Workshop: ISRM - Information Security Risk Management
Risk Management and Risk Assessment are the core processes for the establishment of security, both at operational and technical level:
Risk Management is the process of weighting policy alternatives by selecting appropriate prevention and control options. This definition holds true for variety of Risk Management solution, e.g. in the areas of corporate governance, information technology, critical infrastructure protection, environment, project management, etc.
Risk Assessment stands for the central process aiming at the technical and scientific identification, classification and mitigation of IT risks via the deployment of measures for the protection of IT-assets at risks (i.e. the .valuable assets of an organization). Various security standards and methodologies available, introduce such processes to cope with the quantification of the risk potential to which assets are exposed. At the same time, through the use of measurements and controls (also referred to as security measurements and security controls) these standards provide the tools for the establishment of the required assets protection. As Risk Assessment standards and methodologies are at a different level of abstraction, their use is subject to individual adaptations.
Apart from being fundamental for establishing and maintaining Information Security, Risk Management and Risk Assessment are essential elements of awareness raising. The risk posture of end users is prime success criterion of any campaign in the area of Information Security.
Within this Workshop we focus on all aspects of Risk Management and Risk Assessment in the area of Information Security. Additional aspects from areas of operations, process modeling and process integration will also be addressed.
Focus of the Workshop
The aim of this workshop is to raise contributions in existing and emerging areas of Risk Management and Risk Assessment both from industry and academia. Areas of interest include, but are not limited to:
Methods for the quantification of risks
Interoperability of Risk Management and Risk Assessment methods
Management issues/activities within Risk Management
Integration of Risk Management and Risk Assessment with other operational processes
Identification of emerging risks
Method adaptations and best practices in Risk Management and Risk Assessment and their application
Technical issues in Risk Management
Legal requirements and Risk Management
Awareness raising and Risk Management, Risk Assessment
Novell methods and tools for Risk Management and Risk Assessment
Sector standards in Risk Management and Risk Assessment
Papers ranging from best practices to actual research results in Risk Management/Risk Assessment will be welcome. Particular attention will be paid to contributions related to Small and Medium Enterprises (SMEs) as well as to emerging research coping with scientific work in this area.
Submission of papers: 6 January 2006 - Extension: 18 January 2006
Notification of acceptance: 20 January 2006
Camera ready copies: 10 February 2006
Professor Dr. D. Karagiannis, University of Vienna, Austria
Dr. L. Marinos, ENISA, Greece
M. Dietrich, BSG Unternehmensberatung, Switzerland
M. Hoevers, ECP-NL, Platform voor eNetherland, The Netherland
K. Kalmelid, Swedish Emergency Management Agency, Sweden
S. Lebel, Dir. Centrale de la Sécurité des Systèmes d'information, France
Prof. Dr. G. Müller, Telematik, Univ. of Feiburg, Germany
M. Rohde, European Commission, DG Information Society and Media, Belgium
Dr. I. Schaumüller-Bichl, IT Security Consultant, Austria