Skip to main content
SpringerLink
Log in

Information Security Risk Management

  • Conference paper
  • First Online:
Privacy and Identity Management. Between Data Protection and Security (Privacy and Identity 2021)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 644))

Included in the following conference series:

Abstract

Behavioural security, technical security and organisational security are inter-related. Issues addressing security should therefore consider those three pillars in common not in silos.

This paper summarizes a keynote speech held on this topic at the 16th IFIP Summer School on Privacy and Identity Management.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 99.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://go.globalknowledge.com/2020salaryreport.

  2. 2.

    https://www.misp-project.org/.

  3. 3.

    https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52020PC0767.

  4. 4.

    https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52021PC0206.

  5. 5.

    https://www.misp-project.org/compliance/gdpr/information_sharing_and_cooperation_gdpr.html.

  6. 6.

    https://www.circl.lu/services/misp-financial-sector/.

  7. 7.

    https://op.europa.eu/en/publication-detail/-/publication/d2912aca-4d75-11e6-89bd-01aa75ed71a1/language-en.

  8. 8.

    https://eur-lex.europa.eu/eli/reg/2016/679/oj.

  9. 9.

    Some cyber-criminal business-cases could only materialize with the help of crypto-currencies.

  10. 10.

    For instance, company networks opened to the Internet to allow for teleworking during the Covid-19 pandemic, leading to process and technical vulnerabilities.

  11. 11.

    Stakeholder is defined in the standard ISO/IEC 31000 as “person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity.”

  12. 12.

    https://www.bmwi.de/Redaktion/EN/Artikel/Industry/ipcei-cis.html.

  13. 13.

    https://digital-strategy.ec.europa.eu/en/policies/strategy-data.

  14. 14.

    http://dataspaces.info/common-european-data-spaces/#page-content.

  15. 15.

    https://attack.mitre.org/.

References

  1. ENISA: Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity (2019). https://www.enisa.europa.eu/publications/cybersecurity-culture-guidelines-behavioural-aspects-of-cybersecurity

  2. ENISA: Threat Landscape 2020 – Main Incidents (2020). https://www.enisa.europa.eu/publications/enisa-threat-landscape-2020-main-incidents

  3. ENISA: Threat Landscape 2015 (2016). https://www.enisa.europa.eu/publications/etl2015

  4. ENISA: Proactive detection – Good practices gap analysis recommendations (2020). https://www.enisa.europa.eu/publications/proactive-detection-good-practices-gap-analysis-recommendations

  5. OpenIOC: Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC (2017)

    Google Scholar 

  6. ENISA: Exploring the opportunities and limitations of current Threat Intelligence Platforms (2018). https://www.enisa.europa.eu/publications/exploring-the-opportunities-and-limitations-of-current-threat-intelligence-platforms

  7. ISO: ISO 31000:2018 Risk management — Guidelines (2018)

    Google Scholar 

  8. Europol: Internet Organised Crime Threat Assessment (IOCTA) (2020). https://www.europol.europa.eu/publications-events/main-reports/iocta-report

  9. Verlaine, M.: On the extraction of cyber risks from structured products. Appl. Econ. 54, 22 (2021). https://doi.org/10.1080/00036846.2021.1998327

    Article  Google Scholar 

  10. The Luxembourg Government – Ministry of the Economy: The Data-Driven Innovation Strategy for the Development of a Trusted and Sustainable Economy in Luxembourg (2019). https://gouvernement.lu/en/publications/rapport-etude-analyse/minist-economie/intelligence-artificielle/data-driven-innovation.html

  11. The Luxembourg Government – Ministry of the Economy: Ons Wirtschaft vu muer – Roadmap for a competitive and sustainable economy 2025 (2021). https://meco.gouvernement.lu/en/publications/strategie/strategie-ons-wirtschaft.html

  12. OECD: Digital Security Risk Management for Economic and Social Prosperity - OECD Recommendation and Companion Document (2015). https://www.oecd.org/sti/ieconomy/digital-security-risk-management.htm

  13. OECD: OECD Studies on SMEs and Entrepreneurship: The Digital Transformation of SMEs (2021). https://www.oecd.org/publications/the-digital-transformation-of-smes-bdb9256a-en.htm

  14. The Luxembourg Government – High Commission for National Protection: Stratégie nationale en matière de cybersécurité III (2018). https://hcpn.gouvernement.lu/en/publications/strategie-nationale-cybersecurite-3/strategie-nationale-cybersecurite-3/strategie-nationale-cybersecurite-3.html

Download references

Author information

Authors and Affiliations

  1. Ministère de L’Économie, Luxembourg, Luxembourg

    François Thill

Authors
  1. François Thill
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to François Thill .

Editor information

Editors and Affiliations

  1. Fraunhofer ISI, Karlsruhe, Germany

    Michael Friedewald

  2. AIT Austrian Institute of Technology, Vienna, Austria

    Stephan Krenn

  3. Ostfalia University of Applied Sciences, Wolfenbüttel, Germany

    Ina Schiering

  4. University of Münster, Münster, Germany

    Stefan Schiffner

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Thill, F. (2022). Information Security Risk Management. In: Friedewald, M., Krenn, S., Schiering, I., Schiffner, S. (eds) Privacy and Identity Management. Between Data Protection and Security. Privacy and Identity 2021. IFIP Advances in Information and Communication Technology, vol 644. Springer, Cham. https://doi.org/10.1007/978-3-030-99100-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-99100-5_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-99099-2

  • Online ISBN: 978-3-030-99100-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation