Abstract
This thesis explores the legal considerations involved in implementing a SecurityInformation and Event Management (SIEM) system. The motivation stems from the
growing need to protect IT infrastructures against cyber threats while simultaneously
ensuring compliance with labor laws and safeguarding employee rights. The primary
focus is on the legal requirements under labor law and the conflicts that arise between
asset protection and employee rights, particularly in relation to labor law, personal
rights, and data protection regulations.
The aim of this thesis is to examine which legal provisions must be taken into account when implementing SIEM systems and how these conflicting interests can be
balanced. A technical section provides an overview of SIEM systems, including their
purpose, functionality, and the types of data they process.
Subsequently, a structured introduction to the Austrian and European legal framework is offered, aimed at non-lawyers, explaining the interconnections between European and Austrian law and outlining fundamental legal principles. It furthermore presents the relevant legal provisions and discusses their key aspects in detail. Additionally,
the legal requirements for the use of SIEM systems are analyzed, referencing court rulings and addressing the research questions.
Finally, the findings are synthesized and compared with practical applications based
on expert interviews. The thesis answers the research question, differentiates between
specifically regulated organizations, and proposes a framework for a company agreement governing SIEM system implementation.
| Date of Award | 2025 |
|---|---|
| Original language | German (Austria) |
| Supervisor | Peter Burgstaller (Supervisor) |
Studyprogram
- Information Security Management