Title :
FORISK: Formalizing information security risk and compliance management
Author :
Fenz, Stefan ; Neubauer, Thomas ; Accorsi, Rafael ; Koslowski, Thomas
Author_Institution :
Vienna Univ. of Technol., Vienna, Austria
Abstract :
Regulatory frameworks and economic pressure demand decision makers to define mitigation strategies for their operational IT risks. However, recent studies indicate the lack of IS knowledge at the management level is one reason for inadequate or nonexistent IS risk management strategies because existing approaches fall short of meeting decision makers´ needs. This paper presents the FORISK project that provides a new approach to support decision makers in interactively defining the optimal set of resilient measures and security controls according to regulations and standards. FORISK addresses three essential, yet unsolved research problems: (i) the formal representation of IS standards and domain knowledge, (ii) the reliable risk determination, (iii) and the (semi-)automated countermeasure definition.
Keywords :
information systems; risk management; security of data; FORISK project; IS knowledge; IS risk management strategies; IS standards; compliance management; domain knowledge; economic pressure; information security risk formalization; mitigation strategies; operational IT risks; regulatory frameworks; reliable risk determination; security controls; semiautomated countermeasure definition; Information security; Organizations; Risk management; Standards organizations; compliance management; information security; resilience management; semantic technolgies;
Conference_Titel :
Dependable Systems and Networks Workshop (DSN-W), 2013 43rd Annual IEEE/IFIP Conference on
Conference_Location :
Budapest
DOI :
10.1109/DSNW.2013.6615533
