Information security risks are transboundary, systemic, and complex in nature, and therefore pose a significant challenge for risk managers. In a nutshell, risk management is the ongoing process of identifying, assessing, evaluating, and responding to risk. In practice, risk management requires constant decision-making about cost-benefit tradeoffs of security measures and a balancing of priorities.
At DSI, we research new and emerging information security risks and their impact on organizations and societies more broadly. We examine how to effectively and efficiently assess and manage information security risks at the individual, organizational, and societal levels.
Our team works on
- Methods, tools, and processes for assessing and managing information security risks
- Models to map uncertainty in risk assessment and volatility of complex ICT infrastructures
- Management of pervasive information security risks in the internet of things
- Multi-level risk governance processes in the fields of information security and data protection