Michael Brunner

University of Innsbruck | UIBK · Department of Computer Science

Companies often have to comply with more than one security standard and refine parts of security standards to apply to their domain and specific security goals. To understand which requirements different security standards stipulate, a systematic overview or mapping of the relevant natural language security standards is necessary. Creating such sta...

Information security management aims at ensuring proper protection of information values and information processing systems (i.e. assets). Information security risk management techniques are incorporated to deal with threats and vulnerabilities that impose risks to information security properties of these assets. This paper investigates the current...

Information security management aims at ensuring proper protection of information values and information processing systems (i.e. assets). Information security risk management techniques are incorporated to deal with threats and vulnerabilities that impose risks to information security properties of these assets. This paper investigates the current...

QE LaB Business Services integrated features focusing on requirements engineering offered by OpenReq, an EU Horizon 2020 project, into an existing commercial software for the management of security requirements. The microservices were integrated as part of a dedicated Open Call project where participants from industry were asked to integrate novel...

Information Security Management Systems (ISMS) aim at ensuring proper protection of information values and information processing systems (i.e., assets). Information Security Risk Management (ISRM) techniques are incorporated in ISMSs to deal with threats and vulnerabilities that impose risks to information security properties of these assets. The...

As the IT landscape of organizations increasingly needs to comply with various laws and regulations, organizations manage a plethora of security-related data and have to verify the adequacy and effectiveness of their security controls through internal and external audits. Existing Governance, Risk and Compliance (GRC) approaches provide little supp...

Tighter regulatory demands and higher customer expectations regarding the protection of information force enterprises to systematically ensure confidentiality, integrity and availability of stored information and processing facilities. Information Security Management Systems (ISMSs) are used to address these challenges. Recent studies show that the...

With various advances in technology, cars evolved to highly interconnected and complex Cyber-Physical Systems. Due to this development, the security of involved components and systems needs to be addressed in a rigorous way. The resulting necessity of combining safety and security aspects during the development processes has proven to be non-trivia...

Increasing interest in cyber-physical systems with integrated computational and physical capabilities that can interact with humans can be identified in research and practice. Since these systems can be classified as safety- and security-critical systems the need for safety and security assurance and certification will grow. Moreover, these systems...

Establishing and operating an Information Security Management System (ISMS) to protect information values and information systems is in itself a challenge for larger enterprises and small and medium sized businesses alike. A high level of automation is required to reduce operational efforts to an acceptable level when implementing an ISMS. In this...

Information Security Management Systems (ISMS) aim at ensuring proper protection of information values and information processing systems (i.e. assets). Information Security Risk Management (ISRM) techniques are incorporated to deal with threats and vulnerabilities that impose risks to information security properties of these assets. Considering th...

Zusammenfassung Die heute übliche vernetzte Struktur von Softwareprodukten und komplexe Kunden-Anbieter-Szenarien machen eine tiefgehende Beschäftigung mit dem Thema Security im Produktkontext unumgänglich. Ausgehend von der Frage, was Sicherheitseigenschaften von anderen Anforderungen unterscheidet, stellen wir in unserem Beitrag kurz die Methoden...

The increasing need for service organizations to ensure compliance with various laws and regulations as well as different internal and external policies and security standards requires businesses to ensure a high level of standardization of their internal and external security processes in order to achieve efficiency and to avoid costs. As a direct...

In diesem Beitrag stellen wir ein Framework und dessen prototypische Umsetzung zur kontextuellen Verwaltung von Sicherheitsanforderungen in Unternehmen vor. Unser Ansatz verbindet Sicherheitsanforderungen mit Unternehmensmodellen und vereinfacht durch automatische Workflows die Einhaltung komplexer Rahmenbedingungen in sich stetig weiter entwickeln...

Organizations increasingly adopt or consider adopting external services hoping for higher flexibility and reduced costs. However, currently existing deficiencies of processes and tools force service consumers to renounce from the expected advantages and to trade off profitability against security. These security and compliance concerns are predomin...