@inproceedings{5541, author = {{Yasasin, Emrah and Schryen, Guido}}, booktitle = {{23rd European Conference on Information Systems (ECIS 2015)}}, title = {{{Requirements for IT Security Metrics - An Argumentation Theory Based Approach}}}, year = {{2015}}, } @inproceedings{5588, abstract = {{The protection of information technology (IT) has become and is predicted to remain a key economic challenge for organizations. While research on IT security investment is fast growing, it lacks a theoretical basis for structuring research, explaining economic-technological phenomena and guide future research. We address this shortcoming by suggesting a new theoretical model emerging from a multi-theoretical perspective adopt-ing the Resource-Based View and the Organizational Learning Theory. The joint appli-cation of these theories allows to conceptualize in one theoretical model the organiza-tional learning effects that occur when the protection of organizational resources through IT security countermeasures develops over time. We use this model of IT security invest-ments to synthesize findings of a large body of literature and to derive research gaps. We also discuss managerial implications of (closing) these gaps by providing practical ex-amples.}}, author = {{Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}}, booktitle = {{International Conference on Information Systems}}, keywords = {{Information Security, Investment, Literature review, Resource-based View, Organi-zational Learning Theory, Multi-theoretical Perspective}}, title = {{{A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory}}}, year = {{2015}}, } @inproceedings{5589, author = {{Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}}, booktitle = {{23rd European Conference on Information Systems (ECIS 2015)}}, title = {{{IT Security Investments Through the Lens of the Resource-Based View: A new Theoretical Model and Literature Review}}}, year = {{2015}}, } @inproceedings{5590, abstract = {{Nowadays, providing employees with failure-free access to various systems, applications and services is a crucial factor for organizations? success as disturbances potentially inhibit smooth workflows and thereby harm productivity. However, it is a challenging task to assign access rights to employees? accounts within a satisfying time frame. In addition, the management of multiple accounts and identities can be very onerous and time consuming for the responsible administrator and therefore expensive for the organization. In order to meet these challenges, firms decide to invest in introducing an Identity and Access Management System (IAMS) that supports the organization by using policies to assign permissions to accounts, groups, and roles. In practice, since various versions of IAMSs exist, it is a challenging task to decide upon introduction of an IAMS. The following study proposes a first attempt of a decision support model for practitioners which considers four alternatives: Introduction of an IAMS with Role-based Access Control RBAC) or without and no introduction of IAMS again with or without RBAC. To underpin the practical applicability of the proposed model, we parametrize and operationalize it based on a real world use case using input from an expert interview.}}, author = {{Weishäupl, Eva and Kunz, Michael and Yasasin, Emrah and Wagner, Gerit and Prester, Julian and Schryen, Guido and Pernul, Günther}}, booktitle = {{2nd International Workshop on Security in highly connected IT Systems (SHCIS?15)}}, keywords = {{Identity and Access Management, Economic Decision Making, Information Systems, Information Security Investment, Decision Theory}}, title = {{{Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory}}}, year = {{2015}}, } @article{5616, author = {{Schryen, Guido and Weishäupl, Eva}}, journal = {{Managementkompass}}, number = {{2}}, pages = {{17--18}}, publisher = {{Frankfurt Business Media, Der F.A.Z.-Fachverlag}}, title = {{{IT-Sicherheit: Ökonomisch Planen und Bewerten}}}, year = {{2015}}, } @inproceedings{5618, abstract = {{Literature reviews play an important role in the development of knowledge. Yet, we observe a lack of theoretical underpinning of and epistemological insights into how literature reviews can contribute to knowledge creation and have actually contributed in the IS discipline. To address these theoretical and empirical research gaps, we suggest a novel epistemological model of literature reviews. This model allows us to align different contributions of literature reviews with their underlying knowledge conversions - thereby building a bridge between the previously largely unconnected fields of literature reviews and epistemology. We evaluate the appropriateness of the model by conducting an empirical analysis of 173 IS literature reviews which were published in 39 pertinent IS journals between 2000 and 2014. Based on this analysis, we derive an epistemological taxonomy of IS literature reviews, which complements previously suggested typologies.}}, author = {{Schryen, Guido and Wagner, Gerit and Benlian, Alexander}}, booktitle = {{International Conference on Information Systems (ICIS)}}, keywords = {{Literature review, Research methods/methodology, Theory of knowledge}}, title = {{{Theory of Knowledge for Literature Reviews: An Epistemological Model, Taxonomy and Empirical Analysis of IS Literature}}}, year = {{2015}}, } @article{5622, author = {{Schryen, Guido and Rauchecker, Gerhard and Comes, Martina}}, journal = {{Business & Information Systems Engineering (BISE)}}, number = {{4}}, pages = {{243--259}}, publisher = {{Springer}}, title = {{{Resource Planning in Disaster Response - Decision Support Models and Methodologies}}}, volume = {{57}}, year = {{2015}}, } @article{5634, author = {{Schryen, Guido}}, journal = {{Communications of the AIS}}, number = {{Art 12}}, pages = {{286--325}}, publisher = {{Association for Information Systems (AIS); Association for Computing Machinery (ACM)}}, title = {{{Writing qualitative IS literature reviews ? Guidelines for synthesis, interpretation and guidance of research}}}, volume = {{37}}, year = {{2015}}, } @inproceedings{5672, author = {{Rauchecker, Gerhard and Yasasin, Emrah and Schryen, Guido}}, booktitle = {{11th International Conference on Trust, Privacy, and Security in Digital Business (TRUSTBUS)}}, title = {{{A Decision Support System for IT Security Incident Management}}}, year = {{2014}}, } @article{5686, author = {{Fink, Andreas and Kliewer, Natalia and Mattfeld, Dirk and Mönch, Lars and Rothlauf, Franz and Schryen, Guido and Suhl, Leena and Voß, Stefan}}, journal = {{Business & Information Systems Engineering (BISE)}}, number = {{1}}, pages = {{17--24}}, publisher = {{Gabler}}, title = {{{Model-based Decision Support in Manufacturing and Service Networks}}}, volume = {{6}}, year = {{2014}}, }