ICT Call 2012ICT12-019

Formalizing Information Security Risk and Compliance Management


Formalizing Information Security Risk and Compliance Management
Principal Investigator:
Status:
Completed (01.01.2013 – 31.03.2016)
Funding volume:
€ 490,000

 
Abstract:

Since the vast majority of business decisions is based on data, reliable information technology is a prerequisite for business continuity and, therefore, crucial for the entire economy. Legal and regulative frameworks demand decision makers to define mitigation strategies for their operational IT risks, but existing approaches fall short of meeting their needs. Recent studies have shown that the lack of IS knowledge at the management level is one reason for inadequate or nonexistent IS risk management strategies. This project pursues to close this essential research gap by providing a new approach to support decision makers in interactively defining the optimal set of security controls according to common regulations and standards. The proposed project addresses three essential yet unsolved research problems, namely (i) the formal representation of IS standards and domain knowledge, (ii) the reliable determination of the risk, (iii) and the (semi-) automatic countermeasure definition.

 

We use cookies on our website. Some of them are technically necessary, while others help us to improve this website or provide additional functionalities. Further information