Research Field Secure Societies

The research field of Secure Societies focuses on the security of organizations and their interfaces to individuals and society. The activities of organizations are influenced by a variety of challenges. In addition to the competition and the specific opportunities and risks, organizations also face an uncertain world (terrorism, pandemics, energy shortages, climate change, organized crime and political crises). These influences are reinforced by the advancing globalization. In the field of Secure Societies, trans-disciplinary and interdisciplinary research focuses on:

  • Risk Management
  • Integrated Security and Resilience Management
  • Internal Audit
  • Cybersecurity and Economic Security
  • Complexity
  • Security Management 

Research Focus

Risk Management

The discipline of Risk Management has made fundamental developments in recent decades. A variety of standards, norms and models have significantly contributed to increased professionalisation and led to the establishment of generally accepted procedures for dealing with risks in organizations. The research field of Risk Management is dedicated to the practical application of risk management in organizations of all kinds, be they corporations, NPOs or government organizations. The focus is on challenges such as barriers, obstacles and/or drivers the organizations must face in the practical application and execution of risk management, as well as solutions that enable the different types of organizations to carry out a goal-oriented risk management in keeping with standards, norms or accepted models. 

The aim of the Risk Management research field is to examine the organizational challenges and practical solutions in the implementation and application of modern risk management standards/norms/models in organizations. The research places special emphasis on the following points:

  • Restrictive resources (both financial and in terms of personnel),
  • Determining organizational structure,
  • Influencing culture (on an organizational and individual level) 
  • Impact of society

Integrated Security & Resilience Managment

Security Management enables organizations and managers to handle intentional risks, to improve the achievement of business goals, to ensure operational activities, to meet the requirements of laws and standards and to enhance the security of people, the environment and systems. However, the understanding of security and resilience management differs widely and takes on many different forms from organization to organization. While some organizations understand security as protecting information or data, other organizations understand it as managing risks in terms of physical security. With standardization, tendencies to interlink the domains of information security, physical security and business continuity can now be observed. The research field of Integrated Security and Resilience Management applies a holistic and integral approach to examing the processes and methodologies in these areas.

The aim of the research field is to highlight the topic of Security & Resilience Management with reference to analysis and implementation methods. The following aspects should be explored:

  • Methods of security risk assessments in the individual domains, with the aim of developing a holistic approach 
  • Investigation of the security goals of the individual domains, with the aim of developing a generic security architecture (or a generic control universe)
  • Development of an integrated maturity model, with the aim of controlling the development of the Security and Resilience Management System in an organization
  • Investigation of the possible stakeholders, interfaces and influencing factors in the context of implementation and operation, with the aim of enabling the implementation of an integrated Security & Resilience Management System

Internal Audit

Internal audit is a corporate function that provides independent and objective audit and advisory services. It supports managers and management in achieving their business goals by systematically and purposefully assessing and improving the existence and functionality of internal controls, risk management and governance. In order for internal audit to achieve its goals, both the organization of the function of the internal audit and the optimal interaction of the governance-risk-compliance functions within the company are of crucial importance. The position of internal auditing in the company and its desired effects are therefore of central importance. In addition, social and technological change is constantly presenting internal audit with new challenges. 

  • “State-of-the-Art” alignment of the organization and the internal audit processes to achieve their goals
  • Development of assessment concepts to increase the functionality of internal control systems
  • Presentation of the effects of digitization on the assessment processes
  • Development of a modern requirement profile for internal auditors
  • Empowerment as a tool for personnel management and development in the internal audit
  • Explanation of the importance of quality for the work of the internal audit
  • Role of the internal audit in an integrated corporate governance

Cybersecurity and Economic Security

The subject of cybersecurity has long since changed from a purely technical topic to a politically and economically relevant challenge. Espionage against countries as well as companies, sabotage and even terrorist or warlike attacks are increasingly taking place over the internet and require not only technical but also political, economic and social answers. The focus extends beyond Austria and the German-speaking world by comparing international concepts and identifying “best practices”. Nevertheless, attacks that do not use information technology are still the order of the day. These attacks are therefore considered as equally important in the research field. In the research field of Cybersecurity and Economic Security, the focus is on economic-political considerations.  One example of intensive successful research in this segment is the co-authorship of the work “Wirtschaftsgrundschutz” issued by the German Federal Office for the Protection of the Constitution and the German Federal Office for Security (BfV) in Information Technology (BSI). 

  • Development of approaches to increase the resilience of the state, economy and society against cyber attacks
  • Development of concepts for the joint protection of cyberspace by the state and industry
  • Determination of the appropriate regulatory framework and scope
  • Development of measures to protect against espionage and sabotage

Complexity

When managers make mistakes, the stakes are high. It is not just since the financial and economic crisis that voices have been increasingly demanding that managers be better prepared and supported in performing their tasks through education, research and teaching. While in the early 20th century the so-called scientific management such as Fordism and Taylorism promised to support management practices with research, around 100 years later, many researchers are now raising the question of how far this approach still holds in the face of an increasingly complex world. “Complexity” seems to be one of the central buzz words of recent years. Over four million claims can be found in the internet that we are dealing with increasing complexity in various areas of our lives. The total number of hits has repeatedly multiplied in recent years. Despite the central importance of the concept of complexity, a definition, even in scientific papers, often remains nebulous or is not even offered. Yet for many years now, well-founded works in the field of theories of complex systems have been available. 

Concrete research on whether we actually live in a more complex world is rare. Thus, there is generally no empirical research on complexity.

  • How is complexity experienced? How does the experience of complexity affect management?
  • Has the complexity of certain management areas really changed? Has it grown faster in certain industries than in others?
  • How does a goal-oriented management of complex systems succeed?

Security Management

The subject explored in the research field of Security Management is security in networks, organisms, and organizations, in other words in complex systems. General network properties of complex systems are used to investigate which properties of complex networks determine the security, resistance, and survivability of a system and how organizations (e.g. the organizing committee of an international mega-event) can profit from this.

Research topics include structural, procedural, and organizational characteristics of biological, social, technological and other networks, and topics that arise from the management of the security of complex organizations, such as: Threat Intelligence, Law & Economics, Politics & Diplomacy and Technology & Innovation.


Team

> FH-Prof. DI Dr. Martin Langer

Head of Integrated Safety and Security, Head of Integrated Riskmanagement, Head of Risk Management and Corporate Security


Degree programs

Integrated Risk Management

Master, part-time

more

Integrated Safety and Security Management

Bachelor, part-time

more