In order to maximize the benefits of digitalization, we need to manage information security risks—whether as an individual, an organization, or society as a whole. The secure and reliable functioning of IT is the foundation of digitalization.
Information security risks are transboundary, systemic, and complex in nature, and therefore pose a significant challenge for risk managers. At DSI, we research how to effectively and efficiently assess and manage information security risks at the individual, organizational, and societal levels.
In a nutshell, risk management is the ongoing process of identifying, assessing, evaluating, and responding to risk. In practice, risk management requires constant decision-making about cost-benefit tradeoffs of security measures and a balancing of priorities.
An integral factor of risk is uncertainty. In most cases, it is not possible to predict either the probability of a risk occuring, nor its potential impact on an organization and the larger environment. Moreover, the asset that can be exploited, the threat and threat actor, or the vulnerability itself can all remain unknown.
A particular focus of our research at DSI is to understand new and emerging information security risks and their impact on organizations and societies more broadly.
Our team at DSI works on
- Methods, tools, and processes for assessing and managing information security risks
- Models to map uncertainty in risk assessment and volatility of complex ICT infrastructures
- Management of pervasive information security risks in the internet of things
- Multi-level risk governance processes in the fields of information security and data protection