ICT Call 2012ICT12-019

Formalizing Information Security Risk and Compliance Management

Formalizing Information Security Risk and Compliance Management
Principal Investigator:
Abgeschlossen (01.01.2013 – 31.03.2016)
€ 490.000

Since the vast majority of business decisions is based on data, reliable information technology is a prerequisite for business continuity and, therefore, crucial for the entire economy. Legal and regulative frameworks demand decision makers to define mitigation strategies for their operational IT risks, but existing approaches fall short of meeting their needs. Recent studies have shown that the lack of IS knowledge at the management level is one reason for inadequate or nonexistent IS risk management strategies. This project pursues to close this essential research gap by providing a new approach to support decision makers in interactively defining the optimal set of security controls according to common regulations and standards. The proposed project addresses three essential yet unsolved research problems, namely (i) the formal representation of IS standards and domain knowledge, (ii) the reliable determination of the risk, (iii) and the (semi-) automatic countermeasure definition.


Wir nutzen Cookies auf unserer Website. Einige von ihnen sind technisch notwendig, während andere uns helfen, diese Website zu verbessern oder zusätzliche Funktionalitäten zur Verfügung zu stellen. Weitere Informationen