Jump to content
Symbolfoto: Das AIT ist Österreichs größte außeruniversitäre Forschungseinrichtung
AIT Logo Logo AIT Blog - Austrian Insitute of Technology link to home page Logo AIT Blog - Austrian Insitute of Technology link to home page
You are here:

Homepage  Research Topics  Cyber Security  Projects  GeRiAn

GeRiAn

General government risk analysis method

The aim of a whole-of-government risk analysis is to summarise the results of all sectors at a security policy level. In some sectors, risk analysis is carried out at a strategic level (international terrorism, state failure, etc.); in other sectors, the results are collected and summarised "bottom-up" (disasters, critical infrastructures, etc.). However, it is essential to ensure a standardised assessment system for all areas and methods, i.e. to apply the same categories for the damage assessment and for the probability of risk occurrence.

By using categories, events remain comparable. However, the framework conditions (threshold values, probabilities) must be precisely specified and documented in order to ensure sufficient traceability.

The definition of the individual categories should be consistent, which is probably easy to ensure within a sector, but difficult to implement for different sectors. For example, the probabilities of occurrence in the areas of civil protection and cyber security are very different and the threshold values of the damage indicators in civil protection must be set differently than in cyber security. If quantification appears difficult or only feasible with disproportionately high effort in the sub-areas under consideration, a descriptive description can provide a remedy instead in order to be able to document a sufficiently serious assessment. For a holistic presentation, it is naturally necessary to use the same categories to summarise the results - but to tailor the respective classification to the respective sub-area. Similarly, plausibility is used for the probability of occurrence if the data available is not of sufficient quality. In principle, these categorisations and descriptive descriptions must be developed beforehand in expert workshops in order to give the risks assessed later in their entirety a correspondingly substantial significance.

 

  • Partner: AIT Austrian Institute of Technology GmbH
  • Projektlaufzeit:09/2014-08/2015
  • Förderprogramm: KIRAS Sicherheitsforschung Herbstausschreibung 2014/2015, Studien
Portrait photo of Stefan Schauer

Dr. Stefan Schauer

Senior Scientist