SBA2 has four main areas of research: (1) Governance, Risk and Compliance, (2) Data Security and Privacy, (3) Secure Coding and Code Analysis and (4) Hardware and Network Security. Most of our projects operate interdependently within these four areas. Our research program is designed as an integral approach to cover all important levels of IT security: the organizational layer (including the human factor), the business process layer, the logical layer, and the network- and infrastructure layer. In brief, our overall goal is to expand the successful work of the center in crucial fields of research and to continuously develop more secure and robust IT systems. We strive to establish security as an enabling factor in Austria’s IT-driven businesses and preventively protect them against cyber-criminal attacks. The rationale for our research is (1) to protect information assets and (2) to enable new services.