Self Assessed Risk Management (SARM)
ENISA is pleased to announce results from a traineeship in the area of Risk Management / Risk Assessment. The ENISA trainee Joachim Poettinger, is about to finalise his master thesis that has been performed in cooperation between the University of Applied Sciences of Hagenberg, Austria and ENISA. In addition to the report, Mr. Poettinger has generated a beta version of a tool for identifying risk profile for organisations based on a questionnaire for non experts and a benchmarking developed by the ENISA ad hoc Working Group on Risk Management (see ENISA Working Group page). Based on their risk profiles, organisations can understand their requirements in risk management and find available methods that are best suited for their needs.
Background
In the area of Risk Management, significant work has been conducted in the area of Risk Management issues for Small and Medium Enterprises (SMEs). The activities in this field have started around 2006 and resulted an “Information Package for SMEs” with an approach to Risk Management for non-experts. Based on this and other relevant works within ENISA (e.g. mandates of the Working Group on Risk Assessment / Risk Management), numerous additional results have been generated. These concern a benchmarking method for the evaluation of methods/tools in the area of Risk Management. Based on this benchmarking method, in 2008 we have elaborated on a questionnaire for the identification of Risk Management requirements of enterprises. The work on this issue is currently in final status.
In 2008, ENISA has performed a number of pilots in the area of Risk Management with SMEs across Europe. The feedback from these pilots has been published and will be anticipated for future activities in that area (e.g. consolidation with existing ENISA results, adaptation of Risk Management approach for SNEs, etc.).
The above mentioned results make up a set of interrelated yet not integrated results. We had assign the task of finding possible ways to integrate the above results to Mr. Poettinger.
Description of Mr. Poettinger's tasks:
- Apply developed benchmarking for items of the ENISA inventory of methods and tools
- Maintain/enhance developed tool implementing Risk Management requirements (current implementation by means of an excel application)
- Integrate benchmarked inventory items with developed tool
- Elaborate on models to disseminate the tool (e.g. online availability, online data collection, etc.)
- Generate prototype for the implementation of the dissemination
ENISA wants to thank Joachim Poettinger for his hard work on these topics and the quality of his deliverables. It is remarkable, that a paper on his activities submitted to the German BSI-Forum in May 2009, an important security event in Germany, has been accepted for presentation.
In addition, we would like to thank University of Applied Sciences Hagenberg, Upper Austria, School of Informatics, Communications and Media and in particular Professor Dr. Ingrid Schaumueller-Bichl for her support before and during Joachim's traineeship.
The results of his effort can be downloaded from the following URLs: