

The process of 'Risk Assessment' involves risk identification, analysis, and evaluation, through which information is identified and recorded regarding applicable risks. While the [[DPV]] specification already provides sufficient concepts to express relevant information, it does not contain practical concepts to represent commonly used information - such as quantified values used in risk analysis. The RISK extension therefore provides such values for risk assessments. The below example outlines how this is useful to represent information.

Risk Analysis - Likelihood

To express likelihoods, the RISK extension provides the following groups of concepts. Each concept is associated with a suggested value to represent the extent or degree of the concept between 0..1 using rdf:value e.g. [=ExtremelyLowRisk=] has a value of 0.01 and [=HighLikelihood=] has a value of 0.75. Each group uses these values to express a range within a group e.g. in [=3LikelihoodLevels=] the [=LowLikelihood=] (0.25) covers the range 0 to 0.25, while in [=7LikelihoodLevels=] it covers the range from 0.1 ([=VeryLowLikelihood=]) to 0.25. Adopters can thus choose the appropriate ranges, and as the values are suggestions - they can be changed to match the requirements of the use-case.

Risk Analysis - Severity

To express severity in a convenient manner, the RISK extension provides the following groups of concepts, where each concept is also associated with a suggested value similar to likelihood to represent the extent or degree of the concept between 0..1 using rdf:value

Risk Analysis - Risk Level

To express risk levels in a convenient manner, the RISK extension provides the following groups of concepts where each concept is associated with a suggested value to represent the extent or degree of the concept between 0..1 using rdf:value similar to likelihood and severity concepts.

Risk Matrix

Risk Matrix is a popularly used technique for qualitative risk analysis, through which a risk's likelihood and severity are used to obtain an overall risk level. To support its use, the RISK taxonomy provides concepts representing risk matrices of the format 3x3, 5x5, and 7x7. The concepts are expressed as combinations of Severity (Sx) and Likelihood (Lx) levels, and the resulting Risk Level (Lx) being used as its label. For example, the concept [=RM3x3S1L3=] represents a node in a 3x3 matrix with Severity and Likelihood level low (n=1) and Likelihood level high (n=3) with a resulting Risk Level of 'Moderate'. Similarly, [=RM7x7S4L7=] represents a node in a 7x7 risk matrix with Severity level moderate (n=4) and Likelihood level extremely high (n=7) with the resulting Risk Level of 'Very High Risk'.

It is possible to change the risk levels for the risk matrix by replacing the supplied labels with a custom one. For example, to indicate that the concept [=RM3x3S1L3=] should be 'Low Risk' instead of 'Moderate'. Ideally, this should be done by extending the relevant concepts to indicate a custom / use-case specific enumeration of risk levels and scores. The below table showcases the risk matrix collections provided in the RISK extension. The concepts in each cell can be clicked on for the full definition table. The colours are indicative and are not part of the vocabulary.

Risk Matrix 3x3

Likelihood ↓ Severity → Low Moderate High
High [=RM3x3S1L3=] [=RM3x3S2L3=] [=RM3x3S3L3=]
Moderate [=RM3x3S1L2=] [=RM3x3S2L2=] [=RM3x3S3L2=]
Low [=RM3x3S1L1=] [=RM3x3S2L1=] [=RM3x3S3L1=]

Risk Matrix 5x5

Likelihood ↓ Severity → Very Low Low Moderate High Very High
Very High [=RM5x5S1L5=] [=RM5x5S2L5=] [=RM5x5S3L5=] [=RM5x5S4L5=] [=RM5x5S5L5=]
High [=RM5x5S1L4=] [=RM5x5S2L4=] [=RM5x5S3L4=] [=RM5x5S4L4=] [=RM5x5S5L4=]
Moderate [=RM5x5S1L3=] [=RM5x5S2L3=] [=RM5x5S3L3=] [=RM5x5S4L3=] [=RM5x5S5L3=]
Low [=RM5x5S1L2=] [=RM5x5S2L2=] [=RM5x5S3L2=] [=RM5x5S4L2=] [=RM5x5S5L2=]
Very Low [=RM5x5S1L1=] [=RM5x5S2L1=] [=RM5x5S3L1=] [=RM5x5S4L1=] [=RM5x5S5L1=]

Risk Matrix 7x7

Likelihood ↓ Severity → Extremely Low Very Low Low Moderate High Very High Extremely High
Extremely High [=RM7x7S1L7=] [=RM7x7S2L7=] [=RM7x7S3L7=] [=RM7x7S4L7=] [=RM7x7S5L7=] [=RM7x7S6L7=] [=RM7x7S7L7=]
Very High [=RM7x7S1L6=] [=RM7x7S2L6=] [=RM7x7S3L6=] [=RM7x7S4L6=] [=RM7x7S5L6=] [=RM7x7S6L6=] [=RM7x7S7L6=]
High [=RM7x7S1L5=] [=RM7x7S2L5=] [=RM7x7S3L5=] [=RM7x7S4L5=] [=RM7x7S5L5=] [=RM7x7S6L5=] [=RM7x7S7L5=]
Moderate [=RM7x7S1L4=] [=RM7x7S2L4=] [=RM7x7S3L4=] [=RM7x7S4L4=] [=RM7x7S5L4=] [=RM7x7S6L4=] [=RM7x7S7L4=]
Low [=RM7x7S1L3=] [=RM7x7S2L3=] [=RM7x7S3L3=] [=RM7x7S4L3=] [=RM7x7S5L3=] [=RM7x7S6L3=] [=RM7x7S7L3=]
Very Low [=RM7x7S1L2=] [=RM7x7S2L2=] [=RM7x7S3L2=] [=RM7x7S4L2=] [=RM7x7S5L2=] [=RM7x7S6L2=] [=RM7x7S7L2=]
Extremely Low [=RM7x7S1L1=] [=RM7x7S2L1=] [=RM7x7S3L1=] [=RM7x7S4L1=] [=RM7x7S5L1=] [=RM7x7S6L1=] [=RM7x7S7L1=]

Incident

The concept [=Incident=] represents an event or 'incident' that has occurred, as compared to 'risk' which is a theoretical occurrence of an event. To represent specifics about an [=Incident=] such as what personal data was involved, what technical measures were present before the incident occurred, who were humans or data subjects involved, and other pertinent details - the [[DPV]] concepts and relations should be reused.

The RISK extension provides a taxonomy of incident types based on security and legal assessment needs. For example, the [=ConfidentialityIncident=] concept represents an incident affecting the 'confidentiality' dimension in the commonly utilised 'CIA' assessment model. Similarly, [=CrossBorderIncident=] represents an incident that affects multiple jurisdictions i.e. the incident 'crosses borders' - such as because there are multiple storage locations being present across jurisdictions, or because the effected entities are across jurisdictions. The concepts [=DeliberateIncident=] and [=AccidentalIncident=] model the 'intent' behind an incident, which is essential to categorise the continued threat assessment for the incident.

Incident Metadata

To indicate the duration of the incident, the [[DPV]] concept dpv:Duration and relation dpv:hasRelation can be used, or dct:temporal from [[DCT]] can be used, or other means such as the [[TIME]] ontology or XSD types. If this information is unknown, then dpv:NotAvailable should be used. If the incident is ongoing, only the start would be available and represented within the period or duration information. The taxonomy of statuses for [=IncidentStatus=] is provided to indicate whether the incident is ongoing or concluded (on its own) or it was terminated due to some action taken), which is indicated in context using the relation dpv:hasStatus.

[=IncidentIdentifier=] represents an identifier associated with an incident. This concept assists in specifying identifiers that may be assigned by the directly affected entity, or to share identifiers for tracking the same incident amongst entities, or to share an identifiers as a common reference when reporting an incident to authorities.

[=IncidentImpactAssessment=] represents an impact assessment conducted specifically for the incident. It can be associated in contexts, such as for an [=IncidentReport=] by using the relation hasAssessment and hasImpactAssessment .

An [=IncidentMitigationMeasure=] is a 'mitigation measure' taken specifically in relation to an incident - such as to reduce the effects or to inform affected stakeholders. The use of 'mitigation' here is from the legal terminology, and includes a broad range of options available under the typical risk management vocabulary such as eliminating, detecting, modifying, and so on. The relation isMitigatedByMeasure can be useful to associate the measure with an incident.

[=IncidentNotice=] is a notice specifically about an incident, such as for providing information to stakeholders, or to report the incident to authorities. It can be associated in context using hasNotice . Note that extensions modelling legal requirements such as [[EU-GDPR]] and [[EU-NIS2]] will provide specific concepts that extend this notice concept corresponding to obligations around reporting.

[=IncidentRegister=] is a record of incidents (including near-misses and other relevant statuses). It can be associated in context using hasRecordOfActivity , and also through hasOrganisationalMeasure .

Further metadata about incidents can be modelled through the [[DCTERMS]] vocabulary. The DPVCG also welcomes participation and contributions to expand this incident related vocabulary in the RISK extension.

Incident Status

[=IncidentStatus=] refers to the status of the incident itself, and [=IncidentInvestigationStatus=] refers to the status of the investigation associated with an incident. Such investigations are obligations under specific legal requirements, such as for data breaches under GDPR, and security incidents under NIS2. These laws require notifying relevant authorities regarding an incident within specific time frames varying from initial preliminary notifications of an incident occurring, to later notifications with a full report when the incident handling has been completed.

  • risk:IncidentInvestigationStatus: Status associated with investigation of an incident go to full definition
    • risk:IncidentInvestigationCompleted: Status indicating the investigation has been completed and findings are available go to full definition
    • risk:IncidentInvestigationNotStarted: Status indicating the investigation has not yet been started go to full definition
    • risk:IncidentInvestigationOngoing: Status indicating the investigation is ongoing go to full definition
    • risk:IncidentInvestigationPreliminary: Status indicating the investigation is at a preliminary stage with limited findings go to full definition
  • risk:IncidentStatus: Status associated with an incident go to full definition
    • risk:IncidentConcluded: The incident has stopped or finished or concluded without any active mitigation and with a low likelihood of resuming or recurring go to full definition
    • risk:IncidentHalted: The incident has halted or paused with a high likelihood of resuming or recurring go to full definition
    • risk:IncidentMitigated: The incident has been mitigated against future recurrences i.e. a measure has been applied to prevent the same or similar incident from recurring go to full definition
    • risk:IncidentNearMiss: The state where an incident was almost successful in taking place i.e. "it came very close" go to full definition
    • risk:IncidentOngoing: The incident is ongoing i.e. still active go to full definition
    • risk:IncidentStatusUnknown: The status of a incident is unknown go to full definition
    • risk:IncidentSuspected: The state where a incident is suspected, but has not yet been confirmed. This can be due to lack of information, or because the process of detection and investigation is still ongoing go to full definition
    • risk:IncidentTerminated: The incident has been stopped or terminated through the use of a mitigation or deterrent measure with a low likelihood of resuming or recurring go to full definition

Incident Report

An [=IncidentReport=] represents a report regarding an incident with the goal of documenting information about an incident found through investigations - such as when it occurred, its scope, effects, sources, as well as information about the investigations itself. The RISK extension defines specific categories of reports to support legal reporting obligations, such as [=IncidentDetectionReport=] for reporting when an incident has been detected, or [=IncidentPreliminaryReport=] for a preliminary (early) report when the incident and/or its investigation is still ongoing and the complete details may not be available.

As [=IncidentReport=] as defined as a kind of OrganisationalMeasure , they can be associated or involved in context through the relations hasOrganisationalMeasure for a broad reference to reporting as a measure, and hasRecordOfActivity to specifically assert the report as a record of the investigation process.

  • risk:IncidentAssessmentReport: A report describing the assessment of an incident in terms of its effects or impacts go to full definition
  • risk:IncidentConcludingReport: A report describing the conclusion of an investigation regarding a Incident where all relevant facts are known go to full definition
  • risk:IncidentDetectionReport: A report describing the detection of a Incident go to full definition
  • risk:IncidentHandlingReport: A report describing the response to or handling of an incident regarding the mitigation of its effects and the prevention of its recurrence go to full definition
  • risk:IncidentOngoingReport: A report describing on ongoing investigation regarding a Incident where facts and extent of the investigation are being investigated go to full definition
  • risk:IncidentPreliminaryReport: A report describing the preliminary investigation regarding a Incident where the complete facts or extent of the incident may not be known go to full definition
  • risk:IncidentSuspectedReport: A report describing the suspicion of an incident in the past or occuring go to full definition

Risk Controls

A [=RiskControl=] allows for modifying the risk (event) through various means with the aim of managing it. It is associated using the relation [=hasControl=]. The RISK extension provides a taxonomy of controls based on their use before the event ([=ProactiveControl=]) or in response to an event ([=ReactiveControl=]). The taxonomy also features control categorised based on the type of risk concept as - [=SourceControl=] for risk sources, [=ConsequenceControl=] for consequences, and [=ImpactControl=] for impacts.

The below table shows the controls provided in this extension. The generic relation [=controls=] specifies which risk concept the control addresses. It is specialised into the following relations for use with specific controls: [=contains=], [=detects=], [=eliminates=], [=identifies=], [=interrupts=], [=intervenes=], [=investigates=], [=logs=], [=mitigates=], [=modifies=], [=monitors=], [=overrides=], [=recovers=], [=reduces=], [=remedies=], [=resolves=], [=reverses=], [=shares=], [=substitutes=], and [=transfers=].

Risk/Impact Taxonomies

The RISK extension provides a single unified taxonomy of concepts which can be used as risk sources, risks, consequences, or impacts - as required in specific contexts and use-cases. The underlying model which permits this flexibility and allows creation of thesauri and catalogues for providing curated collections of concepts in use-cases is described in the Conceptual Model section.

The taxonomy consists of concepts which are annotated as being capable of or having the potential to be with specific roles and categorisations based on the conceptual model. These are described in sections as:

An overview table shows each concept along with its categorisation in a convenient manner. There is also a dedicated section provide details on modelling rights impacts based on the provided taxonomy.

Conceptual Model

The RISK extension provides a taxonomy of concepts such as [=HumanErrors=], [=Damage=], and [=Harm=] that represent 'events' that can used in specific roles within the use-case. For example, [=HumanErrors=] can be a 'source of risk' where a software developer introduces a bug/error in the code; a 'risk' where the software user accidentally deletes critical data while using the software - where the source is poorly designed UI/UX; and a 'consequence' where the developer accidentally uses the incorrect backup when recovering from a data breach - where the risk is the data breach and the source is insecure system settings. This example highlights that 'roles' such as risk source, risk, consequence, and impacts are contextual assertions, and that the same 'event' or 'concept' can take on different roles in different settings.

The taxonomy provided in RISK is intended to support such broad use of concepts for taking on different roles as needed within the context. This is particularly valuable as the areas of cybersecurity and AI technologies are rapidly evolving landscapes where new risks and consequences frequently emerge, and depending on the perspective the same concept can act as a consequence (e.g. early in development stages) or be the source of risks (e.g. later in deployment stages). Further, the RISK extension also aims to support the creation of 'thesauri' or 'catalogues' of concepts - such as a 'risk catalogue', which provides a curated list of concepts that stakeholders can use in their respective contexts.

To enable such varied uses of the taxonomy, the RISK extension uses 'meta concepts' called [=PotentialRisk=], [=PotentialRiskSource=], [=PotentialConsequence=], and [=PotentialImpact=] that represent the potential roles that a concept can take within a context. A concept expressed as [=PotentialRisk=] and [=PotentialConsequence=] means that the concept can potentially act as a risk or a consequence based on common uses of that concept, but it does not mean that the concept is always a risk or a consequence. The person or system that is identifying risks and consequences can then refer to this categorisation as a hint for what concepts could be applicable in their use-case rather than having to go through the entire taxonomy.

The concepts such as [=PotentialRisk=] are also helpful to curate thesauri and catalogues. For example, when creating a risk catalogue associated with testing phase of software development, we can express the source of risks (as [=PotentialRiskSource=]) and then provide these to the developers and testers to assess for a particular software iteration, and record which risks are applicable (as Risk ). Similarly, if the organisation wants to create two catalogues of common software risks and user risks, it can extend [=PotentialRisk=] as PotentialSoftwareRisks for potential risks that may occur in software and PotentialUserRisks which may occur due to users, then annotate the RISK taxonomy using these, and provide it as inputs to consider in the risk assessment process.

To further support the utility of the taxonomy, where possible, concepts are also categorised based on the commonly utilised 'CIA triad model' in information security, where 'CIA' stands for 'Confidentiality', 'Integrity', and 'Availability'. These are represented by the specific concept being declared as an instance of [=ConfidentialityConcept=], [=IntegrityConcept=], and [=AvailabilityConcept=] respectively.

Potential Risk Sources

A [=PotentialRiskSource=] represents a concept which can be a risk source or act like a risk source in specific concepts. The concept can also be used to create domain or sector or use-case specific groupings of concepts which can act as risk sources in context. Concepts which can act as a potential risk source are defined as an instance of [=PotentialRiskSource=].

  • risk:LegalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are legal in nature or relate to a legal system or process go to full definition
    • risk:LegalComplianceRisk: Risks and consequences regarding legal compliance and its violation go to full definition
    • risk:PolicyRisk: Risks and consequences regarding policy and its associated processes go to full definition
  • risk:OrganisationalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are organisational in nature or relate to an organisational process go to full definition
    • risk:OrganisationalManagementRisk: Concept representing issues and risks associated with the management of operations and resources by the organisation go to full definition
      • risk:HumanOversightIneffective: Concept representing cases where human oversight is ineffective for the intended effect, such as for when human can observe a problem but cannot do anything about it go to full definition
      • risk:HumanOversightInsufficient: Concept representing cases where human oversight is insufficient for the intended effect, such as not being capable of identifying a problem go to full definition
      • risk:InstructionsIncorrect: Concept representing cases where instructions are incorrect for achieving the intended effect go to full definition
      • risk:InstructionsInsufficient: Concept representing cases where instructions are not sufficient for the intended effect go to full definition
      • risk:LackOfSystemTransparency: Concept representing lack of transpareny to humans related to the operation of a system go to full definition
      • risk:StaffIncompetence: Concept representing incompetence of staff go to full definition
      • risk:TechnologyOverreliance: Concept representing the case where an entity, including individuals, have an overreliance on the use of technology go to full definition
    • risk:UserRisks: Concepts associated with risks that arise due to User or Human use go to full definition
      • risk:ErroneousUse: Concept representing erroneous use (of something) go to full definition
      • risk:HumanErrors: Concept representing activities that are errors caused by humans without intention and which was not caused by following rules or policies or instructions that were not from the person go to full definition
      • risk:Misuse: Concept representing a misuse (of something) go to full definition
  • risk:SocietalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are societal in nature or relate to a social setting or process go to full definition
  • risk:TechnicalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are technical in nature or relate to a technical or technological process go to full definition
    • risk:Bias: Bias is defined as the systematic difference in treatment of certain objects, people, or groups in comparison to others go to full definition
      • risk:CognitiveBias: Bias that occurs when humans are processing and interpreting information go to full definition
        • risk:ConfirmationBias: Bias that occurs when hypotheses, regardless of their veracity, are more likely to be confirmed by the intentional or unintentional interpretation of information go to full definition
        • risk:GroupAttributionBias: Bias that occurs when a human assumes that what is true for an individual or object is also true for everyone, or all objects, in that group go to full definition
        • risk:ImplicitBias: Bias that occurs when a human makes an association or assumption based on their mental models and memories go to full definition
        • risk:InGroupBias: Bias that occurs when showing partiality to one's own group or own characteristics go to full definition
        • risk:OutGroupHomogeneityBias: Bias that occurs when seeing out-group members as more alike than in-group members when comparing attitudes, values, personality traits, and other characteristics go to full definition
        • risk:RequirementsBias: Bias that occurs in or during requirements creation go to full definition
        • risk:RuleBasedSystemDesign: Bias that occurs due to developer experience and expert advice having a significant influence on rule-based system design go to full definition
        • risk:SocietalBias: Bias that occurs when similiar cognitive bias (conscious or unconscious) is being held by many individuals in society go to full definition
      • risk:DataBias: Bias that occurs when data properties that if unaddressed lead to systems that perform better or worse for different groups go to full definition
        • risk:DataAggregationBias: Bias that occurs when aggregating data covering different groups of objects has different statistical distributions that introduce bias into the data go to full definition
        • risk:DataProcessingBias: Bias that occurs due to pre-processing (or post-processing) of data, even though the original data would not have led to any bias go to full definition
        • risk:InformativenessBias: Bias that occurs when the mapping between inputs present in the data and outputs are more difficult to identify for some group go to full definition
        • risk:SimpsonsParadoxBias: Bias that occurs when a trend that is indicated in individual groups of data reverses when the groups of data are combined go to full definition
        • risk:StatisticalBias: Bias that occurs as the type of consistent numerical offset in an estimate relative to the true underlying value, inherent to most estimates go to full definition
          • risk:ConfoundingVariablesBias: Bias that occurs as a confounding variable that influences both the dependent variable and independent variable causing a spurious association go to full definition
          • risk:NonNormalityBias: Bias that occurs when the dataset is subject to a different (i.e. non-normal) distribution (e.g., Chi-Square, Beta, Lorentz, Cauchy, Weibull or Pareto) where the results can be biased and misleading go to full definition
          • risk:SelectionBias: Bias that occurs when a dataset's samples are chosen in a way that is not reflective of their real-world distribution go to full definition
            • risk:CoverageBias: Bias that occurs when a population represented in a dataset does not match the actual or real population that are being used go to full definition
            • risk:NonResponseBias: Bias that occurs when people from certain groups opt-out of surveys at different rates than users from other groups. This is also called as Participation bias go to full definition
            • risk:SamplingBias: Bias that occurs when data records are not collected randomly from the intended population go to full definition
    • risk:DataRisk: Risks and risk concepts related to data go to full definition
      • risk:DataBias: Bias that occurs when data properties that if unaddressed lead to systems that perform better or worse for different groups go to full definition
        • risk:DataAggregationBias: Bias that occurs when aggregating data covering different groups of objects has different statistical distributions that introduce bias into the data go to full definition
        • risk:DataProcessingBias: Bias that occurs due to pre-processing (or post-processing) of data, even though the original data would not have led to any bias go to full definition
        • risk:InformativenessBias: Bias that occurs when the mapping between inputs present in the data and outputs are more difficult to identify for some group go to full definition
        • risk:SimpsonsParadoxBias: Bias that occurs when a trend that is indicated in individual groups of data reverses when the groups of data are combined go to full definition
        • risk:StatisticalBias: Bias that occurs as the type of consistent numerical offset in an estimate relative to the true underlying value, inherent to most estimates go to full definition
          • risk:ConfoundingVariablesBias: Bias that occurs as a confounding variable that influences both the dependent variable and independent variable causing a spurious association go to full definition
          • risk:NonNormalityBias: Bias that occurs when the dataset is subject to a different (i.e. non-normal) distribution (e.g., Chi-Square, Beta, Lorentz, Cauchy, Weibull or Pareto) where the results can be biased and misleading go to full definition
          • risk:SelectionBias: Bias that occurs when a dataset's samples are chosen in a way that is not reflective of their real-world distribution go to full definition
            • risk:CoverageBias: Bias that occurs when a population represented in a dataset does not match the actual or real population that are being used go to full definition
            • risk:NonResponseBias: Bias that occurs when people from certain groups opt-out of surveys at different rates than users from other groups. This is also called as Participation bias go to full definition
            • risk:SamplingBias: Bias that occurs when data records are not collected randomly from the intended population go to full definition
      • risk:DataInaccurate: Concept representing data being inaccurate go to full definition
      • risk:DataIncomplete: Concept representing data being incomplete go to full definition
      • risk:DataInconsistent: Concept representing data being inconsistent go to full definition
      • risk:DataMisclassified: Concept representing data being misclassified go to full definition
      • risk:DataMisinterpretation: Concept representing data being misinterpretation go to full definition
      • risk:DataNoise: Concept representing data being noise go to full definition
      • risk:DataOutdated: Concept representing data being outdated go to full definition
      • risk:DataProcessingError: Concept representing operational error in the processing of data go to full definition
      • risk:DataSparse: Concept representing data being sparse go to full definition
      • risk:DataUnavailable: Concept representing data being unavailable go to full definition
      • risk:DataUnrepresentative: Concept representing data being unrepresentative go to full definition
      • risk:DataUnstructured: Concept representing data being unstructured go to full definition
      • risk:DataUnverified: Concept representing data being unverified go to full definition
    • risk:ExternalSecurityThreat: Concepts associated with security threats that are likely to originate externally go to full definition
    • risk:OperationalSecurityRisk: Risks and issues that arise during operational processes go to full definition
      • risk:AuthorisationFailure: Concept representing Authorisation Failure go to full definition
      • risk:ComponentFailure: Concept representing Component Failure go to full definition
      • risk:ComponentMalfunction: Concept representing Component Malfunction go to full definition
      • risk:DataCorruption: Concept representing Corruption of Data go to full definition
      • risk:EquipmentFailure: Concept representing Equipment Failure go to full definition
      • risk:EquipmentMalfunction: Concept representing Equipment Malfunction go to full definition
      • risk:QualityRisk: Concept representing risks and issues associated with quality of tasks, resources, processes go to full definition
        • risk:AccuracyRisk: Concepts representing risks and issues where Accuracy is Risk go to full definition
          • risk:AccuracyDegraded: Concepts representing risks and issues where Accuracy is Degraded go to full definition
          • risk:AccuracyInconsistent: Concepts representing risks and issues where Accuracy is Inconsistent go to full definition
          • risk:AccuracyInsufficient: Concepts representing risks and issues where Accuracy is Insufficient go to full definition
          • risk:AccuracyUnknown: Concepts representing risks and issues where Accuracy is Unknown go to full definition
          • risk:AccuracyUnverified: Concepts representing risks and issues where Accuracy is Unverified go to full definition
        • risk:QualityDegraded: Concepts representing risks and issues where Quality is Degraded go to full definition
          • risk:AccuracyDegraded: Concepts representing risks and issues where Accuracy is Degraded go to full definition
          • risk:RobustnessDegraded: Concepts representing risks and issues where Robustness is Degraded go to full definition
          • risk:SecurityQualityDegraded: Concepts representing risks and issues where Quality of Security is Degraded go to full definition
        • risk:QualityInconsistent: Concepts representing risks and issues where Quality is Inconsistent go to full definition
          • risk:AccuracyInconsistent: Concepts representing risks and issues where Accuracy is Inconsistent go to full definition
          • risk:RobustnessInconsistent: Concepts representing risks and issues where Robustness is Inconsistent go to full definition
          • risk:SecurityQualityInconsistent: Concepts representing risks and issues where Quality of Security is Inconsistent go to full definition
        • risk:QualityInsufficient: Concepts representing risks and issues where Quality is Insufficient go to full definition
          • risk:AccuracyInsufficient: Concepts representing risks and issues where Accuracy is Insufficient go to full definition
          • risk:RobustnessInsufficient: Concepts representing risks and issues where Robustness is Insufficient go to full definition
          • risk:SecurityQualityInsufficient: Concepts representing risks and issues where Quality of Security is Insufficient go to full definition
        • risk:QualityUnknown: Concepts representing risks and issues where Quality is Unknown go to full definition
          • risk:AccuracyUnknown: Concepts representing risks and issues where Accuracy is Unknown go to full definition
          • risk:RobustnessUnknown: Concepts representing risks and issues where Robustness is Unknown go to full definition
          • risk:SecurityQualityUnknown: Concepts representing risks and issues where Quality of Security is Unknown go to full definition
        • risk:QualityUnverified: Concepts representing risks and issues where Quality is Unverified go to full definition
          • risk:AccuracyUnverified: Concepts representing risks and issues where Accuracy is Unverified go to full definition
          • risk:RobustnessUnverified: Concepts representing risks and issues where Robustness is Unverified go to full definition
          • risk:SecurityQualityUnverified: Concepts representing risks and issues where Quality of Security is Unverified go to full definition
        • risk:RobustnessRisk: Concepts representing risks and issues where Robustness is Risk go to full definition
          • risk:RobustnessDegraded: Concepts representing risks and issues where Robustness is Degraded go to full definition
          • risk:RobustnessInconsistent: Concepts representing risks and issues where Robustness is Inconsistent go to full definition
          • risk:RobustnessInsufficient: Concepts representing risks and issues where Robustness is Insufficient go to full definition
          • risk:RobustnessUnknown: Concepts representing risks and issues where Robustness is Unknown go to full definition
          • risk:RobustnessUnverified: Concepts representing risks and issues where Robustness is Unverified go to full definition
        • risk:SecurityQualityRisk: Concepts representing risks and issues where Quality of Security is Risk go to full definition
          • risk:SecurityQualityDegraded: Concepts representing risks and issues where Quality of Security is Degraded go to full definition
          • risk:SecurityQualityInconsistent: Concepts representing risks and issues where Quality of Security is Inconsistent go to full definition
          • risk:SecurityQualityInsufficient: Concepts representing risks and issues where Quality of Security is Insufficient go to full definition
          • risk:SecurityQualityUnknown: Concepts representing risks and issues where Quality of Security is Unknown go to full definition
          • risk:SecurityQualityUnverified: Concepts representing risks and issues where Quality of Security is Unverified go to full definition
      • risk:Reidentification: Concept representing Re-identification go to full definition
      • risk:SecurityBreach: Concept representing Security Breach go to full definition
      • risk:SystemFailure: Concept representing System Failure go to full definition
      • risk:SystemMalfunction: Concept representing System Malfunction go to full definition
      • risk:TaskExecutionRisk: Concept representing risks and issues associated with execution of tasks, operations, activities, and other similar processes go to full definition
        • risk:TaskExecutionIncorrect: Concept representing incorrect execution of task(s) go to full definition
        • risk:TaskOmmitted: Concept representing omission of task(s) go to full definition
        • risk:TaskTimingIncorrect: Concept representing incorrect timing for task(s) i.e. the task execution does not occur at the correct time go to full definition

Potential Risks

A [=PotentialRisk=] represents a concept which can be a risk or act like a risk in specific concepts. The concept can also be used to create domain or sector or use-case specific groupings of concepts which can act as risks in context. Concepts which can act as a potential risks are defined as an instance of [=PotentialRisk=].

  • risk:LegalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are legal in nature or relate to a legal system or process go to full definition
  • risk:OrganisationalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are organisational in nature or relate to an organisational process go to full definition
    • risk:FinancialImpact: Things that cause or have the potential to impact financial resources go to full definition
      • risk:FinancialLoss: Concept representing Financial Loss which may be actual loss of existing financial assets or hypothetical loss of financial opportunity go to full definition
        • risk:JudicialCosts: Something that involves or causes judicial costs to be paid go to full definition
        • risk:JudicialPenalty: Something that involves or causes judicial penalties to be paid go to full definition
      • risk:Renumeration: Something that acts as or provides renumeration which is in monetary or financial form go to full definition
        • risk:Compensation: Something that acts as or provides compensation - which can be monetary and financial or in other forms go to full definition
        • risk:Payment: Something that acts as or provides payment e.g. to access a service or purchase resources go to full definition
        • risk:Reward: Something that acts as or provides rewards i.e. a benefit given for some service or activity that is not a payment or fee go to full definition
    • risk:OrganisationalManagementRisk: Concept representing issues and risks associated with the management of operations and resources by the organisation go to full definition
      • risk:HumanOversightIneffective: Concept representing cases where human oversight is ineffective for the intended effect, such as for when human can observe a problem but cannot do anything about it go to full definition
      • risk:HumanOversightInsufficient: Concept representing cases where human oversight is insufficient for the intended effect, such as not being capable of identifying a problem go to full definition
      • risk:InstructionsIncorrect: Concept representing cases where instructions are incorrect for achieving the intended effect go to full definition
      • risk:InstructionsInsufficient: Concept representing cases where instructions are not sufficient for the intended effect go to full definition
      • risk:LackOfSystemTransparency: Concept representing lack of transpareny to humans related to the operation of a system go to full definition
      • risk:StaffIncompetence: Concept representing incompetence of staff go to full definition
      • risk:TechnologyOverreliance: Concept representing the case where an entity, including individuals, have an overreliance on the use of technology go to full definition
    • risk:ReputationalRisk: Risks and issues that affect the reputation of the organisation go to full definition
    • risk:ServiceRelatedConsequence: A consequence related to the provision of a service go to full definition
    • risk:UserRisks: Concepts associated with risks that arise due to User or Human use go to full definition
      • risk:ErroneousUse: Concept representing erroneous use (of something) go to full definition
      • risk:HumanErrors: Concept representing activities that are errors caused by humans without intention and which was not caused by following rules or policies or instructions that were not from the person go to full definition
      • risk:Misuse: Concept representing a misuse (of something) go to full definition
  • risk:SocietalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are societal in nature or relate to a social setting or process go to full definition
    • risk:Discrimination: Discrimination is the treatment of a person or particular group of people differently, in a way that is worse than the way people are usually treate go to full definition
      • risk:AgeDiscrimination: Discrimination based on a person's age, often impacting older or younger individuals go to full definition
      • risk:BelievesDiscrimination: Discrimination based on a person's beliefs or practices go to full definition
      • risk:CasteDiscrimination: Discrimination based on a person's caste, a form of social stratification found in some cultures go to full definition
      • risk:DirectDiscrimination: Occurs when a person is treated less favorably than another in a comparable situation based on a protected characteristic (e.g., race, sex, disability) go to full definition
      • risk:DisabilityDiscrimination: Discrimination against individuals based on physical or mental disabilities go to full definition
      • risk:ExcellenceDiscrimination: Favoritism towards individuals deemed more competent or superior, often at the expense of others go to full definition
      • risk:GeographicDiscrimination: Discrimination based on a person's geographical origin or residence go to full definition
      • risk:IndirectDiscrimination: Occurs when an apparently neutral provision, criterion, or practice puts individuals of a certain group at a disadvantage compared to others, unless it can be objectively justified go to full definition
      • risk:LanguageDiscrimination: Discrimination based on a person's language, often linked to national origin or ethnicity go to full definition
      • risk:NationalityDiscrimination: Discrimination based on a person's nationality or citizenship go to full definition
      • risk:Racism: Prejudice or discrimination against people based on their race go to full definition
        • risk:EthnicDiscrimination: Discrimination against individuals based on their ethnicity or cultural heritage go to full definition
        • risk:RacialDiscrimination: Discrimination against individuals because of their racial background or skin color go to full definition
      • risk:ReligiousDiscrimination: Discrimination based on a person's relligion or religious beliefs or practices go to full definition
      • risk:ReverseDiscrimination: Discrimination against members of a majority or historically dominant group, often in the context of efforts to promote equality go to full definition
      • risk:Sexism: Discrimination based on a person's sex or gender, typically involving unequal treatment or stereotyping go to full definition
        • risk:GenderDiscrimination: Discrimination based on a person's gender identity or gender expression go to full definition
        • risk:Misandry: Dislike, contempt, or prejudice against men go to full definition
        • risk:Misogyny: Dislike, contempt, or prejudice against women go to full definition
        • risk:SexDiscrimination: Discrimination based on a person's biological sex go to full definition
        • risk:Transphobia: Hostility or prejudice against transgender people or those perceived as not conforming to traditional gender norms go to full definition
      • risk:SexualOrientationDiscrimination: Discrimination based on a person's sexual orientation, typically against those who are not heterosexual go to full definition
        • risk:Homophobia: Hostility or prejudice against individuals who are or are perceived to be homosexual go to full definition
      • risk:WorkplaceDiscrimination: Discrimination occuring at workplace or in the context of work environments go to full definition
    • risk:EnvironmentalRisk: Risks and issues that have their origin in environment or can affect the environment at large go to full definition
      • risk:DisproportionateEnergyConsumption: The occurence or potential occurence of disproportionate energy consumption when considering the value obtained from undertaking the activity and the amount of energy being utilised go to full definition
      • risk:Earthquake: The occurence or potential occurence of earthquakes go to full definition
      • risk:Floods: The occurence or potential occurence of floods go to full definition
    • risk:GroupRisk: Risks and issues that affect or have the potential to affect groups in society go to full definition
    • risk:IndividualRisk: Risks and issues that affect or have the potential to affect specific individuals go to full definition
    • risk:RightsImpact: Concept representing Impact to Rights go to full definition
      • risk:RightsDenied: The refusal or withholding or denial of the existence or applicability of rights go to full definition
      • risk:RightsEroded: The gradual weakening or reduction of the scope and protection of rights go to full definition
      • risk:RightsExercisePrevented: Actions or measures that prevent an individual or group from exercising their legal rights. go to full definition
      • risk:RightsLimited: A limitation or restrictions on the scope or exercise of rights go to full definition
      • risk:RightsObstructed: Interference with or blocking of the exercise of rights go to full definition
      • risk:RightsUnfulfilled: Failure to meet or complete the fulfilment of rights go to full definition
      • risk:RightsViolated: The infringement or breach of rights in a manner that constitutes a 'violation' of those rights go to full definition
  • risk:TechnicalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are technical in nature or relate to a technical or technological process go to full definition
    • risk:Bias: Bias is defined as the systematic difference in treatment of certain objects, people, or groups in comparison to others go to full definition
      • risk:CognitiveBias: Bias that occurs when humans are processing and interpreting information go to full definition
        • risk:ConfirmationBias: Bias that occurs when hypotheses, regardless of their veracity, are more likely to be confirmed by the intentional or unintentional interpretation of information go to full definition
        • risk:GroupAttributionBias: Bias that occurs when a human assumes that what is true for an individual or object is also true for everyone, or all objects, in that group go to full definition
        • risk:ImplicitBias: Bias that occurs when a human makes an association or assumption based on their mental models and memories go to full definition
        • risk:InGroupBias: Bias that occurs when showing partiality to one's own group or own characteristics go to full definition
        • risk:OutGroupHomogeneityBias: Bias that occurs when seeing out-group members as more alike than in-group members when comparing attitudes, values, personality traits, and other characteristics go to full definition
        • risk:RequirementsBias: Bias that occurs in or during requirements creation go to full definition
        • risk:RuleBasedSystemDesign: Bias that occurs due to developer experience and expert advice having a significant influence on rule-based system design go to full definition
        • risk:SocietalBias: Bias that occurs when similiar cognitive bias (conscious or unconscious) is being held by many individuals in society go to full definition
      • risk:DataBias: Bias that occurs when data properties that if unaddressed lead to systems that perform better or worse for different groups go to full definition
        • risk:DataAggregationBias: Bias that occurs when aggregating data covering different groups of objects has different statistical distributions that introduce bias into the data go to full definition
        • risk:DataProcessingBias: Bias that occurs due to pre-processing (or post-processing) of data, even though the original data would not have led to any bias go to full definition
        • risk:InformativenessBias: Bias that occurs when the mapping between inputs present in the data and outputs are more difficult to identify for some group go to full definition
        • risk:SimpsonsParadoxBias: Bias that occurs when a trend that is indicated in individual groups of data reverses when the groups of data are combined go to full definition
        • risk:StatisticalBias: Bias that occurs as the type of consistent numerical offset in an estimate relative to the true underlying value, inherent to most estimates go to full definition
          • risk:ConfoundingVariablesBias: Bias that occurs as a confounding variable that influences both the dependent variable and independent variable causing a spurious association go to full definition
          • risk:NonNormalityBias: Bias that occurs when the dataset is subject to a different (i.e. non-normal) distribution (e.g., Chi-Square, Beta, Lorentz, Cauchy, Weibull or Pareto) where the results can be biased and misleading go to full definition
          • risk:SelectionBias: Bias that occurs when a dataset's samples are chosen in a way that is not reflective of their real-world distribution go to full definition
            • risk:CoverageBias: Bias that occurs when a population represented in a dataset does not match the actual or real population that are being used go to full definition
            • risk:NonResponseBias: Bias that occurs when people from certain groups opt-out of surveys at different rates than users from other groups. This is also called as Participation bias go to full definition
            • risk:SamplingBias: Bias that occurs when data records are not collected randomly from the intended population go to full definition
    • risk:DataRisk: Risks and risk concepts related to data go to full definition
      • risk:DataBias: Bias that occurs when data properties that if unaddressed lead to systems that perform better or worse for different groups go to full definition
        • risk:DataAggregationBias: Bias that occurs when aggregating data covering different groups of objects has different statistical distributions that introduce bias into the data go to full definition
        • risk:DataProcessingBias: Bias that occurs due to pre-processing (or post-processing) of data, even though the original data would not have led to any bias go to full definition
        • risk:InformativenessBias: Bias that occurs when the mapping between inputs present in the data and outputs are more difficult to identify for some group go to full definition
        • risk:SimpsonsParadoxBias: Bias that occurs when a trend that is indicated in individual groups of data reverses when the groups of data are combined go to full definition
        • risk:StatisticalBias: Bias that occurs as the type of consistent numerical offset in an estimate relative to the true underlying value, inherent to most estimates go to full definition
          • risk:ConfoundingVariablesBias: Bias that occurs as a confounding variable that influences both the dependent variable and independent variable causing a spurious association go to full definition
          • risk:NonNormalityBias: Bias that occurs when the dataset is subject to a different (i.e. non-normal) distribution (e.g., Chi-Square, Beta, Lorentz, Cauchy, Weibull or Pareto) where the results can be biased and misleading go to full definition
          • risk:SelectionBias: Bias that occurs when a dataset's samples are chosen in a way that is not reflective of their real-world distribution go to full definition
            • risk:CoverageBias: Bias that occurs when a population represented in a dataset does not match the actual or real population that are being used go to full definition
            • risk:NonResponseBias: Bias that occurs when people from certain groups opt-out of surveys at different rates than users from other groups. This is also called as Participation bias go to full definition
            • risk:SamplingBias: Bias that occurs when data records are not collected randomly from the intended population go to full definition
      • risk:DataInaccurate: Concept representing data being inaccurate go to full definition
      • risk:DataIncomplete: Concept representing data being incomplete go to full definition
      • risk:DataInconsistent: Concept representing data being inconsistent go to full definition
      • risk:DataMisclassified: Concept representing data being misclassified go to full definition
      • risk:DataMisinterpretation: Concept representing data being misinterpretation go to full definition
      • risk:DataNoise: Concept representing data being noise go to full definition
      • risk:DataOutdated: Concept representing data being outdated go to full definition
      • risk:DataProcessingError: Concept representing operational error in the processing of data go to full definition
      • risk:DataSparse: Concept representing data being sparse go to full definition
      • risk:DataUnavailable: Concept representing data being unavailable go to full definition
      • risk:DataUnrepresentative: Concept representing data being unrepresentative go to full definition
      • risk:DataUnstructured: Concept representing data being unstructured go to full definition
      • risk:DataUnverified: Concept representing data being unverified go to full definition
    • risk:ExternalSecurityThreat: Concepts associated with security threats that are likely to originate externally go to full definition
    • risk:OperationalSecurityRisk: Risks and issues that arise during operational processes go to full definition
      • risk:AuthorisationFailure: Concept representing Authorisation Failure go to full definition
      • risk:ComponentFailure: Concept representing Component Failure go to full definition
      • risk:ComponentMalfunction: Concept representing Component Malfunction go to full definition
      • risk:DataCorruption: Concept representing Corruption of Data go to full definition
      • risk:EquipmentFailure: Concept representing Equipment Failure go to full definition
      • risk:EquipmentMalfunction: Concept representing Equipment Malfunction go to full definition
      • risk:QualityRisk: Concept representing risks and issues associated with quality of tasks, resources, processes go to full definition
        • risk:AccuracyRisk: Concepts representing risks and issues where Accuracy is Risk go to full definition
          • risk:AccuracyDegraded: Concepts representing risks and issues where Accuracy is Degraded go to full definition
          • risk:AccuracyInconsistent: Concepts representing risks and issues where Accuracy is Inconsistent go to full definition
          • risk:AccuracyInsufficient: Concepts representing risks and issues where Accuracy is Insufficient go to full definition
          • risk:AccuracyUnknown: Concepts representing risks and issues where Accuracy is Unknown go to full definition
          • risk:AccuracyUnverified: Concepts representing risks and issues where Accuracy is Unverified go to full definition
        • risk:QualityDegraded: Concepts representing risks and issues where Quality is Degraded go to full definition
          • risk:AccuracyDegraded: Concepts representing risks and issues where Accuracy is Degraded go to full definition
          • risk:RobustnessDegraded: Concepts representing risks and issues where Robustness is Degraded go to full definition
          • risk:SecurityQualityDegraded: Concepts representing risks and issues where Quality of Security is Degraded go to full definition
        • risk:QualityInconsistent: Concepts representing risks and issues where Quality is Inconsistent go to full definition
          • risk:AccuracyInconsistent: Concepts representing risks and issues where Accuracy is Inconsistent go to full definition
          • risk:RobustnessInconsistent: Concepts representing risks and issues where Robustness is Inconsistent go to full definition
          • risk:SecurityQualityInconsistent: Concepts representing risks and issues where Quality of Security is Inconsistent go to full definition
        • risk:QualityInsufficient: Concepts representing risks and issues where Quality is Insufficient go to full definition
          • risk:AccuracyInsufficient: Concepts representing risks and issues where Accuracy is Insufficient go to full definition
          • risk:RobustnessInsufficient: Concepts representing risks and issues where Robustness is Insufficient go to full definition
          • risk:SecurityQualityInsufficient: Concepts representing risks and issues where Quality of Security is Insufficient go to full definition
        • risk:QualityUnknown: Concepts representing risks and issues where Quality is Unknown go to full definition
          • risk:AccuracyUnknown: Concepts representing risks and issues where Accuracy is Unknown go to full definition
          • risk:RobustnessUnknown: Concepts representing risks and issues where Robustness is Unknown go to full definition
          • risk:SecurityQualityUnknown: Concepts representing risks and issues where Quality of Security is Unknown go to full definition
        • risk:QualityUnverified: Concepts representing risks and issues where Quality is Unverified go to full definition
          • risk:AccuracyUnverified: Concepts representing risks and issues where Accuracy is Unverified go to full definition
          • risk:RobustnessUnverified: Concepts representing risks and issues where Robustness is Unverified go to full definition
          • risk:SecurityQualityUnverified: Concepts representing risks and issues where Quality of Security is Unverified go to full definition
        • risk:RobustnessRisk: Concepts representing risks and issues where Robustness is Risk go to full definition
          • risk:RobustnessDegraded: Concepts representing risks and issues where Robustness is Degraded go to full definition
          • risk:RobustnessInconsistent: Concepts representing risks and issues where Robustness is Inconsistent go to full definition
          • risk:RobustnessInsufficient: Concepts representing risks and issues where Robustness is Insufficient go to full definition
          • risk:RobustnessUnknown: Concepts representing risks and issues where Robustness is Unknown go to full definition
          • risk:RobustnessUnverified: Concepts representing risks and issues where Robustness is Unverified go to full definition
        • risk:SecurityQualityRisk: Concepts representing risks and issues where Quality of Security is Risk go to full definition
          • risk:SecurityQualityDegraded: Concepts representing risks and issues where Quality of Security is Degraded go to full definition
          • risk:SecurityQualityInconsistent: Concepts representing risks and issues where Quality of Security is Inconsistent go to full definition
          • risk:SecurityQualityInsufficient: Concepts representing risks and issues where Quality of Security is Insufficient go to full definition
          • risk:SecurityQualityUnknown: Concepts representing risks and issues where Quality of Security is Unknown go to full definition
          • risk:SecurityQualityUnverified: Concepts representing risks and issues where Quality of Security is Unverified go to full definition
      • risk:Reidentification: Concept representing Re-identification go to full definition
      • risk:SecurityBreach: Concept representing Security Breach go to full definition
      • risk:SystemFailure: Concept representing System Failure go to full definition
      • risk:SystemMalfunction: Concept representing System Malfunction go to full definition
      • risk:TaskExecutionRisk: Concept representing risks and issues associated with execution of tasks, operations, activities, and other similar processes go to full definition
        • risk:TaskExecutionIncorrect: Concept representing incorrect execution of task(s) go to full definition
        • risk:TaskOmmitted: Concept representing omission of task(s) go to full definition
        • risk:TaskTimingIncorrect: Concept representing incorrect timing for task(s) i.e. the task execution does not occur at the correct time go to full definition

Potential Consequences

A [=PotentialConsequence=] represents a concept which can be a consequence or act like a consequence in specific concepts. The concept can also be used to create domain or sector or use-case specific groupings of concepts which can act as consequences in context. Concepts which can act as a potential consequence are defined as an instance of [=PotentialConsequence=].

  • risk:LegalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are legal in nature or relate to a legal system or process go to full definition
  • risk:OrganisationalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are organisational in nature or relate to an organisational process go to full definition
    • risk:FinancialImpact: Things that cause or have the potential to impact financial resources go to full definition
      • risk:FinancialLoss: Concept representing Financial Loss which may be actual loss of existing financial assets or hypothetical loss of financial opportunity go to full definition
        • risk:JudicialCosts: Something that involves or causes judicial costs to be paid go to full definition
        • risk:JudicialPenalty: Something that involves or causes judicial penalties to be paid go to full definition
      • risk:Renumeration: Something that acts as or provides renumeration which is in monetary or financial form go to full definition
        • risk:Compensation: Something that acts as or provides compensation - which can be monetary and financial or in other forms go to full definition
        • risk:Payment: Something that acts as or provides payment e.g. to access a service or purchase resources go to full definition
        • risk:Reward: Something that acts as or provides rewards i.e. a benefit given for some service or activity that is not a payment or fee go to full definition
    • risk:OrganisationalManagementRisk: Concept representing issues and risks associated with the management of operations and resources by the organisation go to full definition
      • risk:HumanOversightIneffective: Concept representing cases where human oversight is ineffective for the intended effect, such as for when human can observe a problem but cannot do anything about it go to full definition
      • risk:HumanOversightInsufficient: Concept representing cases where human oversight is insufficient for the intended effect, such as not being capable of identifying a problem go to full definition
      • risk:InstructionsIncorrect: Concept representing cases where instructions are incorrect for achieving the intended effect go to full definition
      • risk:InstructionsInsufficient: Concept representing cases where instructions are not sufficient for the intended effect go to full definition
      • risk:LackOfSystemTransparency: Concept representing lack of transpareny to humans related to the operation of a system go to full definition
      • risk:StaffIncompetence: Concept representing incompetence of staff go to full definition
      • risk:TechnologyOverreliance: Concept representing the case where an entity, including individuals, have an overreliance on the use of technology go to full definition
    • risk:ReputationalRisk: Risks and issues that affect the reputation of the organisation go to full definition
    • risk:ServiceRelatedConsequence: A consequence related to the provision of a service go to full definition
    • risk:UserRisks: Concepts associated with risks that arise due to User or Human use go to full definition
      • risk:ErroneousUse: Concept representing erroneous use (of something) go to full definition
      • risk:HumanErrors: Concept representing activities that are errors caused by humans without intention and which was not caused by following rules or policies or instructions that were not from the person go to full definition
      • risk:Misuse: Concept representing a misuse (of something) go to full definition
  • risk:SocietalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are societal in nature or relate to a social setting or process go to full definition
    • risk:Discrimination: Discrimination is the treatment of a person or particular group of people differently, in a way that is worse than the way people are usually treate go to full definition
      • risk:AgeDiscrimination: Discrimination based on a person's age, often impacting older or younger individuals go to full definition
      • risk:BelievesDiscrimination: Discrimination based on a person's beliefs or practices go to full definition
      • risk:CasteDiscrimination: Discrimination based on a person's caste, a form of social stratification found in some cultures go to full definition
      • risk:DirectDiscrimination: Occurs when a person is treated less favorably than another in a comparable situation based on a protected characteristic (e.g., race, sex, disability) go to full definition
      • risk:DisabilityDiscrimination: Discrimination against individuals based on physical or mental disabilities go to full definition
      • risk:ExcellenceDiscrimination: Favoritism towards individuals deemed more competent or superior, often at the expense of others go to full definition
      • risk:GeographicDiscrimination: Discrimination based on a person's geographical origin or residence go to full definition
      • risk:IndirectDiscrimination: Occurs when an apparently neutral provision, criterion, or practice puts individuals of a certain group at a disadvantage compared to others, unless it can be objectively justified go to full definition
      • risk:LanguageDiscrimination: Discrimination based on a person's language, often linked to national origin or ethnicity go to full definition
      • risk:NationalityDiscrimination: Discrimination based on a person's nationality or citizenship go to full definition
      • risk:Racism: Prejudice or discrimination against people based on their race go to full definition
        • risk:EthnicDiscrimination: Discrimination against individuals based on their ethnicity or cultural heritage go to full definition
        • risk:RacialDiscrimination: Discrimination against individuals because of their racial background or skin color go to full definition
      • risk:ReligiousDiscrimination: Discrimination based on a person's relligion or religious beliefs or practices go to full definition
      • risk:ReverseDiscrimination: Discrimination against members of a majority or historically dominant group, often in the context of efforts to promote equality go to full definition
      • risk:Sexism: Discrimination based on a person's sex or gender, typically involving unequal treatment or stereotyping go to full definition
        • risk:GenderDiscrimination: Discrimination based on a person's gender identity or gender expression go to full definition
        • risk:Misandry: Dislike, contempt, or prejudice against men go to full definition
        • risk:Misogyny: Dislike, contempt, or prejudice against women go to full definition
        • risk:SexDiscrimination: Discrimination based on a person's biological sex go to full definition
        • risk:Transphobia: Hostility or prejudice against transgender people or those perceived as not conforming to traditional gender norms go to full definition
      • risk:SexualOrientationDiscrimination: Discrimination based on a person's sexual orientation, typically against those who are not heterosexual go to full definition
        • risk:Homophobia: Hostility or prejudice against individuals who are or are perceived to be homosexual go to full definition
      • risk:WorkplaceDiscrimination: Discrimination occuring at workplace or in the context of work environments go to full definition
    • risk:EnvironmentalRisk: Risks and issues that have their origin in environment or can affect the environment at large go to full definition
      • risk:DisproportionateEnergyConsumption: The occurence or potential occurence of disproportionate energy consumption when considering the value obtained from undertaking the activity and the amount of energy being utilised go to full definition
      • risk:Earthquake: The occurence or potential occurence of earthquakes go to full definition
      • risk:Floods: The occurence or potential occurence of floods go to full definition
    • risk:GroupRisk: Risks and issues that affect or have the potential to affect groups in society go to full definition
    • risk:IndividualRisk: Risks and issues that affect or have the potential to affect specific individuals go to full definition
    • risk:RightsImpact: Concept representing Impact to Rights go to full definition
      • risk:RightsDenied: The refusal or withholding or denial of the existence or applicability of rights go to full definition
      • risk:RightsEroded: The gradual weakening or reduction of the scope and protection of rights go to full definition
      • risk:RightsExercisePrevented: Actions or measures that prevent an individual or group from exercising their legal rights. go to full definition
      • risk:RightsLimited: A limitation or restrictions on the scope or exercise of rights go to full definition
      • risk:RightsObstructed: Interference with or blocking of the exercise of rights go to full definition
      • risk:RightsUnfulfilled: Failure to meet or complete the fulfilment of rights go to full definition
      • risk:RightsViolated: The infringement or breach of rights in a manner that constitutes a 'violation' of those rights go to full definition
  • risk:TechnicalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are technical in nature or relate to a technical or technological process go to full definition
    • risk:Bias: Bias is defined as the systematic difference in treatment of certain objects, people, or groups in comparison to others go to full definition
      • risk:CognitiveBias: Bias that occurs when humans are processing and interpreting information go to full definition
        • risk:ConfirmationBias: Bias that occurs when hypotheses, regardless of their veracity, are more likely to be confirmed by the intentional or unintentional interpretation of information go to full definition
        • risk:GroupAttributionBias: Bias that occurs when a human assumes that what is true for an individual or object is also true for everyone, or all objects, in that group go to full definition
        • risk:ImplicitBias: Bias that occurs when a human makes an association or assumption based on their mental models and memories go to full definition
        • risk:InGroupBias: Bias that occurs when showing partiality to one's own group or own characteristics go to full definition
        • risk:OutGroupHomogeneityBias: Bias that occurs when seeing out-group members as more alike than in-group members when comparing attitudes, values, personality traits, and other characteristics go to full definition
        • risk:RequirementsBias: Bias that occurs in or during requirements creation go to full definition
        • risk:RuleBasedSystemDesign: Bias that occurs due to developer experience and expert advice having a significant influence on rule-based system design go to full definition
        • risk:SocietalBias: Bias that occurs when similiar cognitive bias (conscious or unconscious) is being held by many individuals in society go to full definition
      • risk:DataBias: Bias that occurs when data properties that if unaddressed lead to systems that perform better or worse for different groups go to full definition
        • risk:DataAggregationBias: Bias that occurs when aggregating data covering different groups of objects has different statistical distributions that introduce bias into the data go to full definition
        • risk:DataProcessingBias: Bias that occurs due to pre-processing (or post-processing) of data, even though the original data would not have led to any bias go to full definition
        • risk:InformativenessBias: Bias that occurs when the mapping between inputs present in the data and outputs are more difficult to identify for some group go to full definition
        • risk:SimpsonsParadoxBias: Bias that occurs when a trend that is indicated in individual groups of data reverses when the groups of data are combined go to full definition
        • risk:StatisticalBias: Bias that occurs as the type of consistent numerical offset in an estimate relative to the true underlying value, inherent to most estimates go to full definition
          • risk:ConfoundingVariablesBias: Bias that occurs as a confounding variable that influences both the dependent variable and independent variable causing a spurious association go to full definition
          • risk:NonNormalityBias: Bias that occurs when the dataset is subject to a different (i.e. non-normal) distribution (e.g., Chi-Square, Beta, Lorentz, Cauchy, Weibull or Pareto) where the results can be biased and misleading go to full definition
          • risk:SelectionBias: Bias that occurs when a dataset's samples are chosen in a way that is not reflective of their real-world distribution go to full definition
            • risk:CoverageBias: Bias that occurs when a population represented in a dataset does not match the actual or real population that are being used go to full definition
            • risk:NonResponseBias: Bias that occurs when people from certain groups opt-out of surveys at different rates than users from other groups. This is also called as Participation bias go to full definition
            • risk:SamplingBias: Bias that occurs when data records are not collected randomly from the intended population go to full definition
    • risk:DataRisk: Risks and risk concepts related to data go to full definition
      • risk:DataBias: Bias that occurs when data properties that if unaddressed lead to systems that perform better or worse for different groups go to full definition
        • risk:DataAggregationBias: Bias that occurs when aggregating data covering different groups of objects has different statistical distributions that introduce bias into the data go to full definition
        • risk:DataProcessingBias: Bias that occurs due to pre-processing (or post-processing) of data, even though the original data would not have led to any bias go to full definition
        • risk:InformativenessBias: Bias that occurs when the mapping between inputs present in the data and outputs are more difficult to identify for some group go to full definition
        • risk:SimpsonsParadoxBias: Bias that occurs when a trend that is indicated in individual groups of data reverses when the groups of data are combined go to full definition
        • risk:StatisticalBias: Bias that occurs as the type of consistent numerical offset in an estimate relative to the true underlying value, inherent to most estimates go to full definition
          • risk:ConfoundingVariablesBias: Bias that occurs as a confounding variable that influences both the dependent variable and independent variable causing a spurious association go to full definition
          • risk:NonNormalityBias: Bias that occurs when the dataset is subject to a different (i.e. non-normal) distribution (e.g., Chi-Square, Beta, Lorentz, Cauchy, Weibull or Pareto) where the results can be biased and misleading go to full definition
          • risk:SelectionBias: Bias that occurs when a dataset's samples are chosen in a way that is not reflective of their real-world distribution go to full definition
            • risk:CoverageBias: Bias that occurs when a population represented in a dataset does not match the actual or real population that are being used go to full definition
            • risk:NonResponseBias: Bias that occurs when people from certain groups opt-out of surveys at different rates than users from other groups. This is also called as Participation bias go to full definition
            • risk:SamplingBias: Bias that occurs when data records are not collected randomly from the intended population go to full definition
      • risk:DataInaccurate: Concept representing data being inaccurate go to full definition
      • risk:DataIncomplete: Concept representing data being incomplete go to full definition
      • risk:DataInconsistent: Concept representing data being inconsistent go to full definition
      • risk:DataMisclassified: Concept representing data being misclassified go to full definition
      • risk:DataMisinterpretation: Concept representing data being misinterpretation go to full definition
      • risk:DataNoise: Concept representing data being noise go to full definition
      • risk:DataOutdated: Concept representing data being outdated go to full definition
      • risk:DataProcessingError: Concept representing operational error in the processing of data go to full definition
      • risk:DataSparse: Concept representing data being sparse go to full definition
      • risk:DataUnavailable: Concept representing data being unavailable go to full definition
      • risk:DataUnrepresentative: Concept representing data being unrepresentative go to full definition
      • risk:DataUnstructured: Concept representing data being unstructured go to full definition
      • risk:DataUnverified: Concept representing data being unverified go to full definition
    • risk:ExternalSecurityThreat: Concepts associated with security threats that are likely to originate externally go to full definition
    • risk:OperationalSecurityRisk: Risks and issues that arise during operational processes go to full definition
      • risk:ComponentFailure: Concept representing Component Failure go to full definition
      • risk:ComponentMalfunction: Concept representing Component Malfunction go to full definition
      • risk:DataCorruption: Concept representing Corruption of Data go to full definition
      • risk:EquipmentFailure: Concept representing Equipment Failure go to full definition
      • risk:EquipmentMalfunction: Concept representing Equipment Malfunction go to full definition
      • risk:QualityRisk: Concept representing risks and issues associated with quality of tasks, resources, processes go to full definition
        • risk:AccuracyRisk: Concepts representing risks and issues where Accuracy is Risk go to full definition
          • risk:AccuracyDegraded: Concepts representing risks and issues where Accuracy is Degraded go to full definition
          • risk:AccuracyInconsistent: Concepts representing risks and issues where Accuracy is Inconsistent go to full definition
          • risk:AccuracyInsufficient: Concepts representing risks and issues where Accuracy is Insufficient go to full definition
          • risk:AccuracyUnknown: Concepts representing risks and issues where Accuracy is Unknown go to full definition
          • risk:AccuracyUnverified: Concepts representing risks and issues where Accuracy is Unverified go to full definition
        • risk:QualityDegraded: Concepts representing risks and issues where Quality is Degraded go to full definition
          • risk:AccuracyDegraded: Concepts representing risks and issues where Accuracy is Degraded go to full definition
          • risk:RobustnessDegraded: Concepts representing risks and issues where Robustness is Degraded go to full definition
          • risk:SecurityQualityDegraded: Concepts representing risks and issues where Quality of Security is Degraded go to full definition
        • risk:QualityInconsistent: Concepts representing risks and issues where Quality is Inconsistent go to full definition
          • risk:AccuracyInconsistent: Concepts representing risks and issues where Accuracy is Inconsistent go to full definition
          • risk:RobustnessInconsistent: Concepts representing risks and issues where Robustness is Inconsistent go to full definition
          • risk:SecurityQualityInconsistent: Concepts representing risks and issues where Quality of Security is Inconsistent go to full definition
        • risk:QualityInsufficient: Concepts representing risks and issues where Quality is Insufficient go to full definition
          • risk:AccuracyInsufficient: Concepts representing risks and issues where Accuracy is Insufficient go to full definition
          • risk:RobustnessInsufficient: Concepts representing risks and issues where Robustness is Insufficient go to full definition
          • risk:SecurityQualityInsufficient: Concepts representing risks and issues where Quality of Security is Insufficient go to full definition
        • risk:QualityUnknown: Concepts representing risks and issues where Quality is Unknown go to full definition
          • risk:AccuracyUnknown: Concepts representing risks and issues where Accuracy is Unknown go to full definition
          • risk:RobustnessUnknown: Concepts representing risks and issues where Robustness is Unknown go to full definition
          • risk:SecurityQualityUnknown: Concepts representing risks and issues where Quality of Security is Unknown go to full definition
        • risk:QualityUnverified: Concepts representing risks and issues where Quality is Unverified go to full definition
          • risk:AccuracyUnverified: Concepts representing risks and issues where Accuracy is Unverified go to full definition
          • risk:RobustnessUnverified: Concepts representing risks and issues where Robustness is Unverified go to full definition
          • risk:SecurityQualityUnverified: Concepts representing risks and issues where Quality of Security is Unverified go to full definition
        • risk:RobustnessRisk: Concepts representing risks and issues where Robustness is Risk go to full definition
          • risk:RobustnessDegraded: Concepts representing risks and issues where Robustness is Degraded go to full definition
          • risk:RobustnessInconsistent: Concepts representing risks and issues where Robustness is Inconsistent go to full definition
          • risk:RobustnessInsufficient: Concepts representing risks and issues where Robustness is Insufficient go to full definition
          • risk:RobustnessUnknown: Concepts representing risks and issues where Robustness is Unknown go to full definition
          • risk:RobustnessUnverified: Concepts representing risks and issues where Robustness is Unverified go to full definition
        • risk:SecurityQualityRisk: Concepts representing risks and issues where Quality of Security is Risk go to full definition
          • risk:SecurityQualityDegraded: Concepts representing risks and issues where Quality of Security is Degraded go to full definition
          • risk:SecurityQualityInconsistent: Concepts representing risks and issues where Quality of Security is Inconsistent go to full definition
          • risk:SecurityQualityInsufficient: Concepts representing risks and issues where Quality of Security is Insufficient go to full definition
          • risk:SecurityQualityUnknown: Concepts representing risks and issues where Quality of Security is Unknown go to full definition
          • risk:SecurityQualityUnverified: Concepts representing risks and issues where Quality of Security is Unverified go to full definition
      • risk:Reidentification: Concept representing Re-identification go to full definition
      • risk:SecurityBreach: Concept representing Security Breach go to full definition
      • risk:SystemFailure: Concept representing System Failure go to full definition
      • risk:SystemMalfunction: Concept representing System Malfunction go to full definition
      • risk:TaskExecutionRisk: Concept representing risks and issues associated with execution of tasks, operations, activities, and other similar processes go to full definition
        • risk:TaskExecutionIncorrect: Concept representing incorrect execution of task(s) go to full definition
        • risk:TaskOmmitted: Concept representing omission of task(s) go to full definition
        • risk:TaskTimingIncorrect: Concept representing incorrect timing for task(s) i.e. the task execution does not occur at the correct time go to full definition

Potential Impacts

A [=PotentialImpact=] represents a concept which can be an impact or act like an impact in specific concepts. The concept can also be used to create domain or sector or use-case specific groupings of concepts which can act as impacts in context. Concepts which can act as a potential impact are defined as an instance of [=PotentialImpact=].

  • risk:LegalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are legal in nature or relate to a legal system or process go to full definition
  • risk:OrganisationalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are organisational in nature or relate to an organisational process go to full definition
  • risk:SocietalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are societal in nature or relate to a social setting or process go to full definition
    • risk:Discrimination: Discrimination is the treatment of a person or particular group of people differently, in a way that is worse than the way people are usually treate go to full definition
      • risk:AgeDiscrimination: Discrimination based on a person's age, often impacting older or younger individuals go to full definition
      • risk:BelievesDiscrimination: Discrimination based on a person's beliefs or practices go to full definition
      • risk:CasteDiscrimination: Discrimination based on a person's caste, a form of social stratification found in some cultures go to full definition
      • risk:DirectDiscrimination: Occurs when a person is treated less favorably than another in a comparable situation based on a protected characteristic (e.g., race, sex, disability) go to full definition
      • risk:DisabilityDiscrimination: Discrimination against individuals based on physical or mental disabilities go to full definition
      • risk:ExcellenceDiscrimination: Favoritism towards individuals deemed more competent or superior, often at the expense of others go to full definition
      • risk:GeographicDiscrimination: Discrimination based on a person's geographical origin or residence go to full definition
      • risk:IndirectDiscrimination: Occurs when an apparently neutral provision, criterion, or practice puts individuals of a certain group at a disadvantage compared to others, unless it can be objectively justified go to full definition
      • risk:LanguageDiscrimination: Discrimination based on a person's language, often linked to national origin or ethnicity go to full definition
      • risk:NationalityDiscrimination: Discrimination based on a person's nationality or citizenship go to full definition
      • risk:Racism: Prejudice or discrimination against people based on their race go to full definition
        • risk:EthnicDiscrimination: Discrimination against individuals based on their ethnicity or cultural heritage go to full definition
        • risk:RacialDiscrimination: Discrimination against individuals because of their racial background or skin color go to full definition
      • risk:ReligiousDiscrimination: Discrimination based on a person's relligion or religious beliefs or practices go to full definition
      • risk:ReverseDiscrimination: Discrimination against members of a majority or historically dominant group, often in the context of efforts to promote equality go to full definition
      • risk:Sexism: Discrimination based on a person's sex or gender, typically involving unequal treatment or stereotyping go to full definition
        • risk:GenderDiscrimination: Discrimination based on a person's gender identity or gender expression go to full definition
        • risk:Misandry: Dislike, contempt, or prejudice against men go to full definition
        • risk:Misogyny: Dislike, contempt, or prejudice against women go to full definition
        • risk:SexDiscrimination: Discrimination based on a person's biological sex go to full definition
        • risk:Transphobia: Hostility or prejudice against transgender people or those perceived as not conforming to traditional gender norms go to full definition
      • risk:SexualOrientationDiscrimination: Discrimination based on a person's sexual orientation, typically against those who are not heterosexual go to full definition
        • risk:Homophobia: Hostility or prejudice against individuals who are or are perceived to be homosexual go to full definition
      • risk:WorkplaceDiscrimination: Discrimination occuring at workplace or in the context of work environments go to full definition
    • risk:EnvironmentalRisk: Risks and issues that have their origin in environment or can affect the environment at large go to full definition
      • risk:DisproportionateEnergyConsumption: The occurence or potential occurence of disproportionate energy consumption when considering the value obtained from undertaking the activity and the amount of energy being utilised go to full definition
      • risk:Earthquake: The occurence or potential occurence of earthquakes go to full definition
      • risk:Floods: The occurence or potential occurence of floods go to full definition
    • risk:GroupRisk: Risks and issues that affect or have the potential to affect groups in society go to full definition
    • risk:IndividualRisk: Risks and issues that affect or have the potential to affect specific individuals go to full definition
    • risk:RightsImpact: Concept representing Impact to Rights go to full definition
      • risk:RightsDenied: The refusal or withholding or denial of the existence or applicability of rights go to full definition
      • risk:RightsEroded: The gradual weakening or reduction of the scope and protection of rights go to full definition
      • risk:RightsExercisePrevented: Actions or measures that prevent an individual or group from exercising their legal rights. go to full definition
      • risk:RightsLimited: A limitation or restrictions on the scope or exercise of rights go to full definition
      • risk:RightsObstructed: Interference with or blocking of the exercise of rights go to full definition
      • risk:RightsUnfulfilled: Failure to meet or complete the fulfilment of rights go to full definition
      • risk:RightsViolated: The infringement or breach of rights in a manner that constitutes a 'violation' of those rights go to full definition
  • risk:TechnicalRiskConcept: Risk concepts, including any potential risk sources, consequences, or impacts, that are technical in nature or relate to a technical or technological process go to full definition

Technical Risk Concepts

A [=TechnicalRiskConcept=] represents a concept that is technical in nature or relate to a technical or technological process, and which then can be applicable as a risk source, risk, consequence, or impact in specific concepts.

  • risk:Bias: Bias is defined as the systematic difference in treatment of certain objects, people, or groups in comparison to others go to full definition
    • risk:CognitiveBias: Bias that occurs when humans are processing and interpreting information go to full definition
      • risk:ConfirmationBias: Bias that occurs when hypotheses, regardless of their veracity, are more likely to be confirmed by the intentional or unintentional interpretation of information go to full definition
      • risk:GroupAttributionBias: Bias that occurs when a human assumes that what is true for an individual or object is also true for everyone, or all objects, in that group go to full definition
      • risk:ImplicitBias: Bias that occurs when a human makes an association or assumption based on their mental models and memories go to full definition
      • risk:InGroupBias: Bias that occurs when showing partiality to one's own group or own characteristics go to full definition
      • risk:OutGroupHomogeneityBias: Bias that occurs when seeing out-group members as more alike than in-group members when comparing attitudes, values, personality traits, and other characteristics go to full definition
      • risk:RequirementsBias: Bias that occurs in or during requirements creation go to full definition
      • risk:RuleBasedSystemDesign: Bias that occurs due to developer experience and expert advice having a significant influence on rule-based system design go to full definition
      • risk:SocietalBias: Bias that occurs when similiar cognitive bias (conscious or unconscious) is being held by many individuals in society go to full definition
    • risk:DataBias: Bias that occurs when data properties that if unaddressed lead to systems that perform better or worse for different groups go to full definition
      • risk:DataAggregationBias: Bias that occurs when aggregating data covering different groups of objects has different statistical distributions that introduce bias into the data go to full definition
      • risk:DataProcessingBias: Bias that occurs due to pre-processing (or post-processing) of data, even though the original data would not have led to any bias go to full definition
      • risk:InformativenessBias: Bias that occurs when the mapping between inputs present in the data and outputs are more difficult to identify for some group go to full definition
      • risk:SimpsonsParadoxBias: Bias that occurs when a trend that is indicated in individual groups of data reverses when the groups of data are combined go to full definition
      • risk:StatisticalBias: Bias that occurs as the type of consistent numerical offset in an estimate relative to the true underlying value, inherent to most estimates go to full definition
        • risk:ConfoundingVariablesBias: Bias that occurs as a confounding variable that influences both the dependent variable and independent variable causing a spurious association go to full definition
        • risk:NonNormalityBias: Bias that occurs when the dataset is subject to a different (i.e. non-normal) distribution (e.g., Chi-Square, Beta, Lorentz, Cauchy, Weibull or Pareto) where the results can be biased and misleading go to full definition
        • risk:SelectionBias: Bias that occurs when a dataset's samples are chosen in a way that is not reflective of their real-world distribution go to full definition
          • risk:CoverageBias: Bias that occurs when a population represented in a dataset does not match the actual or real population that are being used go to full definition
          • risk:NonResponseBias: Bias that occurs when people from certain groups opt-out of surveys at different rates than users from other groups. This is also called as Participation bias go to full definition
          • risk:SamplingBias: Bias that occurs when data records are not collected randomly from the intended population go to full definition
  • risk:DataRisk: Risks and risk concepts related to data go to full definition
    • risk:DataBias: Bias that occurs when data properties that if unaddressed lead to systems that perform better or worse for different groups go to full definition
      • risk:DataAggregationBias: Bias that occurs when aggregating data covering different groups of objects has different statistical distributions that introduce bias into the data go to full definition
      • risk:DataProcessingBias: Bias that occurs due to pre-processing (or post-processing) of data, even though the original data would not have led to any bias go to full definition
      • risk:InformativenessBias: Bias that occurs when the mapping between inputs present in the data and outputs are more difficult to identify for some group go to full definition
      • risk:SimpsonsParadoxBias: Bias that occurs when a trend that is indicated in individual groups of data reverses when the groups of data are combined go to full definition
      • risk:StatisticalBias: Bias that occurs as the type of consistent numerical offset in an estimate relative to the true underlying value, inherent to most estimates go to full definition
        • risk:ConfoundingVariablesBias: Bias that occurs as a confounding variable that influences both the dependent variable and independent variable causing a spurious association go to full definition
        • risk:NonNormalityBias: Bias that occurs when the dataset is subject to a different (i.e. non-normal) distribution (e.g., Chi-Square, Beta, Lorentz, Cauchy, Weibull or Pareto) where the results can be biased and misleading go to full definition
        • risk:SelectionBias: Bias that occurs when a dataset's samples are chosen in a way that is not reflective of their real-world distribution go to full definition
          • risk:CoverageBias: Bias that occurs when a population represented in a dataset does not match the actual or real population that are being used go to full definition
          • risk:NonResponseBias: Bias that occurs when people from certain groups opt-out of surveys at different rates than users from other groups. This is also called as Participation bias go to full definition
          • risk:SamplingBias: Bias that occurs when data records are not collected randomly from the intended population go to full definition
    • risk:DataInaccurate: Concept representing data being inaccurate go to full definition
    • risk:DataIncomplete: Concept representing data being incomplete go to full definition
    • risk:DataInconsistent: Concept representing data being inconsistent go to full definition
    • risk:DataMisclassified: Concept representing data being misclassified go to full definition
    • risk:DataMisinterpretation: Concept representing data being misinterpretation go to full definition
    • risk:DataNoise: Concept representing data being noise go to full definition
    • risk:DataOutdated: Concept representing data being outdated go to full definition
    • risk:DataProcessingError: Concept representing operational error in the processing of data go to full definition
    • risk:DataSparse: Concept representing data being sparse go to full definition
    • risk:DataUnavailable: Concept representing data being unavailable go to full definition
    • risk:DataUnrepresentative: Concept representing data being unrepresentative go to full definition
    • risk:DataUnstructured: Concept representing data being unstructured go to full definition
    • risk:DataUnverified: Concept representing data being unverified go to full definition
  • risk:ExternalSecurityThreat: Concepts associated with security threats that are likely to originate externally go to full definition
  • risk:OperationalSecurityRisk: Risks and issues that arise during operational processes go to full definition
    • risk:AuthorisationFailure: Concept representing Authorisation Failure go to full definition
    • risk:ComponentFailure: Concept representing Component Failure go to full definition
    • risk:ComponentMalfunction: Concept representing Component Malfunction go to full definition
    • risk:DataCorruption: Concept representing Corruption of Data go to full definition
    • risk:EquipmentFailure: Concept representing Equipment Failure go to full definition
    • risk:EquipmentMalfunction: Concept representing Equipment Malfunction go to full definition
    • risk:QualityRisk: Concept representing risks and issues associated with quality of tasks, resources, processes go to full definition
      • risk:AccuracyRisk: Concepts representing risks and issues where Accuracy is Risk go to full definition
        • risk:AccuracyDegraded: Concepts representing risks and issues where Accuracy is Degraded go to full definition
        • risk:AccuracyInconsistent: Concepts representing risks and issues where Accuracy is Inconsistent go to full definition
        • risk:AccuracyInsufficient: Concepts representing risks and issues where Accuracy is Insufficient go to full definition
        • risk:AccuracyUnknown: Concepts representing risks and issues where Accuracy is Unknown go to full definition
        • risk:AccuracyUnverified: Concepts representing risks and issues where Accuracy is Unverified go to full definition
      • risk:QualityDegraded: Concepts representing risks and issues where Quality is Degraded go to full definition
        • risk:AccuracyDegraded: Concepts representing risks and issues where Accuracy is Degraded go to full definition
        • risk:RobustnessDegraded: Concepts representing risks and issues where Robustness is Degraded go to full definition
        • risk:SecurityQualityDegraded: Concepts representing risks and issues where Quality of Security is Degraded go to full definition
      • risk:QualityInconsistent: Concepts representing risks and issues where Quality is Inconsistent go to full definition
        • risk:AccuracyInconsistent: Concepts representing risks and issues where Accuracy is Inconsistent go to full definition
        • risk:RobustnessInconsistent: Concepts representing risks and issues where Robustness is Inconsistent go to full definition
        • risk:SecurityQualityInconsistent: Concepts representing risks and issues where Quality of Security is Inconsistent go to full definition
      • risk:QualityInsufficient: Concepts representing risks and issues where Quality is Insufficient go to full definition
        • risk:AccuracyInsufficient: Concepts representing risks and issues where Accuracy is Insufficient go to full definition
        • risk:RobustnessInsufficient: Concepts representing risks and issues where Robustness is Insufficient go to full definition
        • risk:SecurityQualityInsufficient: Concepts representing risks and issues where Quality of Security is Insufficient go to full definition
      • risk:QualityUnknown: Concepts representing risks and issues where Quality is Unknown go to full definition
        • risk:AccuracyUnknown: Concepts representing risks and issues where Accuracy is Unknown go to full definition
        • risk:RobustnessUnknown: Concepts representing risks and issues where Robustness is Unknown go to full definition
        • risk:SecurityQualityUnknown: Concepts representing risks and issues where Quality of Security is Unknown go to full definition
      • risk:QualityUnverified: Concepts representing risks and issues where Quality is Unverified go to full definition
        • risk:AccuracyUnverified: Concepts representing risks and issues where Accuracy is Unverified go to full definition
        • risk:RobustnessUnverified: Concepts representing risks and issues where Robustness is Unverified go to full definition
        • risk:SecurityQualityUnverified: Concepts representing risks and issues where Quality of Security is Unverified go to full definition
      • risk:RobustnessRisk: Concepts representing risks and issues where Robustness is Risk go to full definition
        • risk:RobustnessDegraded: Concepts representing risks and issues where Robustness is Degraded go to full definition
        • risk:RobustnessInconsistent: Concepts representing risks and issues where Robustness is Inconsistent go to full definition
        • risk:RobustnessInsufficient: Concepts representing risks and issues where Robustness is Insufficient go to full definition
        • risk:RobustnessUnknown: Concepts representing risks and issues where Robustness is Unknown go to full definition
        • risk:RobustnessUnverified: Concepts representing risks and issues where Robustness is Unverified go to full definition
      • risk:SecurityQualityRisk: Concepts representing risks and issues where Quality of Security is Risk go to full definition
        • risk:SecurityQualityDegraded: Concepts representing risks and issues where Quality of Security is Degraded go to full definition
        • risk:SecurityQualityInconsistent: Concepts representing risks and issues where Quality of Security is Inconsistent go to full definition
        • risk:SecurityQualityInsufficient: Concepts representing risks and issues where Quality of Security is Insufficient go to full definition
        • risk:SecurityQualityUnknown: Concepts representing risks and issues where Quality of Security is Unknown go to full definition
        • risk:SecurityQualityUnverified: Concepts representing risks and issues where Quality of Security is Unverified go to full definition
    • risk:Reidentification: Concept representing Re-identification go to full definition
    • risk:SecurityBreach: Concept representing Security Breach go to full definition
    • risk:SystemFailure: Concept representing System Failure go to full definition
    • risk:SystemMalfunction: Concept representing System Malfunction go to full definition
    • risk:TaskExecutionRisk: Concept representing risks and issues associated with execution of tasks, operations, activities, and other similar processes go to full definition
      • risk:TaskExecutionIncorrect: Concept representing incorrect execution of task(s) go to full definition
      • risk:TaskOmmitted: Concept representing omission of task(s) go to full definition
      • risk:TaskTimingIncorrect: Concept representing incorrect timing for task(s) i.e. the task execution does not occur at the correct time go to full definition

Organisational Risk Concepts

A [=OrganisationalRiskConcept=] represents a concept that is organisational in nature or relates to an organisational process, and which then can be applicable as a risk source, risk, consequence, or impact in specific concepts.

  • risk:FinancialImpact: Things that cause or have the potential to impact financial resources go to full definition
    • risk:FinancialLoss: Concept representing Financial Loss which may be actual loss of existing financial assets or hypothetical loss of financial opportunity go to full definition
      • risk:JudicialCosts: Something that involves or causes judicial costs to be paid go to full definition
      • risk:JudicialPenalty: Something that involves or causes judicial penalties to be paid go to full definition
    • risk:Renumeration: Something that acts as or provides renumeration which is in monetary or financial form go to full definition
      • risk:Compensation: Something that acts as or provides compensation - which can be monetary and financial or in other forms go to full definition
      • risk:Payment: Something that acts as or provides payment e.g. to access a service or purchase resources go to full definition
      • risk:Reward: Something that acts as or provides rewards i.e. a benefit given for some service or activity that is not a payment or fee go to full definition
  • risk:OrganisationalManagementRisk: Concept representing issues and risks associated with the management of operations and resources by the organisation go to full definition
    • risk:HumanOversightIneffective: Concept representing cases where human oversight is ineffective for the intended effect, such as for when human can observe a problem but cannot do anything about it go to full definition
    • risk:HumanOversightInsufficient: Concept representing cases where human oversight is insufficient for the intended effect, such as not being capable of identifying a problem go to full definition
    • risk:InstructionsIncorrect: Concept representing cases where instructions are incorrect for achieving the intended effect go to full definition
    • risk:InstructionsInsufficient: Concept representing cases where instructions are not sufficient for the intended effect go to full definition
    • risk:LackOfSystemTransparency: Concept representing lack of transpareny to humans related to the operation of a system go to full definition
    • risk:StaffIncompetence: Concept representing incompetence of staff go to full definition
    • risk:TechnologyOverreliance: Concept representing the case where an entity, including individuals, have an overreliance on the use of technology go to full definition
  • risk:ReputationalRisk: Risks and issues that affect the reputation of the organisation go to full definition
  • risk:ServiceRelatedConsequence: A consequence related to the provision of a service go to full definition
  • risk:UserRisks: Concepts associated with risks that arise due to User or Human use go to full definition
    • risk:ErroneousUse: Concept representing erroneous use (of something) go to full definition
    • risk:HumanErrors: Concept representing activities that are errors caused by humans without intention and which was not caused by following rules or policies or instructions that were not from the person go to full definition
    • risk:Misuse: Concept representing a misuse (of something) go to full definition

Societal Risk Concepts

A [=SocietalRiskConcept=] represents a concept that is societal in nature or relates to a societal process or event or effect, and which then can be applicable as a risk source, risk, consequence, or impact in specific concepts.

  • risk:Discrimination: Discrimination is the treatment of a person or particular group of people differently, in a way that is worse than the way people are usually treate go to full definition
    • risk:AgeDiscrimination: Discrimination based on a person's age, often impacting older or younger individuals go to full definition
    • risk:BelievesDiscrimination: Discrimination based on a person's beliefs or practices go to full definition
    • risk:CasteDiscrimination: Discrimination based on a person's caste, a form of social stratification found in some cultures go to full definition
    • risk:DirectDiscrimination: Occurs when a person is treated less favorably than another in a comparable situation based on a protected characteristic (e.g., race, sex, disability) go to full definition
    • risk:DisabilityDiscrimination: Discrimination against individuals based on physical or mental disabilities go to full definition
    • risk:ExcellenceDiscrimination: Favoritism towards individuals deemed more competent or superior, often at the expense of others go to full definition
    • risk:GeographicDiscrimination: Discrimination based on a person's geographical origin or residence go to full definition
    • risk:IndirectDiscrimination: Occurs when an apparently neutral provision, criterion, or practice puts individuals of a certain group at a disadvantage compared to others, unless it can be objectively justified go to full definition
    • risk:LanguageDiscrimination: Discrimination based on a person's language, often linked to national origin or ethnicity go to full definition
    • risk:NationalityDiscrimination: Discrimination based on a person's nationality or citizenship go to full definition
    • risk:Racism: Prejudice or discrimination against people based on their race go to full definition
      • risk:EthnicDiscrimination: Discrimination against individuals based on their ethnicity or cultural heritage go to full definition
      • risk:RacialDiscrimination: Discrimination against individuals because of their racial background or skin color go to full definition
    • risk:ReligiousDiscrimination: Discrimination based on a person's relligion or religious beliefs or practices go to full definition
    • risk:ReverseDiscrimination: Discrimination against members of a majority or historically dominant group, often in the context of efforts to promote equality go to full definition
    • risk:Sexism: Discrimination based on a person's sex or gender, typically involving unequal treatment or stereotyping go to full definition
      • risk:GenderDiscrimination: Discrimination based on a person's gender identity or gender expression go to full definition
      • risk:Misandry: Dislike, contempt, or prejudice against men go to full definition
      • risk:Misogyny: Dislike, contempt, or prejudice against women go to full definition
      • risk:SexDiscrimination: Discrimination based on a person's biological sex go to full definition
      • risk:Transphobia: Hostility or prejudice against transgender people or those perceived as not conforming to traditional gender norms go to full definition
    • risk:SexualOrientationDiscrimination: Discrimination based on a person's sexual orientation, typically against those who are not heterosexual go to full definition
      • risk:Homophobia: Hostility or prejudice against individuals who are or are perceived to be homosexual go to full definition
    • risk:WorkplaceDiscrimination: Discrimination occuring at workplace or in the context of work environments go to full definition
  • risk:EnvironmentalRisk: Risks and issues that have their origin in environment or can affect the environment at large go to full definition
    • risk:DisproportionateEnergyConsumption: The occurence or potential occurence of disproportionate energy consumption when considering the value obtained from undertaking the activity and the amount of energy being utilised go to full definition
    • risk:Earthquake: The occurence or potential occurence of earthquakes go to full definition
    • risk:Floods: The occurence or potential occurence of floods go to full definition
  • risk:GroupRisk: Risks and issues that affect or have the potential to affect groups in society go to full definition
  • risk:IndividualRisk: Risks and issues that affect or have the potential to affect specific individuals go to full definition
  • risk:RightsImpact: Concept representing Impact to Rights go to full definition
    • risk:RightsDenied: The refusal or withholding or denial of the existence or applicability of rights go to full definition
    • risk:RightsEroded: The gradual weakening or reduction of the scope and protection of rights go to full definition
    • risk:RightsExercisePrevented: Actions or measures that prevent an individual or group from exercising their legal rights. go to full definition
    • risk:RightsLimited: A limitation or restrictions on the scope or exercise of rights go to full definition
    • risk:RightsObstructed: Interference with or blocking of the exercise of rights go to full definition
    • risk:RightsUnfulfilled: Failure to meet or complete the fulfilment of rights go to full definition
    • risk:RightsViolated: The infringement or breach of rights in a manner that constitutes a 'violation' of those rights go to full definition

Overview of Concepts and Roles

Concept Roles CIA model
Risk Source Risk Consequence Impact Confidentiality Integrity Availability
risk:AccidentalMisuse
risk:AccuracyDegraded
risk:AccuracyInconsistent
risk:AccuracyInsufficient
risk:AccuracyRisk
risk:AccuracyUnknown
risk:AccuracyUnverified
risk:AgeDiscrimination
risk:AuthorisationFailure
risk:AvailabilityBreach
risk:AvailabilityConcept
risk:BehaviourDistortion
risk:BelievesDiscrimination
risk:Benefit
risk:Bias
risk:Blackmail
risk:BruteForceAuthorisations
risk:CasteDiscrimination
risk:Coercion
risk:CognitiveBias
risk:Compensation
risk:ComponentFailure
risk:ComponentMalfunction
risk:CompromiseAccount
risk:CompromiseAccountCredentials
risk:ConfidentialityBreach
risk:ConfidentialityConcept
risk:ConfirmationBias
risk:ConfoundingVariablesBias
risk:CopyrightViolation
risk:CoverageBias
risk:Cryptojacking
risk:CustomerSupportLimited
risk:Damage
risk:DataAggregationBias
risk:DataBias
risk:DataBreach
risk:DataCollectionError
risk:DataCorruption
risk:DataErasureError
risk:DataInaccurate
risk:DataIncomplete
risk:DataInconsistent
risk:DataMisclassified
risk:DataMisinterpretation
risk:DataNoise
risk:DataOutdated
risk:DataPreparationError
risk:DataProcessingBias
risk:DataProcessingError
risk:DataRisk
risk:DataSelectionError
risk:DataSparse
risk:DataStorageError
risk:DataTransferError
risk:DataUnavailable
risk:DataUnrepresentative
risk:DataUnstructured
risk:DataUnverified
risk:DelayedApplicationProcessing
risk:DenialServiceAttack
risk:Detriment
risk:DirectDiscrimination
risk:DisabilityDiscrimination
risk:Discrimination
risk:DisproportionateEnergyConsumption
risk:DistributedDenialServiceAttack
risk:Earthquake
risk:EnvironmentalRisk
risk:EquipmentFailure
risk:EquipmentMalfunction
risk:ErroneousUse
risk:EthnicDiscrimination
risk:ExcellenceDiscrimination
risk:ExposureToHarmfulSpeech
risk:ExternalSecurityThreat
risk:Extorsion
risk:FinancialImpact
risk:FinancialLoss
risk:Floods
risk:Fraud
risk:GenderDiscrimination
risk:GeographicDiscrimination
risk:GroupAttributionBias
risk:GroupHealthSafety
risk:GroupRisk
risk:Harassment
risk:Harm
risk:Health
risk:HealthSafety
risk:Homophobia
risk:HumanErrors
risk:HumanOversightIneffective
risk:HumanOversightInsufficient
risk:IdentityFraud
risk:IdentityTheft
risk:IdentityVerificationFailure
risk:IllegalDataProcessing
risk:ImplicitBias
risk:InabilityToEnterIntoContract
risk:InabilityToEstablishLegalClaims
risk:InabilityToFulfillLegalObligations
risk:InabilityToProcessPayments
risk:InabilityToProtectVitalInterests
risk:InabilityToProvideHealthCare
risk:IndirectDiscrimination
risk:IndividualHealthSafety
risk:IndividualRisk
risk:InformativenessBias
risk:InGroupBias
risk:Injury
risk:InstructionsIncorrect
risk:InstructionsInsufficient
risk:IntegrityBreach
risk:IntegrityConcept
risk:IntentionalMisuse
risk:InterceptCommunications
risk:JudicialCosts
risk:JudicialPenalty
risk:LackOfSystemTransparency
risk:LanguageDiscrimination
risk:LegalComplianceRisk
risk:LegallyRelevantConsequence
risk:LegalRiskConcept
risk:LegalSupportLimited
risk:LoseCredibility
risk:LoseCustomerConfidence
risk:LoseGoodwill
risk:LoseNegotiatingCapacity
risk:LoseOpportunity
risk:LoseReputation
risk:LoseTrust
risk:LoyaltyProgramExclusion
risk:MaliciousActivity
risk:MaliciousCodeAttack
risk:MalwareAttack
risk:MaterialDamage
risk:MentalHealth
risk:MentalSafety
risk:Misandry
risk:Misogyny
risk:Misuse
risk:NationalityDiscrimination
risk:NonMaterialDamage
risk:NonNormalityBias
risk:NonResponseBias
risk:OperationalSecurityRisk
risk:OrganisationalManagementRisk
risk:OrganisationalRiskConcept
risk:OutGroupHomogeneityBias
risk:Payment
risk:PersonalisationDisabled
risk:PersonalisationEnabled
risk:PersonalSafetyEndangerment
risk:PhishingScam
risk:PhysicalAssault
risk:PhysicalHarm
risk:PhysicalHealth
risk:PhysicalSafety
risk:PolicyRisk
risk:PotentialConsequence
risk:PotentialImpact
risk:PotentialRisk
risk:PotentialRiskSource
risk:Privacy
risk:PsychologicalHarm
risk:PublicHealthSafety
risk:PublicOrderBreach
risk:PublicServicesExclusion
risk:QualityDegraded
risk:QualityInconsistent
risk:QualityInsufficient
risk:QualityRisk
risk:QualityUnknown
risk:QualityUnverified
risk:RacialDiscrimination
risk:Racism
risk:Reidentification
risk:ReligiousDiscrimination
risk:Renumeration
risk:ReputationalRisk
risk:RequirementsBias
risk:ReverseDiscrimination
risk:Reward
risk:RightsDenied
risk:RightsEroded
risk:RightsExercisePrevented
risk:RightsImpact
risk:RightsLimited
risk:RightsObstructed
risk:RightsUnfulfilled
risk:RightsViolated
risk:RobustnessDegraded
risk:RobustnessInconsistent
risk:RobustnessInsufficient
risk:RobustnessRisk
risk:RobustnessUnknown
risk:RobustnessUnverified
risk:RuleBasedSystemDesign
risk:Sabotage
risk:Safety
risk:SamplingBias
risk:Scam
risk:SecurityAttack
risk:SecurityBreach
risk:SecurityQualityDegraded
risk:SecurityQualityInconsistent
risk:SecurityQualityInsufficient
risk:SecurityQualityRisk
risk:SecurityQualityUnknown
risk:SecurityQualityUnverified
risk:SelectionBias
risk:ServiceAlternativeOffered
risk:ServiceCostIncreased
risk:ServiceDenied
risk:ServiceLimited
risk:ServiceNotProvided
risk:ServicePartiallyProvided
risk:ServiceProvided
risk:ServiceProvisionDelayed
risk:ServiceQualityReduced
risk:ServiceRelatedConsequence
risk:ServiceSecurityReduced
risk:ServiceTermination
risk:SexDiscrimination
risk:Sexism
risk:SexualHarassment
risk:SexualOrientationDiscrimination
risk:SexualViolence
risk:SimpsonsParadoxBias
risk:SocialDisadvantage
risk:SocietalBias
risk:SocietalHealthSafety
risk:SocietalRiskConcept
risk:Spoofing
risk:StaffIncompetence
risk:StatisticalBias
risk:SystemFailure
risk:SystemIntrusion
risk:SystemMalfunction
risk:TaskExecutionIncorrect
risk:TaskExecutionRisk
risk:TaskOmmitted
risk:TaskTimingIncorrect
risk:TechnicalRiskConcept
risk:TechnologyOverreliance
risk:Terrorism
risk:Transphobia
risk:UnauthorisedAccesstoPremises
risk:UnauthorisedActivity
risk:UnauthorisedCodeAccess
risk:UnauthorisedCodeDisclosure
risk:UnauthorisedCodeModification
risk:UnauthorisedDataAccess
risk:UnauthorisedDataDisclosure
risk:UnauthorisedDataModification
risk:UnauthorisedInformationDisclosure
risk:UnauthorisedReidentification
risk:UnauthorisedResourceUse
risk:UnauthorisedSystemAccess
risk:UnauthorisedSystemModification
risk:UnwantedCodeDeletion
risk:UnwantedDataDeletion
risk:UnwantedDisclosureData
risk:UserRisks
risk:ViolatingCodeOfConduct
risk:ViolatingContractualObligation
risk:ViolatingEthicsCode
risk:ViolatingLegalObligation
risk:ViolatingObligation
risk:ViolatingPolicy
risk:ViolatingProhibition
risk:ViolatingStatutoryObligations
risk:ViolenceAgainstChildren
risk:Wellbeing
risk:WorkplaceDiscrimination

Modelling Rights Impacts

Impacts on (legal) rights are modelled through the concept [=RightsImpact=], and are associated using the relations dpv:hasRisk to indicate a risk of an impact on rights and dpv:hasImpact to indicate an impact of rights. Here, 'right' refers to a broad concept encompassing rights, freedoms, privileges, claims, entitlements, or other similar concepts which form the basis for legal interpretations. While in this broad sense, 'right' also refers to corporate rights such as for intellectual property or copyright, the intent here is to model the societal notion of rights, such as the 'right of a customer' or 'rights protected by a constitution'.

The [=RightsImpact=] concept is further expanded to distinguish between different kinds of impacts, which are then combined with a specific right or group of rights to indicate the impact in a more granular manner. These concepts are [=RightsDenied=], [=RightsEroded=], [=RightsExercisePrevented=], [=RightsLimited=], [=RightsObstructed=], [=RightsUnfulfilled=], and [=RightsViolated=]. Not all impact categories may apply for a particular right, and not all impacts may include all applicable categories. Further, the interpretation of some of these categories can be difficult to quantify, such as whether a particular right has been 'violated'. The intent therefore here is foremost to provide a vocabulary to express impacts on rights in terms of the right itself (e.g. right denied or right exercise being prevented), which can then be used to make assessments of a broader implication regarding the right (e.g. right is eroded or is violated).

Vocabulary Index

Classes

3 Likelihood Levels

Term 3LikelihoodLevels Prefix risk
Label 3 Likelihood Levels
IRI https://w3id.org/dpv/risk#3LikelihoodLevels
Type rdfs:Class, skos:Concept, dpv:Likelihood
Broader/Parent types dpv:Likelihood
Object of relation dpv:hasLikelihood
Definition Scale with 3 Likelihood Levels from High to Low
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

3 Risk Levels

Term 3RiskLevels Prefix risk
Label 3 Risk Levels
IRI https://w3id.org/dpv/risk#3RiskLevels
Type rdfs:Class, skos:Concept, dpv:RiskLevel
Broader/Parent types dpv:RiskLevel
Object of relation dpv:hasRiskLevel
Definition Scale with 3 Risk Levels from High to Low
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

3 Severity Levels

Term 3SeverityLevels Prefix risk
Label 3 Severity Levels
IRI https://w3id.org/dpv/risk#3SeverityLevels
Type rdfs:Class, skos:Concept, dpv:Severity
Broader/Parent types dpv:Severity
Object of relation dpv:hasSeverity
Definition Scale with 3 Severity Levels from High to Low
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

5 Likelihood Levels

Term 5LikelihoodLevels Prefix risk
Label 5 Likelihood Levels
IRI https://w3id.org/dpv/risk#5LikelihoodLevels
Type rdfs:Class, skos:Concept, dpv:Likelihood
Broader/Parent types dpv:Likelihood
Object of relation dpv:hasLikelihood
Definition Scale with 5 Likelihood Levels from Very High to Very Low
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

5 Risk Levels

Term 5RiskLevels Prefix risk
Label 5 Risk Levels
IRI https://w3id.org/dpv/risk#5RiskLevels
Type rdfs:Class, skos:Concept, dpv:RiskLevel
Broader/Parent types dpv:RiskLevel
Object of relation dpv:hasRiskLevel
Definition Scale with 5 Risk Levels from Very High to Very Low
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

5 Severity Levels

Term 5SeverityLevels Prefix risk
Label 5 Severity Levels
IRI https://w3id.org/dpv/risk#5SeverityLevels
Type rdfs:Class, skos:Concept, dpv:Severity
Broader/Parent types dpv:Severity
Object of relation dpv:hasSeverity
Definition Scale with 5 Severity Levels from Very High to Very Low
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

7 Likelihood Levels

Term 7LikelihoodLevels Prefix risk
Label 7 Likelihood Levels
IRI https://w3id.org/dpv/risk#7LikelihoodLevels
Type rdfs:Class, skos:Concept, dpv:Likelihood
Broader/Parent types dpv:Likelihood
Object of relation dpv:hasLikelihood
Definition Scale with 7 Likelihood Levels from Extremely High to Extremely Low
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

7 Risk Levels

Term 7RiskLevels Prefix risk
Label 7 Risk Levels
IRI https://w3id.org/dpv/risk#7RiskLevels
Type rdfs:Class, skos:Concept, dpv:RiskLevel
Broader/Parent types dpv:RiskLevel
Object of relation dpv:hasRiskLevel
Definition Scale with 7 Risk Levels from Extremely High to Extremely Low
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

7 Severity Levels

Term 7SeverityLevels Prefix risk
Label 7 Severity Levels
IRI https://w3id.org/dpv/risk#7SeverityLevels
Type rdfs:Class, skos:Concept, dpv:Severity
Broader/Parent types dpv:Severity
Object of relation dpv:hasSeverity
Definition Scale with 7 Severity Levels from Extremely High to Extremely Low
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

Accidental Incident

Term AccidentalIncident Prefix risk
Label Accidental Incident
IRI https://w3id.org/dpv/risk#AccidentalIncident
Type rdfs:Class, skos:Concept
Broader/Parent types risk:Incidentdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:hasIncident, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Incident caused due to accidental actions arising from human or human-controlled situations
Date Created 2024-05-19
See More: section INCIDENT in RISK

Accidental Misuse

Term AccidentalMisuse Prefix risk
Label Accidental Misuse
IRI https://w3id.org/dpv/risk#AccidentalMisuse
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:Misuserisk:UserRisksrisk:OrganisationalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing accidental misuse (of something)
Date Created 2024-12-17
See More: section RISK-TAXONOMY in RISK

Accuracy Degraded

Term AccuracyDegraded Prefix risk
Label Accuracy Degraded
IRI https://w3id.org/dpv/risk#AccuracyDegraded
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:AccuracyRiskrisk:QualityRiskrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Broader/Parent types risk:QualityDegradedrisk:QualityRiskrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concepts representing risks and issues where Accuracy is Degraded
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Accuracy Inconsistent

Term AccuracyInconsistent Prefix risk
Label Accuracy Inconsistent
IRI https://w3id.org/dpv/risk#AccuracyInconsistent
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:AccuracyRiskrisk:QualityRiskrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Broader/Parent types risk:QualityInconsistentrisk:QualityRiskrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concepts representing risks and issues where Accuracy is Inconsistent
Date Created 2024-12-01
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Accuracy Insufficient

Term AccuracyInsufficient Prefix risk
Label Accuracy Insufficient
IRI https://w3id.org/dpv/risk#AccuracyInsufficient
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:AccuracyRiskrisk:QualityRiskrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Broader/Parent types risk:QualityInsufficientrisk:QualityRiskrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concepts representing risks and issues where Accuracy is Insufficient
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Accuracy Risk

Term AccuracyRisk Prefix risk
Label Accuracy Risk
IRI https://w3id.org/dpv/risk#AccuracyRisk
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:QualityRiskrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concepts representing risks and issues where Accuracy is Risk
Date Created 2024-12-01
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Accuracy Unknown

Term AccuracyUnknown Prefix risk
Label Accuracy Unknown
IRI https://w3id.org/dpv/risk#AccuracyUnknown
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:AccuracyRiskrisk:QualityRiskrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Broader/Parent types risk:QualityUnknownrisk:QualityRiskrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concepts representing risks and issues where Accuracy is Unknown
Date Created 2024-12-01
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Accuracy Unverified

Term AccuracyUnverified Prefix risk
Label Accuracy Unverified
IRI https://w3id.org/dpv/risk#AccuracyUnverified
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:AccuracyRiskrisk:QualityRiskrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Broader/Parent types risk:QualityUnverifiedrisk:QualityRiskrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concepts representing risks and issues where Accuracy is Unverified
Date Created 2024-12-01
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Age Discrimination

Term AgeDiscrimination Prefix risk
Label Age Discrimination
IRI https://w3id.org/dpv/risk#AgeDiscrimination
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:Discriminationrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Discrimination based on a person's age, often impacting older or younger individuals
Date Created 2024-09-30
See More: section RISK-TAXONOMY in RISK

Authorisation Failure

Term AuthorisationFailure Prefix risk
Label Authorisation Failure
IRI https://w3id.org/dpv/risk#AuthorisationFailure
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:ConfidentialityConcept, risk:IntegrityConcept, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Authorisation Failure
Source ENISa Trust Services Security Incidents 2021
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Availability Breach

Term AvailabilityBreach Prefix risk
Label Availability Breach
IRI https://w3id.org/dpv/risk#AvailabilityBreach
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:AvailabilityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataBreachrisk:SecurityBreachrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing a breach of availability
Date Created 2024-12-17
See More: section RISK-TAXONOMY in RISK

Availability Concept

Term AvailabilityConcept Prefix risk
Label Availability Concept
IRI https://w3id.org/dpv/risk#AvailabilityConcept
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Indicates a concept is relevant to 'Availability' in CIA InfoSec model
Usage Note This concept allows indicating the applicability of Impact dimension to concepts whether they are a risk source, risk, consequence, or impact
Date Created 2024-09-29
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Availability Incident

Term AvailabilityIncident Prefix risk
Label Availability Incident
IRI https://w3id.org/dpv/risk#AvailabilityIncident
Type rdfs:Class, skos:Concept
Broader/Parent types risk:Incidentdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:hasIncident, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Incident where the availability of information or system has been affected
Date Created 2024-05-19
See More: section INCIDENT in RISK

Avoidance Control

Term AvoidanceControl Prefix risk
Label Avoidance Control
IRI https://w3id.org/dpv/risk#AvoidanceControl
Type rdfs:Class, skos:Concept, risk:RiskControl
Broader/Parent types risk:ProactiveControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Subject of relation risk:avoids, risk:controls
Object of relation dpv:hasTechnicalOrganisationalMeasure, dpv:isMitigatedByMeasure, risk:hasControl
Definition Control that avoids an event with the goal of removing it completely
Usage Note Avoiding is distinct from Mitigation and Modification as the goal to avoid an event is to prevent it from occuring at all, whereas mitigation and modification accept an event will occur and focus on managing it
Date Created 2025-01-06
Contributors Harshvardhan J. Pandit
See More: section RISK-CONTROLS in RISK

Avoid Consequence

Term AvoidConsequence Prefix risk
Label Avoid Consequence
IRI https://w3id.org/dpv/risk#AvoidConsequence
Type rdfs:Class, skos:Concept, risk:RiskControl
Broader/Parent types risk:AvoidanceControlrisk:ProactiveControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types risk:ConsequenceControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Subject of relation risk:controls
Object of relation dpv:hasTechnicalOrganisationalMeasure, dpv:isMitigatedByMeasure, risk:hasControl
Definition Control that proactively avoids the consequence such that it has a reduced exposure or applicability in the context
Date Created 2025-01-06
Contributors Harshvardhan J. Pandit
See More: section RISK-CONTROLS in RISK

Avoid Impact

Term AvoidImpact Prefix risk
Label Avoid Impact
IRI https://w3id.org/dpv/risk#AvoidImpact
Type rdfs:Class, skos:Concept, risk:RiskControl
Broader/Parent types risk:AvoidanceControlrisk:ProactiveControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types risk:ImpactControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Subject of relation risk:controls
Object of relation dpv:hasTechnicalOrganisationalMeasure, dpv:isMitigatedByMeasure, risk:hasControl
Definition Control that proactively avoids the impact such that it has a reduced exposure or applicability in the context
Date Created 2025-01-06
Contributors Harshvardhan J. Pandit
See More: section RISK-CONTROLS in RISK

Avoid Source

Term AvoidSource Prefix risk
Label Avoid Source
IRI https://w3id.org/dpv/risk#AvoidSource
Type rdfs:Class, skos:Concept, risk:RiskControl
Broader/Parent types risk:AvoidanceControlrisk:ProactiveControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types risk:SourceControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Subject of relation risk:controls
Object of relation dpv:hasTechnicalOrganisationalMeasure, dpv:isMitigatedByMeasure, risk:hasControl
Definition Control that proactively avoids the risk source such that it has a reduced exposure or applicability in the context
Date Created 2024-05-19
Date Modified 2025-01-06
Contributors Harshvardhan J. Pandit
See More: section RISK-CONTROLS in RISK

Behaviour Distortion

Term BehaviourDistortion Prefix risk
Label Behaviour Distortion
IRI https://w3id.org/dpv/risk#BehaviourDistortion
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:IndividualRiskrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing distortion of behaviour of individual(s)
Date Created 2024-12-01
Contributors Delaram Golpayegani
See More: section RISK-TAXONOMY in RISK

Believes Discrimination

Term BelievesDiscrimination Prefix risk
Label Believes Discrimination
IRI https://w3id.org/dpv/risk#BelievesDiscrimination
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:Discriminationrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Discrimination based on a person's beliefs or practices
Date Created 2024-09-30
See More: section RISK-TAXONOMY in RISK

Benefit

Term Benefit Prefix risk
Label Benefit
IRI https://w3id.org/dpv/risk#Benefit
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:Compensationrisk:Renumerationrisk:FinancialImpactrisk:OrganisationalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing benefits - both material and immaterial
Usage Note Even though benefits is filed under organisational concepts, it can be applied to individuals (humans) and groups which are societal
Date Created 2022-03-23
Date Modified 2024-08-16
Contributors Axel Polleres, Beatriz Esteves, Fajar Ekaputra, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake
See More: section RISK-TAXONOMY in RISK

Bias

Term Bias Prefix risk
Label Bias
IRI https://w3id.org/dpv/risk#Bias
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Bias is defined as the systematic difference in treatment of certain objects, people, or groups in comparison to others
Source
Date Created 2024-09-13
Contributors Daniel Doherty, Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in AI

Blackmail

Term Blackmail Prefix risk
Label Blackmail
IRI https://w3id.org/dpv/risk#Blackmail
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:ConfidentialityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:MaliciousActivityrisk:ExternalSecurityThreatrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Blackmail
Source ISO/IEC 27005:2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Brute Force Authorisations

Term BruteForceAuthorisations Prefix risk
Label Brute Force Authorisations
IRI https://w3id.org/dpv/risk#BruteForceAuthorisations
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:ConfidentialityConcept, risk:IntegrityConcept, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:SecurityAttackrisk:ExternalSecurityThreatrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Brute Force Authorisations i.e. bypassing authorisations through brute forcing techniques
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Caste Discrimination

Term CasteDiscrimination Prefix risk
Label Caste Discrimination
IRI https://w3id.org/dpv/risk#CasteDiscrimination
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:Discriminationrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Discrimination based on a person's caste, a form of social stratification found in some cultures
Date Created 2024-09-30
See More: section RISK-TAXONOMY in RISK

Change Consequence

Term ChangeConsequence Prefix risk
Label Change Consequence
IRI https://w3id.org/dpv/risk#ChangeConsequence
Type rdfs:Class, skos:Concept, risk:RiskControl
Broader/Parent types risk:ConsequenceControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types risk:SubstitutionControlrisk:AvoidanceControlrisk:ProactiveControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Subject of relation risk:controls
Object of relation dpv:hasTechnicalOrganisationalMeasure, dpv:isMitigatedByMeasure, risk:hasControl
Definition Control that proactively changes the consequence event such that one event is replaced with the occurence or applicability of another event in the context
Date Created 2024-05-19
Date Modified 2025-01-06
Contributors Harshvardhan J. Pandit
See More: section RISK-CONTROLS in RISK

Change Impact

Term ChangeImpact Prefix risk
Label Change Impact
IRI https://w3id.org/dpv/risk#ChangeImpact
Type rdfs:Class, skos:Concept, risk:RiskControl
Broader/Parent types risk:ImpactControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types risk:SubstitutionControlrisk:AvoidanceControlrisk:ProactiveControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Subject of relation risk:controls
Object of relation dpv:hasTechnicalOrganisationalMeasure, dpv:isMitigatedByMeasure, risk:hasControl
Definition Control that proactively changes the impact event such that one event is replaced with the occurence or applicability of another event in the context
Date Created 2024-05-19
Date Modified 2025-01-06
Contributors Harshvardhan J. Pandit
See More: section RISK-CONTROLS in RISK

Coercion

Term Coercion Prefix risk
Label Coercion
IRI https://w3id.org/dpv/risk#Coercion
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:ConfidentialityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:MaliciousActivityrisk:ExternalSecurityThreatrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Coercion
Source ENISA Threat Taxonomy 2016
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Cognitive Bias

Term CognitiveBias Prefix risk
Label Cognitive Bias
IRI https://w3id.org/dpv/risk#CognitiveBias
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:Biasrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Bias that occurs when humans are processing and interpreting information
Source
Date Created 2024-09-13
Contributors Daniel Doherty, Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in AI

Compensation

Term Compensation Prefix risk
Label Compensation
IRI https://w3id.org/dpv/risk#Compensation
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:Renumerationrisk:FinancialImpactrisk:OrganisationalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Something that acts as or provides compensation - which can be monetary and financial or in other forms
Date Created 2024-04-14
Date Modified 2024-08-16
Contributors Georg P. Krog, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Component Failure

Term ComponentFailure Prefix risk
Label Component Failure
IRI https://w3id.org/dpv/risk#ComponentFailure
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:AvailabilityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Component Failure
Usage Note Here component refers to both physical and virtual components. The failure of a component may or may not also cause a failure in other related components or the systems they are part of
Date Created 2024-12-01
Contributors Delaram Golpayegani
See More: section RISK-TAXONOMY in RISK

Component Malfunction

Term ComponentMalfunction Prefix risk
Label Component Malfunction
IRI https://w3id.org/dpv/risk#ComponentMalfunction
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:AvailabilityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Component Malfunction
Usage Note Here component refers to both physical and virtual components. The malfunction of a component may or may not also cause a malfunction in other related components or the systems they are part of
Date Created 2024-12-01
Contributors Delaram Golpayegani
See More: section RISK-TAXONOMY in RISK

Compromise Account

Term CompromiseAccount Prefix risk
Label Compromise Account
IRI https://w3id.org/dpv/risk#CompromiseAccount
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:AvailabilityConcept, risk:ConfidentialityConcept, risk:IntegrityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:ExternalSecurityThreatrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing a compromised account that is then used by the compromiser
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Compromise Account Credentials

Term CompromiseAccountCredentials Prefix risk
Label Compromise Account Credentials
IRI https://w3id.org/dpv/risk#CompromiseAccountCredentials
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:ConfidentialityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:ExternalSecurityThreatrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Account Credentials to be compromised
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Confidentiality Breach

Term ConfidentialityBreach Prefix risk
Label Confidentiality Breach
IRI https://w3id.org/dpv/risk#ConfidentialityBreach
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:ConfidentialityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataBreachrisk:SecurityBreachrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing a breach of confidentiality
Source ISO/IEC 27005:2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Confidentiality Concept

Term ConfidentialityConcept Prefix risk
Label Confidentiality Concept
IRI https://w3id.org/dpv/risk#ConfidentialityConcept
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Indicates a concept is relevant to 'Confidentiality' in CIA InfoSec model
Usage Note This concept allows indicating the applicability of Confidentiality dimension to concepts whether they are a risk source, risk, consequence, or impact
Date Created 2024-09-29
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in AI

Confidentiality Incident

Term ConfidentialityIncident Prefix risk
Label Confidentiality Incident
IRI https://w3id.org/dpv/risk#ConfidentialityIncident
Type rdfs:Class, skos:Concept
Broader/Parent types risk:Incidentdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:hasIncident, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Incident where the confidentiality of information or system has been affected
Date Created 2024-05-19
See More: section INCIDENT in RISK

Confirmation Bias

Term ConfirmationBias Prefix risk
Label Confirmation Bias
IRI https://w3id.org/dpv/risk#ConfirmationBias
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:CognitiveBiasrisk:Biasrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Bias that occurs when hypotheses, regardless of their veracity, are more likely to be confirmed by the intentional or unintentional interpretation of information
Source
Date Created 2024-09-13
Contributors Daniel Doherty, Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Confounding Variables Bias

Term ConfoundingVariablesBias Prefix risk
Label Confounding Variables Bias
IRI https://w3id.org/dpv/risk#ConfoundingVariablesBias
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:StatisticalBiasrisk:DataBiasrisk:Biasrisk:TechnicalRiskConceptdpv:RiskConcept
Broader/Parent types risk:StatisticalBiasrisk:DataBiasrisk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Bias that occurs as a confounding variable that influences both the dependent variable and independent variable causing a spurious association
Source
Date Created 2024-09-13
Contributors Daniel Doherty, Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Consequence Control

Term ConsequenceControl Prefix risk
Label Consequence Control
IRI https://w3id.org/dpv/risk#ConsequenceControl
Type rdfs:Class, skos:Concept, risk:RiskControl
Broader/Parent types risk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Subject of relation risk:controls
Object of relation dpv:hasTechnicalOrganisationalMeasure, dpv:isMitigatedByMeasure, risk:hasControl
Definition Risk control for managing consequences
Date Created 2024-05-19
Date Modified 2025-01-06
Contributors Harshvardhan J. Pandit
See More: section RISK-CONTROLS in RISK

Containment Control

Term ContainmentControl Prefix risk
Label Containment Control
IRI https://w3id.org/dpv/risk#ContainmentControl
Type rdfs:Class, skos:Concept, risk:RiskControl
Broader/Parent types risk:ReductionControlrisk:ReactiveControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Subject of relation risk:contains, risk:controls
Object of relation dpv:hasTechnicalOrganisationalMeasure, dpv:isMitigatedByMeasure, risk:hasControl
Definition Control that aims to contain the event in terms of limiting its occurence or effects
Usage Note Containment implies either changing the event or the context such that the event's effects are restricted, such as by establishing a physical or digital boundary within which the effects can occur or to prevent the effects from affecting things inside the boundary
Date Created 2024-05-19
Date Modified 2025-01-06
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-CONTROLS in RISK

Copyright Violation

Term CopyrightViolation Prefix risk
Label Copyright Violation
IRI https://w3id.org/dpv/risk#CopyrightViolation
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk
Broader/Parent types risk:LegalComplianceRiskrisk:LegalRiskConceptdpv:RiskConcept
Broader/Parent types risk:ViolatingObligationrisk:PolicyRiskrisk:LegalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Copyright Violation
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Coverage Bias

Term CoverageBias Prefix risk
Label Coverage Bias
IRI https://w3id.org/dpv/risk#CoverageBias
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:SelectionBiasrisk:StatisticalBiasrisk:DataBiasrisk:Biasrisk:TechnicalRiskConceptdpv:RiskConcept
Broader/Parent types risk:SelectionBiasrisk:StatisticalBiasrisk:DataBiasrisk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Bias that occurs when a population represented in a dataset does not match the actual or real population that are being used
Source
Date Created 2024-09-13
Contributors Daniel Doherty, Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Cross-Border Incident

Term CrossBorderIncident Prefix risk
Label Cross-Border Incident
IRI https://w3id.org/dpv/risk#CrossBorderIncident
Type rdfs:Class, skos:Concept
Broader/Parent types risk:Incidentdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:hasIncident, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Incident involving cross-border or multiple jurisdictions
Date Created 2024-05-19
See More: section INCIDENT in RISK

Cryptojacking

Term Cryptojacking Prefix risk
Label Cryptojacking
IRI https://w3id.org/dpv/risk#Cryptojacking
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:AvailabilityConcept, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:SecurityAttackrisk:ExternalSecurityThreatrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Cryptojacking
Source ENISA Threat Landscape 2021
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Customer Support Limited

Term CustomerSupportLimited Prefix risk
Label Customer Support Limited
IRI https://w3id.org/dpv/risk#CustomerSupportLimited
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:ServiceRelatedConsequencerisk:OrganisationalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing customer support to be limited
Date Created 2024-10-21
See More: section RISK-TAXONOMY in RISK

Damage

Term Damage Prefix risk
Label Damage
IRI https://w3id.org/dpv/risk#Damage
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:LegallyRelevantConsequencerisk:LegalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Damage
Date Created 2022-03-30
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Aggregation Bias

Term DataAggregationBias Prefix risk
Label Data Aggregation Bias
IRI https://w3id.org/dpv/risk#DataAggregationBias
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataBiasrisk:Biasrisk:TechnicalRiskConceptdpv:RiskConcept
Broader/Parent types risk:DataBiasrisk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Bias that occurs when aggregating data covering different groups of objects has different statistical distributions that introduce bias into the data
Source
Date Created 2024-09-13
Contributors Daniel Doherty, Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Bias

Term DataBias Prefix risk
Label Data Bias
IRI https://w3id.org/dpv/risk#DataBias
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:Biasrisk:TechnicalRiskConceptdpv:RiskConcept
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Bias that occurs when data properties that if unaddressed lead to systems that perform better or worse for different groups
Source
Date Created 2024-09-13
Contributors Daniel Doherty, Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Breach

Term DataBreach Prefix risk
Label Data Breach
IRI https://w3id.org/dpv/risk#DataBreach
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:AvailabilityConcept, risk:ConfidentialityConcept, risk:IntegrityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:SecurityBreachrisk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Data Breach
Examples dex:E0069 :: Using DPV and RISK extension to represent incidents
dex:E0071 :: Using risk controls to express how tech/org measures address the risk
Source ISO/IEC 27005:2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in DEX

Data Collection Error

Term DataCollectionError Prefix risk
Label Data Collection Error
IRI https://w3id.org/dpv/risk#DataCollectionError
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataProcessingErrorrisk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing error related to data collection
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Corruption

Term DataCorruption Prefix risk
Label Data Corruption
IRI https://w3id.org/dpv/risk#DataCorruption
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:IntegrityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Corruption of Data
Usage Note This concept was called "Corruption Data" in DPV 2.0
Source ISO/IEC 27005:2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Erasure Error

Term DataErasureError Prefix risk
Label Data Erasure Error
IRI https://w3id.org/dpv/risk#DataErasureError
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataProcessingErrorrisk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing error related to data erasure
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Inaccurate

Term DataInaccurate Prefix risk
Label Data Inaccurate
IRI https://w3id.org/dpv/risk#DataInaccurate
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being inaccurate
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Incomplete

Term DataIncomplete Prefix risk
Label Data Incomplete
IRI https://w3id.org/dpv/risk#DataIncomplete
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being incomplete
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Inconsistent

Term DataInconsistent Prefix risk
Label Data Inconsistent
IRI https://w3id.org/dpv/risk#DataInconsistent
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being inconsistent
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Misclassified

Term DataMisclassified Prefix risk
Label Data Misclassified
IRI https://w3id.org/dpv/risk#DataMisclassified
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being misclassified
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Misinterpretation

Term DataMisinterpretation Prefix risk
Label Data Misinterpretation
IRI https://w3id.org/dpv/risk#DataMisinterpretation
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being misinterpretation
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Noise

Term DataNoise Prefix risk
Label Data Noise
IRI https://w3id.org/dpv/risk#DataNoise
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being noise
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Outdated

Term DataOutdated Prefix risk
Label Data Outdated
IRI https://w3id.org/dpv/risk#DataOutdated
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being outdated
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Preparation Error

Term DataPreparationError Prefix risk
Label Data Preparation Error
IRI https://w3id.org/dpv/risk#DataPreparationError
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataProcessingErrorrisk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing error related to data preparation
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Processing Bias

Term DataProcessingBias Prefix risk
Label Data Processing Bias
IRI https://w3id.org/dpv/risk#DataProcessingBias
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataBiasrisk:Biasrisk:TechnicalRiskConceptdpv:RiskConcept
Broader/Parent types risk:DataBiasrisk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Bias that occurs due to pre-processing (or post-processing) of data, even though the original data would not have led to any bias
Source
Date Created 2024-09-13
Contributors Daniel Doherty, Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Processing Error

Term DataProcessingError Prefix risk
Label Data Processing Error
IRI https://w3id.org/dpv/risk#DataProcessingError
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing operational error in the processing of data
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Risk

Term DataRisk Prefix risk
Label Data Risk
IRI https://w3id.org/dpv/risk#DataRisk
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Risks and risk concepts related to data
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data SelectionError

Term DataSelectionError Prefix risk
Label Data SelectionError
IRI https://w3id.org/dpv/risk#DataSelectionError
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataProcessingErrorrisk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing an error in data selection
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Sparse

Term DataSparse Prefix risk
Label Data Sparse
IRI https://w3id.org/dpv/risk#DataSparse
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being sparse
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Storage Error

Term DataStorageError Prefix risk
Label Data Storage Error
IRI https://w3id.org/dpv/risk#DataStorageError
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataProcessingErrorrisk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing error related to data storage
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Transfer Error

Term DataTransferError Prefix risk
Label Data Transfer Error
IRI https://w3id.org/dpv/risk#DataTransferError
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataProcessingErrorrisk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing error related to data transfer
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Unavailable

Term DataUnavailable Prefix risk
Label Data Unavailable
IRI https://w3id.org/dpv/risk#DataUnavailable
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being unavailable
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Unrepresentative

Term DataUnrepresentative Prefix risk
Label Data Unrepresentative
IRI https://w3id.org/dpv/risk#DataUnrepresentative
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being unrepresentative
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Unstructured

Term DataUnstructured Prefix risk
Label Data Unstructured
IRI https://w3id.org/dpv/risk#DataUnstructured
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being unstructured
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Data Unverified

Term DataUnverified Prefix risk
Label Data Unverified
IRI https://w3id.org/dpv/risk#DataUnverified
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DataRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing data being unverified
Date Created 2024-12-01
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Delayed Application Processing

Term DelayedApplicationProcessing Prefix risk
Label Delayed Application Processing
IRI https://w3id.org/dpv/risk#DelayedApplicationProcessing
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:ServiceRelatedConsequencerisk:OrganisationalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing delayed processing of applications
Date Created 2024-10-21
See More: section RISK-TAXONOMY in RISK

Deliberate Incident

Term DeliberateIncident Prefix risk
Label Deliberate Incident
IRI https://w3id.org/dpv/risk#DeliberateIncident
Type rdfs:Class, skos:Concept
Broader/Parent types risk:Incidentdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:hasIncident, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Incident caused due to deliberate actions of a human
Date Created 2024-05-19
See More: section INCIDENT in RISK

Denial of Service Attack (DoS)

Term DenialServiceAttack Prefix risk
Label Denial of Service Attack (DoS)
IRI https://w3id.org/dpv/risk#DenialServiceAttack
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:AvailabilityConcept, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:SecurityAttackrisk:ExternalSecurityThreatrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Denial of Service Attack (DoS)
Source ISO/IEC 27005:2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Detection Control

Term DetectionControl Prefix risk
Label Detection Control
IRI https://w3id.org/dpv/risk#DetectionControl
Type rdfs:Class, skos:Concept, risk:RiskControl
Broader/Parent types risk:MonitorControlrisk:ProactiveControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Subject of relation risk:controls, risk:detects
Object of relation dpv:hasTechnicalOrganisationalMeasure, dpv:isMitigatedByMeasure, risk:hasControl
Definition Control that detects an event
Usage Note Detection refers to the observation, derivation, inference, or any other method for drawing conclusions that an event has occurred or is likely to occur with a given certainty. For controls that identify information about the event in terms of metrics or characteristics, see risk:IdentificationControl
Date Created 2024-05-19
Date Modified 2025-01-06
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-CONTROLS in RISK

Detriment

Term Detriment Prefix risk
Label Detriment
IRI https://w3id.org/dpv/risk#Detriment
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:LegallyRelevantConsequencerisk:LegalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Detriment
Date Created 2022-03-23
Date Modified 2024-08-16
Contributors Beatriz Esteves, Fajar Ekaputra, Georg P. Krog, Harshvardhan J. Pandit, Julian Flake
See More: section RISK-TAXONOMY in RISK

Direct Discrimination

Term DirectDiscrimination Prefix risk
Label Direct Discrimination
IRI https://w3id.org/dpv/risk#DirectDiscrimination
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:Discriminationrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Occurs when a person is treated less favorably than another in a comparable situation based on a protected characteristic (e.g., race, sex, disability)
Date Created 2024-09-30
See More: section RISK-TAXONOMY in RISK

Disability Discrimination

Term DisabilityDiscrimination Prefix risk
Label Disability Discrimination
IRI https://w3id.org/dpv/risk#DisabilityDiscrimination
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:Discriminationrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Discrimination against individuals based on physical or mental disabilities
Date Created 2024-09-30
See More: section RISK-TAXONOMY in RISK

Discrimination

Term Discrimination Prefix risk
Label Discrimination
IRI https://w3id.org/dpv/risk#Discrimination
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Discrimination is the treatment of a person or particular group of people differently, in a way that is worse than the way people are usually treate
Date Created 2024-09-30
Contributors Georg P. Krog
See More: section RISK-TAXONOMY in RISK

Disproportionate Energy Consumption

Term DisproportionateEnergyConsumption Prefix risk
Label Disproportionate Energy Consumption
IRI https://w3id.org/dpv/risk#DisproportionateEnergyConsumption
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:EnvironmentalRiskrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition The occurence or potential occurence of disproportionate energy consumption when considering the value obtained from undertaking the activity and the amount of energy being utilised
Date Created 2024-10-21
See More: section RISK-TAXONOMY in RISK

Distributed Denial of Service Attack (DDoS)

Term DistributedDenialServiceAttack Prefix risk
Label Distributed Denial of Service Attack (DDoS)
IRI https://w3id.org/dpv/risk#DistributedDenialServiceAttack
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:AvailabilityConcept, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:DenialServiceAttackrisk:SecurityAttackrisk:ExternalSecurityThreatrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Distributed Denial of Service Attack (DDoS)
Source ISO/IEC 27005:2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Earthquake

Term Earthquake Prefix risk
Label Earthquake
IRI https://w3id.org/dpv/risk#Earthquake
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:EnvironmentalRiskrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition The occurence or potential occurence of earthquakes
Date Created 2024-10-21
See More: section RISK-TAXONOMY in RISK

Elimination Control

Term EliminationControl Prefix risk
Label Elimination Control
IRI https://w3id.org/dpv/risk#EliminationControl
Type rdfs:Class, skos:Concept, risk:RiskControl
Broader/Parent types risk:AvoidanceControlrisk:ProactiveControlrisk:RiskControldpv:RiskMitigationMeasuredpv:TechnicalOrganisationalMeasure
Subject of relation risk:controls, risk:eliminates
Object of relation dpv:hasTechnicalOrganisationalMeasure, dpv:isMitigatedByMeasure, risk:hasControl
Definition Control that eliminates an event entirely such that the event does not occur
Usage Note Elimination requires the event's likelihood to be reduced to zero such that the event cannot occur in the context. This can be done by establishing methods to prevent the event from occuring (e.g. gatekeeping filters) or by changing the underlying context context (e.g. replacing faulty device). The difference between risk:ModificationControl and risk:EliminationControl is that modification works to change the event characteristics whereas elimination works on the context to prevent the event
Date Created 2025-01-06
Contributors Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-CONTROLS in RISK

Environmental Incident

Term EnvironmentalIncident Prefix risk
Label Environmental Incident
IRI https://w3id.org/dpv/risk#EnvironmentalIncident
Type rdfs:Class, skos:Concept
Broader/Parent types risk:Incidentdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:hasIncident, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Incident caused due to environmental factors outside human controls
Date Created 2024-05-19
See More: section INCIDENT in RISK

Environmental Risk

Term EnvironmentalRisk Prefix risk
Label Environmental Risk
IRI https://w3id.org/dpv/risk#EnvironmentalRisk
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Risks and issues that have their origin in environment or can affect the environment at large
Date Created 2024-10-21
See More: section RISK-TAXONOMY in RISK

Equipment Failure

Term EquipmentFailure Prefix risk
Label Equipment Failure
IRI https://w3id.org/dpv/risk#EquipmentFailure
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:AvailabilityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Equipment Failure
Usage Note Here equipment refers to physical equipment
Source ISO/IEC 27005:2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Equipment Malfunction

Term EquipmentMalfunction Prefix risk
Label Equipment Malfunction
IRI https://w3id.org/dpv/risk#EquipmentMalfunction
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:AvailabilityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:OperationalSecurityRiskrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Equipment Malfunction
Usage Note Here equipment refers to physical equipment
Source ISO/IEC 27005:2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Erroneous Use

Term ErroneousUse Prefix risk
Label Erroneous Use
IRI https://w3id.org/dpv/risk#ErroneousUse
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:UserRisksrisk:OrganisationalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing erroneous use (of something)
Source ISO/IEC 27005:2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Ethnic Discrimination

Term EthnicDiscrimination Prefix risk
Label Ethnic Discrimination
IRI https://w3id.org/dpv/risk#EthnicDiscrimination
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:Racismrisk:Discriminationrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Discrimination against individuals based on their ethnicity or cultural heritage
Date Created 2024-09-30
See More: section RISK-TAXONOMY in RISK

Excellence Discrimination

Term ExcellenceDiscrimination Prefix risk
Label Excellence Discrimination
IRI https://w3id.org/dpv/risk#ExcellenceDiscrimination
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:Discriminationrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Favoritism towards individuals deemed more competent or superior, often at the expense of others
Date Created 2024-09-30
See More: section RISK-TAXONOMY in RISK

Exposure to Harmful Speech

Term ExposureToHarmfulSpeech Prefix risk
Label Exposure to Harmful Speech
IRI https://w3id.org/dpv/risk#ExposureToHarmfulSpeech
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:MentalHealthrisk:Healthrisk:HealthSafetyrisk:IndividualRiskrisk:SocietalRiskConceptdpv:RiskConcept
Broader/Parent types risk:Wellbeingrisk:HealthSafetyrisk:IndividualRiskrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Harmful Speech
Usage Note This concept was called "HarmfulSpeech" in DPV 2.0
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

External Security Threat

Term ExternalSecurityThreat Prefix risk
Label External Security Threat
IRI https://w3id.org/dpv/risk#ExternalSecurityThreat
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concepts associated with security threats that are likely to originate externally
Date Created 2024-12-17
See More: section RISK-TAXONOMY in RISK

Extorsion

Term Extorsion Prefix risk
Label Extorsion
IRI https://w3id.org/dpv/risk#Extorsion
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:ConfidentialityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:MaliciousActivityrisk:ExternalSecurityThreatrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Extorsion
Source ENISA Threat Taxonomy 2016
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Extremely High Likelihood

Term ExtremelyHighLikelihood Prefix risk
Label Extremely High Likelihood
IRI https://w3id.org/dpv/risk#ExtremelyHighLikelihood
Type rdfs:Class, skos:Concept, dpv:Likelihood
Broader/Parent types risk:7LikelihoodLevelsdpv:Likelihood
Object of relation dpv:hasLikelihood
Definition Level where Likelihood is Extremely High
Usage Note The suggested quantitative value for this concept is 0.99 on a scale of 0 to 1
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

Extremely High Risk

Term ExtremelyHighRisk Prefix risk
Label Extremely High Risk
IRI https://w3id.org/dpv/risk#ExtremelyHighRisk
Type rdfs:Class, skos:Concept, dpv:RiskLevel
Broader/Parent types risk:7RiskLevelsdpv:RiskLevel
Object of relation dpv:hasRiskLevel
Definition Level where Risk is Extremely High
Usage Note The suggested quantitative value for this concept is 0.99 on a scale of 0 to 1
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

Extremely High Severity

Term ExtremelyHighSeverity Prefix risk
Label Extremely High Severity
IRI https://w3id.org/dpv/risk#ExtremelyHighSeverity
Type rdfs:Class, skos:Concept, dpv:Severity
Broader/Parent types risk:7SeverityLevelsdpv:Severity
Object of relation dpv:hasSeverity
Definition Level where Severity is Extremely High
Usage Note The suggested quantitative value for this concept is 0.99 on a scale of 0 to 1
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

Extremely Low Likelihood

Term ExtremelyLowLikelihood Prefix risk
Label Extremely Low Likelihood
IRI https://w3id.org/dpv/risk#ExtremelyLowLikelihood
Type rdfs:Class, skos:Concept, dpv:Likelihood
Broader/Parent types risk:7LikelihoodLevelsdpv:Likelihood
Object of relation dpv:hasLikelihood
Definition Level where Likelihood is Extremely Low
Usage Note The suggested quantitative value for this concept is 0.01 on a scale of 0 to 1
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

Extremely Low Risk

Term ExtremelyLowRisk Prefix risk
Label Extremely Low Risk
IRI https://w3id.org/dpv/risk#ExtremelyLowRisk
Type rdfs:Class, skos:Concept, dpv:RiskLevel
Broader/Parent types risk:7RiskLevelsdpv:RiskLevel
Object of relation dpv:hasRiskLevel
Definition Level where Risk is Extremely Low
Usage Note The suggested quantitative value for this concept is 0.01 on a scale of 0 to 1
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

Extremely Low Severity

Term ExtremelyLowSeverity Prefix risk
Label Extremely Low Severity
IRI https://w3id.org/dpv/risk#ExtremelyLowSeverity
Type rdfs:Class, skos:Concept, dpv:Severity
Broader/Parent types risk:7SeverityLevelsdpv:Severity
Object of relation dpv:hasSeverity
Definition Level where Severity is Extremely Low
Usage Note The suggested quantitative value for this concept is 0.01 on a scale of 0 to 1
Date Created 2022-08-18
Contributors Harshvardhan J. Pandit
See More: section RISK-LEVELS in RISK

Financial Impact

Term FinancialImpact Prefix risk
Label Financial Impact
IRI https://w3id.org/dpv/risk#FinancialImpact
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:OrganisationalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Things that cause or have the potential to impact financial resources
Date Created 2024-10-21
See More: section RISK-TAXONOMY in RISK

Financial Loss

Term FinancialLoss Prefix risk
Label Financial Loss
IRI https://w3id.org/dpv/risk#FinancialLoss
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:FinancialImpactrisk:OrganisationalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Financial Loss which may be actual loss of existing financial assets or hypothetical loss of financial opportunity
Source ISO/IEC 27005:2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Floods

Term Floods Prefix risk
Label Floods
IRI https://w3id.org/dpv/risk#Floods
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:EnvironmentalRiskrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition The occurence or potential occurence of floods
Date Created 2024-10-21
See More: section RISK-TAXONOMY in RISK

Fraud

Term Fraud Prefix risk
Label Fraud
IRI https://w3id.org/dpv/risk#Fraud
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:ConfidentialityConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:MaliciousActivityrisk:ExternalSecurityThreatrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Concept representing Fraud
Source ISO/IEC 27005:2018
Date Created 2022-08-17
Date Modified 2024-08-16
Contributors Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Gender Discrimination

Term GenderDiscrimination Prefix risk
Label Gender Discrimination
IRI https://w3id.org/dpv/risk#GenderDiscrimination
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:Sexismrisk:Discriminationrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Discrimination based on a person's gender identity or gender expression
Date Created 2024-09-30
See More: section RISK-TAXONOMY in RISK

Geographic Discrimination

Term GeographicDiscrimination Prefix risk
Label Geographic Discrimination
IRI https://w3id.org/dpv/risk#GeographicDiscrimination
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:Discriminationrisk:SocietalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Discrimination based on a person's geographical origin or residence
Date Created 2024-09-30
See More: section RISK-TAXONOMY in RISK

Group Attribution Bias

Term GroupAttributionBias Prefix risk
Label Group Attribution Bias
IRI https://w3id.org/dpv/risk#GroupAttributionBias
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialRisk, risk:PotentialRiskSource
Broader/Parent types risk:CognitiveBiasrisk:Biasrisk:TechnicalRiskConceptdpv:RiskConcept
Object of relation risk:avoids, risk:contains, risk:controls, risk:detects, risk:eliminates, risk:identifies, risk:interrupts, risk:intervenes, risk:investigates, risk:logs, risk:mitigates, risk:modifies, risk:monitors, risk:overrides, risk:recovers, risk:reduces, risk:remedies, risk:resolves, risk:reverses, risk:shares, risk:substitutes, risk:transfers
Definition Bias that occurs when a human assumes that what is true for an individual or object is also true for everyone, or all objects, in that group
Source
Date Created 2024-09-13
Contributors Daniel Doherty, Delaram Golpayegani, Harshvardhan J. Pandit
See More: section RISK-TAXONOMY in RISK

Group Health & Safety

Term GroupHealthSafety Prefix risk
Label Group Health & Safety
IRI https://w3id.org/dpv/risk#GroupHealthSafety
Type rdfs:Class, skos:Concept, dpv:RiskConcept, risk:PotentialConsequence, risk:PotentialImpact, risk:PotentialRisk
Broader/Parent types risk:GroupRiskrisk:SocietalRiskConceptdpv:RiskConcept
Broader/Parent types risk:HealthSafetyrisk:IndividualRiskrisk:SocietalRiskConcept