@inproceedings{5541, author = {{Yasasin, Emrah and Schryen, Guido}}, booktitle = {{23rd European Conference on Information Systems (ECIS 2015)}}, title = {{{Requirements for IT Security Metrics - An Argumentation Theory Based Approach}}}, year = {{2015}}, } @inproceedings{5588, abstract = {{The protection of information technology (IT) has become and is predicted to remain a key economic challenge for organizations. While research on IT security investment is fast growing, it lacks a theoretical basis for structuring research, explaining economic-technological phenomena and guide future research. We address this shortcoming by suggesting a new theoretical model emerging from a multi-theoretical perspective adopt-ing the Resource-Based View and the Organizational Learning Theory. The joint appli-cation of these theories allows to conceptualize in one theoretical model the organiza-tional learning effects that occur when the protection of organizational resources through IT security countermeasures develops over time. We use this model of IT security invest-ments to synthesize findings of a large body of literature and to derive research gaps. We also discuss managerial implications of (closing) these gaps by providing practical ex-amples.}}, author = {{Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}}, booktitle = {{International Conference on Information Systems}}, keywords = {{Information Security, Investment, Literature review, Resource-based View, Organi-zational Learning Theory, Multi-theoretical Perspective}}, title = {{{A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory}}}, year = {{2015}}, } @inproceedings{5589, author = {{Weishäupl, Eva and Yasasin, Emrah and Schryen, Guido}}, booktitle = {{23rd European Conference on Information Systems (ECIS 2015)}}, title = {{{IT Security Investments Through the Lens of the Resource-Based View: A new Theoretical Model and Literature Review}}}, year = {{2015}}, } @inproceedings{5590, abstract = {{Nowadays, providing employees with failure-free access to various systems, applications and services is a crucial factor for organizations? success as disturbances potentially inhibit smooth workflows and thereby harm productivity. However, it is a challenging task to assign access rights to employees? accounts within a satisfying time frame. In addition, the management of multiple accounts and identities can be very onerous and time consuming for the responsible administrator and therefore expensive for the organization. In order to meet these challenges, firms decide to invest in introducing an Identity and Access Management System (IAMS) that supports the organization by using policies to assign permissions to accounts, groups, and roles. In practice, since various versions of IAMSs exist, it is a challenging task to decide upon introduction of an IAMS. The following study proposes a first attempt of a decision support model for practitioners which considers four alternatives: Introduction of an IAMS with Role-based Access Control RBAC) or without and no introduction of IAMS again with or without RBAC. To underpin the practical applicability of the proposed model, we parametrize and operationalize it based on a real world use case using input from an expert interview.}}, author = {{Weishäupl, Eva and Kunz, Michael and Yasasin, Emrah and Wagner, Gerit and Prester, Julian and Schryen, Guido and Pernul, Günther}}, booktitle = {{2nd International Workshop on Security in highly connected IT Systems (SHCIS?15)}}, keywords = {{Identity and Access Management, Economic Decision Making, Information Systems, Information Security Investment, Decision Theory}}, title = {{{Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory}}}, year = {{2015}}, } @article{5616, author = {{Schryen, Guido and Weishäupl, Eva}}, journal = {{Managementkompass}}, number = {{2}}, pages = {{17--18}}, publisher = {{Frankfurt Business Media, Der F.A.Z.-Fachverlag}}, title = {{{IT-Sicherheit: Ökonomisch Planen und Bewerten}}}, year = {{2015}}, } @inproceedings{5618, abstract = {{Literature reviews play an important role in the development of knowledge. Yet, we observe a lack of theoretical underpinning of and epistemological insights into how literature reviews can contribute to knowledge creation and have actually contributed in the IS discipline. To address these theoretical and empirical research gaps, we suggest a novel epistemological model of literature reviews. This model allows us to align different contributions of literature reviews with their underlying knowledge conversions - thereby building a bridge between the previously largely unconnected fields of literature reviews and epistemology. We evaluate the appropriateness of the model by conducting an empirical analysis of 173 IS literature reviews which were published in 39 pertinent IS journals between 2000 and 2014. Based on this analysis, we derive an epistemological taxonomy of IS literature reviews, which complements previously suggested typologies.}}, author = {{Schryen, Guido and Wagner, Gerit and Benlian, Alexander}}, booktitle = {{International Conference on Information Systems (ICIS)}}, keywords = {{Literature review, Research methods/methodology, Theory of knowledge}}, title = {{{Theory of Knowledge for Literature Reviews: An Epistemological Model, Taxonomy and Empirical Analysis of IS Literature}}}, year = {{2015}}, } @article{5622, author = {{Schryen, Guido and Rauchecker, Gerhard and Comes, Martina}}, journal = {{Business & Information Systems Engineering (BISE)}}, number = {{4}}, pages = {{243--259}}, publisher = {{Springer}}, title = {{{Resource Planning in Disaster Response - Decision Support Models and Methodologies}}}, volume = {{57}}, year = {{2015}}, } @article{5634, author = {{Schryen, Guido}}, journal = {{Communications of the AIS}}, number = {{Art 12}}, pages = {{286--325}}, publisher = {{Association for Information Systems (AIS); Association for Computing Machinery (ACM)}}, title = {{{Writing qualitative IS literature reviews ? Guidelines for synthesis, interpretation and guidance of research}}}, volume = {{37}}, year = {{2015}}, } @inproceedings{5672, author = {{Rauchecker, Gerhard and Yasasin, Emrah and Schryen, Guido}}, booktitle = {{11th International Conference on Trust, Privacy, and Security in Digital Business (TRUSTBUS)}}, title = {{{A Decision Support System for IT Security Incident Management}}}, year = {{2014}}, } @article{5686, author = {{Fink, Andreas and Kliewer, Natalia and Mattfeld, Dirk and Mönch, Lars and Rothlauf, Franz and Schryen, Guido and Suhl, Leena and Voß, Stefan}}, journal = {{Business & Information Systems Engineering (BISE)}}, number = {{1}}, pages = {{17--24}}, publisher = {{Gabler}}, title = {{{Model-based Decision Support in Manufacturing and Service Networks}}}, volume = {{6}}, year = {{2014}}, } @article{5687, author = {{Fink, Andreas and Kliewer, Natalia and Mattfeld, Dirk and Mönch, Lars and Rothlauf, Franz and Schryen, Guido and Suhl, Lena and Voß, Stefan}}, journal = {{Wirtschaftsinformatik}}, number = {{1}}, pages = {{21--29}}, publisher = {{Gabler}}, title = {{{Modellbasierte Entscheidungsunterstützung in Produktions- und Service-Netzwerken}}}, volume = {{56}}, year = {{2014}}, } @techreport{6197, author = {{Schryen, Guido}}, title = {{{The Epistemological Impact of Literature Reviews in Information Systems Research}}}, year = {{2014}}, } @inproceedings{5573, author = {{Yasasin, Emrah and Rauchecker, Gerhard and Prester, Julian and Schryen, Guido}}, booktitle = {{1st Workshop on Security in highly connected IT systems (SHCIS 14)}}, title = {{{A Fuzzy Security Investment Decision Support Model for Highly Distributed Systems}}}, year = {{2014}}, } @article{5585, author = {{Wex, Felix and Schryen, Guido and Feuerriegel, Stefan and Neumann, Dirk}}, journal = {{European Journal of Operational Research}}, publisher = {{Elsevier}}, title = {{{Emergency Response in Natural Disaster Management: Allocation and Scheduling of Rescue Units}}}, year = {{2014}}, } @article{5614, abstract = {{Natural disasters, including earthquakes, Tsunamis, floods, hurricanes, and volcanic eruptions, have caused tremendous harm and continue to threaten millions of humans and various infrastructure capabilities each year. In their efforts to take countermeasures against the threats posed by future natural disasters, the United Nations formulated the ?Hyogo Framework for Action?, which aims at assessing and reducing risk. This framework and a global review of disaster reduction initiatives of the United Nations acknowledge the need for information systems research contributions in addressing major challenges of natural disaster management. In this paper, we provide a review of the literature with regard to how information systems research has addressed risk assessment and reduction in natural disaster management. Based on the review we identify research gaps that are centered around the need for acquiring general knowledge on how to design IS artifacts for risk assessment and reduction. In order to close these gaps in further research, we develop a research agenda that follows the IS design science paradigm.}}, author = {{Schryen, Guido and Wex, Felix}}, journal = {{International Journal of Information Systems for Crisis Response and Management (IJISCRAM)}}, keywords = {{Natural Disaster Management, Risk Reduction, Hyogo Framework, IS Design Science, Literature review}}, number = {{1}}, title = {{{Risk Reduction in Natural Disaster Management Through Information Systems: A Literature review and an IS design science research agenda}}}, volume = {{6}}, year = {{2014}}, } @article{5627, author = {{Schryen, Guido and Hristova, Diana}}, journal = {{OR -Spectrum}}, number = {{1}}, pages = {{1--48}}, publisher = {{Springer}}, title = {{{Duality in fuzzy linear programming: A survey}}}, volume = {{37}}, year = {{2014}}, } @article{5636, author = {{Schryen, Guido}}, journal = {{Communications of the AIS}}, title = {{{Writing qualitative IS literature reviews ? Guidelines for synthesis, interpretation and guidance of research}}}, year = {{2014}}, } @article{5682, author = {{de Meer, Hermann and Diener, Michael and Herkenhöner, Ralph and Kucera, Markus and Niedermeier, Michael and Reisser, Andreas and Schryen, Guido and Vetter, Michael and Waas, Thomas and Yasasin, Emrah}}, journal = {{PIK - Praxis der Informationsverarbeitung und Kommunikation}}, number = {{3}}, pages = {{153--159}}, publisher = {{de Gruyter}}, title = {{{Sicherheitsherausforderungen in hochverteilten Systemen}}}, volume = {{36}}, year = {{2013}}, } @article{6166, author = {{Wex, Felix and Schryen, Guido}}, journal = {{Blick in die Wissenschaft}}, number = {{28}}, pages = {{27--32}}, title = {{{Effektiver Einsatz von Rettungskräften bei Naturkatastrophen - Modelle und Verfahren zur Entscheidungsunterstützung}}}, year = {{2013}}, } @article{5575, author = {{Wex, Felix and Schryen, Guido and Neumann, Dirk}}, journal = {{International Journal of Information Systems for Crisis Response and Management}}, number = {{4}}, pages = {{63--80}}, publisher = {{IGI Publ.}}, title = {{{Assignments of Collaborative Rescue Units during Emergency Response}}}, volume = {{5}}, year = {{2013}}, }