Annex: Link to the survey

Information security and operational risk.

How do companies face and manage risks currently? Do their diverse risk management functions still work in silos? Where does information security fit in this risk management puzzle? Among others, these questions are the triggers for an academic information security study that I am carrying out.

The study investigates how the link of information security with operational risk management brings benefits to any organisation. The financial sector is a clear example for this, where strong regulatory drivers push for an integrated enterprise risk management.

A key quantitative data collection tool for this study is an anonymous survey available at http://securityandrisk.aedranet.com .

The survey requires only some minutes. Before the end of 2006, all participants providing an e-mail address will receive an executive summary with the main results of the study. No link will exist between the given email address and the answers.