Abstract— The ability to prevent risks as well as to appropriately counteract occurring threats has increasingly become a crucial success factor. Traditional business process management provides concepts for the economical optimization of processes, while risk management focuses on the design of robust business processes. While aiming at the same goal, namely the improvement of business, the approaches how to reach this vary, due to a different understanding of improvement. Following this, optimizing recommendations of business process management and risk management may be contradictory. Therefore, we proposed a unified method, integrating both points of views to enable risk-aware business process management and optimization. In this paper, we briefly describe the ROPE (Risk-Oriented Process Evaluation) methodology and the Security Ontology concept, which provides a solid knowledge base for an applicable and holistic company specific IT security approach. This heavy-weight ontolog...