Abstract
This master’s thesis discusses the topic of risk management concerning informationsecurity and data protection within a federal agency, using the Federal Chancellery as
an example. First, the security objectives of information security and data protection,
as defined by relevant legal requirements, are outlined. Subsequently, the respective
requirements for risk management are derived from the same sources, with a focus on
their applicability within a federal agency. The possible implementation methods are
explained based on relevant standards for achieving security objectives.
To ensure a high level of protection in information security and the application of
modern procedures, it is necessary to comply with the state of the art. Therefore, this
thesis first defines the state of the art and aligns it with relevant, scientifically recognized standards for the respective application areas and security objectives. Finally, the
implementation of information security and risk management in the Federal Chancellery
is examined. Based on this analysis, recommendations for improving risk management
and information security are derived. The objective of this thesis is thus to enhance
the technical and organizational measures related to these aspects within the Federal
Chancellery.
| Date of Award | 2025 |
|---|---|
| Original language | German (Austria) |
| Supervisor | Peter Burgstaller (Supervisor) |
Studyprogram
- Information Security Management