KASTEL - Competence Center for Applied Security Technology
- contact:
-
project group : - funding:
- partner:
Institute of Applied Informatics and Formal Description Methods (KIT),
Institute for Anthropomatics and Robotics (KIT),
Institute for Automation and Applied Informatics (KIT),
Institute for Program Structures and Data Organisation (KIT),
Institute of Theoretical Informatics (KIT),
Institute of Telematics (KIT),
Research Center for Information Technology (KIT),
Center for Applied Law (KIT),
Institute of Public Law (Goethe-Universität Frankfurt a.M.) - start:
05/2018
- end:
04/2022
Project description
Project background
Project objectives of IIP in KASTEL
Within the framework of KASTEL, the IIP deals with economic risk management. Risk management generally includes the systematic analysis of internal organisational risks and the development of measures to reduce risks for the purpose of long-term protection of the organisation. The handling and control of IT risks requires not only that organizations have the necessary technologies and processes, but also that these are economically sensible and feasible. Economically oriented risk management is therefore becoming increasingly important due to the ever stronger linkage of industrial value chains in terms of information technology and the associated growing effort required to protect these structures from attacks and technical errors. Economic risk management refers not only to the economic efficiency of IT risk management, but also to the economic consequences of a failure of IT systems (e.g. business interruption). With a view to the development of scalable and quantifiable safety concepts, it is possible to consider material and immaterial consequences in the risk assessment. In addition, an economic risk analysis also takes into account the behaviour of the actors as well as the opportunity costs of risk-reducing measures and thus the conflicting objectives of security investments. The following project objectives of IIP in KASTEL can be derived from this:
- Categorization of attacker profiles and identification of attack strategies to enable targeted defense against external attackers (external offenders)
- Identification of internal system attackers (internal offenders) as well as analysis and design of internal organisation incentives for risk reduction
- Description of requirements for an internal safety culture to reduce "negligence and human error" as sources of danger
- Assessment of direct/indirect material and immaterial damage