The project aims to develop a risk management framework for the SMEs affected by the NIS Directive. The goal of this framework is to meet both the requirements of the NIS Directive and the results of the current national legislative process. Therefore, a guideline is derived from recognized standards and best practices from the fields of risk management, information security and cybersecurity management. In particular, the risk management framework focusses on modularity, practice orientation and cost-efficiency, as well as individual applicability both for the authorities as well as for SMEs from different areas. Additionally, the project aims to formulate the risk management framework in such a way that a resource-efficient monitoring and audit can be carried out by the "NIS authority", which will be installed in the future.

• Partner:AIT Austrian Institute of Technology GmbH (Koordinator), Energieinstitut an der Johannes Kepler Universität Linz, BKA Österreich, BMI, Bundesministerium für Landesverteidigung
• Projektlaufzeit: 09/2017-06/2019
• Förderprogramm: KIRAS Sicherheitsforschung – Ausschreibung 2016/17, Schutz kritischer Infrastrukturen