The Basel Committee has published an accompanying explanatory note to provide a non-technical description of the overall market risk framework, the changes that have been incorporated into in this version of the framework and impact of the framework. The note also sets out a number of worked examples to illustrate the application of the framework's standardised approach.
Our service provided indicated that when they tested Face-to-Face Module they identified a major security risk (hole) and alerted us that Face-to-Face Module was not safe to run/install. We are running Moodle 1.9.11. Could anyone shed some light on this? Is there a fix? This module does exactly what we need and we would like to use it. Thanks!
Identifying individuals with hereditary syndromes allows for improved cancer surveillance, risk reduction, and optimized management. Establishing criteria for assessment allows for the identification of individuals who are carriers of pathogenic genetic variants. The NCCN Guidelines for Genetic/Familial High-Risk Assessment: Colorectal provide recommendations for the assessment and management of patients with high-risk colorectal cancer syndromes. These NCCN Guidelines Insights focus on criteria for the evaluation of Lynch syndrome and considerations for use of multigene testing in the assessment of hereditary colorectal cancer syndromes.
The NCCN Clinical Practice Guidelines in Oncology for Genetic/Familial High-Risk Assessment: Breast and Ovarian provide recommendations for genetic testing and counseling for hereditary cancer syndromes and risk management recommendations for patients who are diagnosed with a syndrome. Guidelines focus on syndromes associated with an increased risk of breast and/or ovarian cancer. The NCCN Genetic/Familial High-Risk Assessment: Breast and Ovarian panel meets at least annually to review comments from reviewers within their institutions, examine relevant new data from publications and abstracts, and reevaluate and update their recommendations. The NCCN Guidelines Insights summarize the panel's discussion and most recent recommendations regarding risk management for carriers of moderately penetrant genetic mutations associated with breast and/or ovarian cancer.
Data and Methodology Changes
Website Changes
Learn about the risk equation supporting the Risk Index
Understanding Scores and Ratings
For comprehensive details about the current methodology, see the National Risk Index Technical Documentation.
For comprehensive details about the changes in methodologies and data sources from each version, see theNational Risk Index Data Version and Update Documentation.
This risk assessment form is a tool to guide an analysis of the security, health and safety, legal, financial and reputational risks to organizations when considering organizing, participating, facilitating or endorsing a specific act of civil disobedience. It includes a framework for a risk and impact assessment.
In collaboration with the private and public sectors, NIST has developed a framework to better manage risks to individuals, organizations, and society associated with artificial intelligence (AI). The NIST AI Risk Management Framework (AI RMF) is intended for voluntary use and to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.
Released on January 26, 2023, the Framework was developed through a consensus-driven, open, transparent, and collaborative process that included a Request for Information, several draft versions for public comments, multiple workshops, and other opportunities to provide input. It is intended to build on, align with, and support AI risk management efforts by others.
There will always be risk with any architecture/business transformation effort. It is important to identify, classify, andmitigate these risks before starting so that they can be tracked throughout the transformation effort.
Mitigation is an ongoing effort and often the risk triggers may be outside the scope of the transformation planners (e.g.,merger, acquisition) so planners must monitor the transformation context constantly.
It is also important to note that the Enterprise Architect may identify the risks and mitigate certain ones, but it is withinthe governance framework that risks have to be first accepted and then managed.
Risk is pervasive in any Enterprise Architecture activity and is present in all phases within the Architecture DevelopmentMethod (ADM). From a management perspective, it is useful to classify the risks so that the mitigation of the risks can be executedas expeditiously as possible.
One common way for risks to be classified is with respect to impact on the organization (as discussed in 27.4 Initial Risk Assessment), whereby risks with certain impacts have to be addressed by certain levels ofgovernance.
Risks are normally classified as time (schedule), cost (budget), and scope but they could also include client transformationrelationship risks, contractual risks, technological risks, scope and complexity risks, environmental (corporate) risks, personnelrisks, and client acceptance risks.
Another way of delegating risk management is to further classify risks by architecture domains. Classifying risks as business,information, applications, and technology is useful but there may be organizationally-specific ways of expressing risk that thecorporate Enterprise Architecture directorate should adopt or extend rather than modify.
The use of Capability Maturity Models (CMMs) is suitable for specific factors associated with architecture delivery to firstidentify baseline and target states and then identify the actions required to move to the target state. The implications ofnot achieving the target state can result in the discovery of risks. Refer to 26. BusinessTransformation Readiness Assessment for specific details.
Normally these methodologies involve procedures for contingency planning, tracking and evaluating levels of risk, reacting tochanging risk level factors, as well as processes for documenting, reporting, and communicating risks to stakeholders.
The next step is to classify risks with respect to effect and frequency in accordance with scales used within the organization.Combine effect and frequency to come up with a preliminary risk assessment.
There are no hard and fast rules with respect to measuring effect and frequency. The following guidelines are based uponexisting risk management best practices. Effect could be assessed using the following example criteria:
Combining the two factors to infer impact would be conducted using a heuristically-based but consistent classification schemefor the risks. A potential scheme to assess corporate impact could be as follows:
The mitigation effort could be a simple monitoring and/or acceptance of the risk to a full-blown contingency plan calling forcomplete redundancy in a Business Continuity Plan (with all of the associated scope, cost, and time implications).
Once the mitigation effort has been identified for each one of the risks, re-assess the effect and frequency and thenrecalculate the impacts and see whether the mitigation effort has really made an acceptable difference. The mitigation efforts willoften be resource-intensive and a major outlay for little or no residual risk should be challenged.
Once the initial risk is mitigated, then the risk that remains is called the "residual risk". The key consideration is that themitigating effort actually reduces the corporate impact and does not just move the risk to another similarly high quadrant. Forexample, changing the risk from frequent/catastrophic to frequent/critical still delivers an Extremely high risk. If this occurs,then the mitigation effort has to be re-considered.
Risk management is an integral part of Enterprise Architecture. Practitioners are encouraged to use their corporate riskmanagement methodology or extend it using the guidance in this chapter. In the absence of a formal corporate methodology,architects can use the guidance in this chapter as a best practice.
return to top of page