FORISK: Formalizing information security risk and compliance management

Author

Fenz, Stefan ; Neubauer, Thomas ; Accorsi, Rafael ; Koslowski, Thomas

Author_Institution

Vienna Univ. of Technol., Vienna, Austria

fYear

2013

fDate

24-27 June 2013

Firstpage

1

Lastpage

4

Abstract

Regulatory frameworks and economic pressure demand decision makers to define mitigation strategies for their operational IT risks. However, recent studies indicate the lack of IS knowledge at the management level is one reason for inadequate or nonexistent IS risk management strategies because existing approaches fall short of meeting decision makers´ needs. This paper presents the FORISK project that provides a new approach to support decision makers in interactively defining the optimal set of resilient measures and security controls according to regulations and standards. FORISK addresses three essential, yet unsolved research problems: (i) the formal representation of IS standards and domain knowledge, (ii) the reliable risk determination, (iii) and the (semi-)automated countermeasure definition.

Keywords

information systems; risk management; security of data; FORISK project; IS knowledge; IS risk management strategies; IS standards; compliance management; domain knowledge; economic pressure; information security risk formalization; mitigation strategies; operational IT risks; regulatory frameworks; reliable risk determination; security controls; semiautomated countermeasure definition; Information security; Organizations; Risk management; Standards organizations; compliance management; information security; resilience management; semantic technolgies;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable Systems and Networks Workshop (DSN-W), 2013 43rd Annual IEEE/IFIP Conference on

Conference_Location

Budapest

ISSN

2325-6648

Type

conf

DOI

10.1109/DSNW.2013.6615533

Filename

6615533