ICT Call 2012 / ICT12-019
Stefan Fenz
Principal Investigator:
Stefan Fenz Personal webpage
Vienna University of Technology Webpage
Formalizing Information Security Risk and Compliance Management Project Webpage
Weitere ProjektpartnerInnen:
Günter Müller (Albert-Ludwigs-Universität Freiburg)
Abgeschlossen (01.01.2013 – 31.03.2016) 39 Monate
€ 490.000


Since the vast majority of business decisions is based on data, reliable information technology is a prerequisite for business continuity and, therefore, crucial for the entire economy. Legal and regulative frameworks demand decision makers to define mitigation strategies for their operational IT risks, but existing approaches fall short of meeting their needs. Recent studies have shown that the lack of IS knowledge at the management level is one reason for inadequate or nonexistent IS risk management strategies. This project pursues to close this essential research gap by providing a new approach to support decision makers in interactively defining the optimal set of security controls according to common regulations and standards. The proposed project addresses three essential yet unsolved research problems, namely (i) the formal representation of IS standards and domain knowledge, (ii) the reliable determination of the risk, (iii) and the (semi-) automatic countermeasure definition.


Diese Seite verwendet Cookies. Durch das Nutzen dieser Seite sind Sie mit der Verwendung von Cookies einverstanden. Details finden Sie hier.