Home Conference in Cooperation with Home

ARES 2006

The First International Conference on Availability, Reliability and Security

The International Dependability Conference - Bridging Theory and Practice
April 20th - April 22nd 2006, Vienna University of Technology, Austria

Workshop: ISRM - Information Security Risk Management

Workshop: ISRM - Information Security Risk Management

Overview

Risk Management and Risk Assessment are the core processes for the establishment of security, both at operational and technical level:

  • Risk Management is the process of weighting policy alternatives by selecting appropriate prevention and control options. This definition holds true for variety of Risk Management solution, e.g. in the areas of corporate governance, information technology, critical infrastructure protection, environment, project management, etc.
  • Risk Assessment stands for the central process aiming at the technical and scientific identification, classification and mitigation of IT risks via the deployment of measures for the protection of IT-assets at risks (i.e. the .valuable assets of an organization). Various security standards and methodologies available, introduce such processes to cope with the quantification of the risk potential to which assets are exposed. At the same time, through the use of measurements and controls (also referred to as security measurements and security controls) these standards provide the tools for the establishment of the required assets protection. As Risk Assessment standards and methodologies are at a different level of abstraction, their use is subject to individual adaptations.
  • Apart from being fundamental for establishing and maintaining Information Security, Risk Management and Risk Assessment are essential elements of awareness raising. The risk posture of end users is prime success criterion of any campaign in the area of Information Security.

    Within this Workshop we focus on all aspects of Risk Management and Risk Assessment in the area of Information Security. Additional aspects from areas of operations, process modeling and process integration will also be addressed.

    Focus of the Workshop

    The aim of this workshop is to raise contributions in existing and emerging areas of Risk Management and Risk Assessment both from industry and academia. Areas of interest include, but are not limited to:

  • Methods for the quantification of risks
  • Interoperability of Risk Management and Risk Assessment methods
  • Management issues/activities within Risk Management
  • Integration of Risk Management and Risk Assessment with other operational processes
  • Identification of emerging risks
  • Method adaptations and best practices in Risk Management and Risk Assessment and their application
  • Technical issues in Risk Management
  • Legal requirements and Risk Management
  • Awareness raising and Risk Management, Risk Assessment
  • Novell methods and tools for Risk Management and Risk Assessment
  • Sector standards in Risk Management and Risk Assessment
  • Papers ranging from best practices to actual research results in Risk Management/Risk Assessment will be welcome. Particular attention will be paid to contributions related to Small and Medium Enterprises (SMEs) as well as to emerging research coping with scientific work in this area.

    Important dates

    Submission of papers: 6 January 2006 - Extension: 18 January 2006
    Notification of acceptance: 20 January 2006
    Camera ready copies: 10 February 2006

    Workshop Chairs:

    Professor Dr. D. Karagiannis, University of Vienna, Austria

    Dr. L. Marinos, ENISA, Greece

    Programme Committee

    M. Dietrich, BSG Unternehmensberatung, Switzerland

    M. Hoevers, ECP-NL, Platform voor eNetherland, The Netherland

    K. Kalmelid, Swedish Emergency Management Agency, Sweden

    S. Lebel, Dir. Centrale de la Sécurité des Systèmes d'information, France

    Prof. Dr. G. Müller, Telematik, Univ. of Feiburg, Germany

    M. Rohde, European Commission, DG Information Society and Media, Belgium

    Dr. I. Schaumüller-Bichl, IT Security Consultant, Austria