This area addresses organizational IT security research problems. In the area of GRC we have bundled issues related to risk management, compliance, and user awareness for SMEs. We have already achieved significant results in these fields in the past, and believe it should be further explored in the years to come. For instance, our security ontology needs to include additional standards and mapping rules between them to allow semiautomatic reasoning about different adoption strategies.
