Security Management & Privacy

The focus "Security Management & Privacy" deals with two important topics, which, especially due to the General Data Protection Regulation (GDPR), intervene deeply in organizations as well as the way security has to be integrated into organizations.
Security Management

Security Management pursues the goal of effectively and efficiently implementing compliance and security requirements and coordinating information security activities. The main topics researched in this area include risk and emergency management, measurement and evaluation of information security, and approaches to aligning security strategy with corporate strategy. In addition, there is research in the field of situational awareness and providing operational security insight.


The subject area Privacy deals with methods for the protection of personal information. Here, technologies for the protection of privacy as well as the effects of the loss of personal information are discussed. Our activities in this area include the analysis of Privacy Enhancing Technologies (PETs), such as: anonymization networks, web privacy, and cryptographic protocols. Other areas of activity include the misuse of personal information for social engineering attacks and the usability of existing privacy technologies. 

Key Focus Coordinator

  • Lecturer
  • Department of Computer Science and Security

Research Staff

  • Junior Researcher
    Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks
  • Department of Computer Science and Security
  • Junior Researcher Institute of IT Security Research
  • Department of Computer Science and Security
  • Lecturer
  • Deputy Academic Director IT Security (BA)
  • Department of Computer Science and Security
P: +43/2742/313 228 639
P: +43/676/847 228 639
  • Lecturer
  • Department of Computer Science and Security
P: +43/2742/313 228 636
P: +43/676/847 228 636
  • Research Assistant Institute of IT Security Research
  • Department of Computer Science and Security
  • Academic Director Information Security (MA)
  • Deputy Head of Department
  • Department of Computer Science and Security
P: +43/676/847 228 641
  • Research Assistant Institute of IT Security Research
  • Department of Computer Science and Security


Usable Privacy Box (upribox)

The project "usable privacy box" (upribox) developes a software and creates a device that protects internet privacy and ensures data security.

KIF – Cryptography for Wireless Communication

A highly secure and durable cryptography for wireless communication integrating radio data. – High frequency data transmission may allow for the traffic of the future.

Privacy and Security in Online Advertisement

PriSAd – the project „Privacy and Security in Online Advertisement” aims at an integral analysis of privacy and security of online advertising networks.


Zamyatin, A., Stifter, N., Judmayer, A., Schindler, P., & Weippl, E. R. (2018). A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice. In 5th Workshop on Bitcoin and Blockchain Research.
Rieger, D., & Tjoa, S. (2018). A Readiness Model for Measuring the Maturity of Cyber Security Incident Management. Presented at the International Conference on Intelligent Networking and Collaborative Systems (INCoS-2018), Springer.
Kieseberg, P., Neuner, S., Schrittwieser, S., & Schmiedecker, M. (2017). Real-time Forensics through Endpoint Visibility. Presented at the International Conference on Digital Forensics & Cyber Crime (ICDF2C).
KAUSPADIENE, L., CENYS, A., GORANIN, N., TJOA, S., & RAMANAUSKAITE, S. (2017). High-Level Self-Sustaining Information Security Management Framework. Baltic J. Modern Computing, 5, 107–123.
Weippl, E. (2017). Bitcoins, Crypocurrencies und Smart Contracts. Presented at the 14. Österreichischer IT-Sicherheitstag, Klagenfurt.
Piller, E. (2017). Blockchains: Von den Potentialen der IT-Sicherheit für den Unternehmenserfolg. Presented at the Konferenz Blockchain.
Piller, E. (2017). Sicherheit bei Geschäftsmodellen von Anfang an mitdenken. Presented at the IKT Sicherheitskonferenz des BMLVS, Villach.
Weippl, E. R. (2017). Wie funktioniert eine Blockchain wirklich. Vienna.
Piller, E. (2017). Beschaffung unter Berücksichtigung der IT-Sicherheit, Piller Ernst. Springer Vieweg Verlag.
Travniček, R., Höllwarth, T., Árpád, G., Haidvogl, G., & Lang-Muhr, C. (2016). Enterprise Mobility - Market, products and technical approaches; relevant organisational and legal aspects. EuroCloud.
Tjoa, A. M., & Tjoa, S. (2016). The Role of ICT to Achieve the UN Sustainable Development Goals (SDG). In ICT for Promoting Human Development and Protecting the Environment (pp. 3–13). Springer.
Haslinger, D., & Lang-Muhr, C. (2016). Business Continuity & Desaster Recovery als Planspiel umgesetzt. In Kompetenzorientiert Lehren und Prüfen. St. Pölten: ikon Verlag.
Österreicher, G., Pötzelsberger, G., & Piller, E. (2016). Moderne Beschaffung mit Berücksichtigung von IT-Security (pp. 214–223). Presented at the D-A-CH Security.
Brandstetter, T. (2015, January). Schlachtfeld Internet – Wenn das Netz zur Waffe wird. Presented at the TV-Beitrag ARD.
Brandstetter, T. (2015, November). Vielgehacktes Österreich vs. Regulatorien: Das neue Cybersicherheitsgesetz. Podiumsdiskussion presented at the IT-SeCX, St. Pölten, Austria.
Reisinger, P. (2015, November). Studie Informationssicherheit in Deutschland, Österreich und der Schweiz 2015. Presented at the IT-SeCX, St. Pölten, Austria.
Haslinger, D., & Fischer, B. (2015, November). Jahresrückblick. Presented at the IT-SeCX, St. Pölten, Austria.
Piller, E. (2015, October). Gezielte Cyberangriffe - der Schutz fängt schon bei der Beschaffung an. Key Note presented at the IT Security Herbst 2015.
Piller, E. (2015, June). Gezielte Cyberangriffe auf Unternehmen. Presented at the Gezielte Cyberangriffe auf Unternehmen - Gefahren und Chancen für Österreichs Wirtschaft.
Piller, E. (2015, September). Herausforderungen der Digitalisierung. Festrede presented at the European Researchers Night.
Koinig, U., Tjoa, S., & Ryoo, J. (2015). Contrology - an ontology-based cloud assurance approach. In IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). Larcana, Cyprus: IEEE.
Huber, M. (2015). Prozesse und Werkzeuge zur Veröffentlichung von Sicherheitsempfehlungen. In Sicherheit in Cyber-Netzwerken (pp. 91–106). Springer Verlag.
Hellwig, O., Quirchmayr, G., Huber, E., Mischitz, T., & Huber, M. (2015). Towards a CERT-Communication Model as Basis to Software Assurance. In 10th International Conference on Availability, Reliability and Security (ARES).
Tjoa, S., & Rybnicek, M. (2015). Modellierung und Simulation kritischer IKT Infrastrukturen und deren Abhängigkeiten. In Cyber Attack Information System - Erfahrungen und Erkenntnisse aus der IKT-Sicherheitsforschung. Vieweg+Teubner Verlag.
Piller, E. (2015, November). Sachverständigengutachten laut Registrierkassensicherheitsverordnung. Presented at the Hauptverband der Gerichtssachverständigen, Landesverband Wien, NÖ, Burgenland.
Kieseberg, P., Schrittwieser, S., Mulazzani, M., Echizen, I., & Weippl, E. (2014). An algorithm for collusion-resistant anonymization and fingerprinting of sensitive microdata. Special Issue on Security and Privacy in Business Networking.
Rybnicek, M., Tjoa, S., & Poisel, R. (2014). Simulation-based Cyber-Attack Assessment of Critical Infrastructures. In Lecture Notes in Business Information Processing. Thessaloniki, Griechenland: Springer.
Wöhrer, A., Kaniovskyi, Y., & Kobler, M. (2013). Modding and Cloud Gaming: Business Considerations and Technical Aspects. In International Conference on Internet and Web Applications and Services (ICIW). Rome, Italy.
Schrattenholzer, M., Ruzicka, M., Rybnicek, M., Poisel, R., & Tjoa, S. (2013). Wer spielt gewinnt. In D-A-CH Security. Nürnberg, Deutschland.
Rybnicek, M., Poisel, R., Ruzicka, M., & Tjoa, S. (2012). A Generic Approach to Critical Infrastructures Modeling and Simulation. In ASE International Conference on Cyber Security. Washington, DC: IEEE.
Piller, E. (2012). Netzbasierte Infrastrukturleistungsmodelle und deren Übertragbarkeit auf IP-Infrastrukturn. In Netzneutralität und Netzbewirtschaftung - Multimedia in Telekommunikationsnetzwerken (pp. 137–147). Nomos Verlag.
Tjoa, S., Jakoubi, S., Goluch, G., Kitzler, G., Goluch, S., & Quirchmayr, G. (2011). A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation. IEEE Transactions on Services Computing, 4(2), 153–166.
Jakoubi, S., Tjoa, S., Goluch, S., & Kitzler, G. (2010). A Formal Approach Towards Risk-Aware Service Level Analysis and Planning. In International Conference on Availability, Reliability, and Security (ARES"10) (pp. 180–187). Krakow, Poland: IEEE Computer Society.
Jakoubi, S., Tjoa, S., Goluch, S., & Kitzler, G. (2010). Risk-Aware Business Process Management - Establishing the Link Between Business and Security. In Complex Intelligent Systems and Their Applications (Vol. 41, pp. 109–135). Springer-Verlag.
Fischer, B. (2010). Ein anonymes Service sicher betreiben mit OnionCat. Hackin9, (3).
Fischer, B. (2010). Ein Anonymes Internet. Hackin9, (2).
Tjoa, S., Jakoubi, S., Goluch, S., & Kitzler, G. (2010). Planning Dynamic Activity and Resource Allocations Using a Risk-Aware Business Process Management Approach. In International Conference on Availability, Reliability, and Security (ARES"10) (pp. 268–274). Krakow, Poland: IEEE Computer Society.
Jakoubi, S., Neubauer, T., & Tjoa, S. (2009). A roadmap to risk-aware business process management. In IEEE Asia-Pacific Services Computing Conference (IEEE APSCC"09) (pp. 23–27). Biopolis, Singapore: IEEE Computer Society.
Fischer, B. (2009). OnionCat - An anonymous Internet Overlay. In Privacy Enhancing Technologies Convention (pp. 1–8). Dresden, Germany.
Fischer, B. (2008). OnionCat - A Tor-based Anonymous VPN. In 25th Chaos Communication Congress-Nothing to hide (pp. 1–6). Berlin, Germany.