Abstract
In this master's thesis, an interface between the standards ISO 31000:2018 andISO/IEC 27005:2022 is developed to bridge Enterprise Risk Management (ERM) and
Information Security Risk Management (ISRM). The aim is to create an integrated and
harmonized risk management strategy. Organizations face the challenge of managing a
multitude of threats that affect their business processes and IT systems [3]. ERM and
ISRM are central disciplines in addressing these threats; however, differences in perspective and methodology lead to misunderstandings and communication problems [1].
The lack of a unified interface between the standards ISO 31000:2018 and ISO/IEC
27005:2022 complicates collaboration and increases resource expenditure [2]. The thesis
aims to develop an integrative risk management framework that considers the requirements of both standards. Through interviews with experts and subsequent qualitative
content analysis, existing interface problems are identified, and solutions are developed.
The study shows that an effective interface between ERM and ISRM requires harmonized context establishment, unified risk criteria, and coordinated risk assessment
and treatment. The results of the thesis can serve as a basis for further development and
implementation in practice to increase the efficiency of risk management in organizations. The thesis provides insights and implications for the implementation of integrated
risk management in practice. The study delves into the different methodological approaches of the two standards and demonstrates how a harmonized interface can leverage synergies to optimize risk communication and management. The proposed interface not only promotes the efficiency and effectiveness of risk management but also
contributes to creating a common risk culture that strengthens the resilience of the
entire organization. In the long term, the integration of the two standards supports the
strategic alignment and sustainable development of organizations by establishing a coherent risk management system that addresses and considers both enterprise-wide and
information security-related risks.
Date of Award | 2024 |
---|---|
Original language | German (Austria) |
Supervisor | Eckehard Hermann (Supervisor) |