[{"_id":"5632","citation":{"ieee":"G. Schryen and C. Bodenstein, “A decision-theoretic foundation of IS business value research,” in Proceedings of the 18th European Conference on Information Systems (ECIS 2010), 2010.","short":"G. Schryen, C. Bodenstein, in: Proceedings of the 18th European Conference on Information Systems (ECIS 2010), 2010.","mla":"Schryen, Guido, and Christian Bodenstein. “A Decision-Theoretic Foundation of IS Business Value Research.” Proceedings of the 18th European Conference on Information Systems (ECIS 2010), 2010.","bibtex":"@inproceedings{Schryen_Bodenstein_2010, title={A decision-theoretic foundation of IS business value research}, booktitle={Proceedings of the 18th European Conference on Information Systems (ECIS 2010)}, author={Schryen, Guido and Bodenstein, Christian}, year={2010} }","chicago":"Schryen, Guido, and Christian Bodenstein. “A Decision-Theoretic Foundation of IS Business Value Research.” In Proceedings of the 18th European Conference on Information Systems (ECIS 2010), 2010.","ama":"Schryen G, Bodenstein C. A decision-theoretic foundation of IS business value research. In: Proceedings of the 18th European Conference on Information Systems (ECIS 2010). ; 2010.","apa":"Schryen, G., & Bodenstein, C. (2010). A decision-theoretic foundation of IS business value research. In Proceedings of the 18th European Conference on Information Systems (ECIS 2010)."},"year":"2010","type":"conference","user_id":"61579","ddc":["000"],"abstract":[{"lang":"eng","text":"Enduring doubts about the value of IS investments reveal that IS researchers have not fully managed to identify and to explain the economic benefits of IS. Three research tasks are essential requisites on the path towards addressing this criticism: the synthesis of knowledge, the identification of lack of knowledge, and the proposition of paths for closing knowledge gaps. This paper considers each of these tasks by a) synthesizing key research findings based on a comprehensive literature review, b) identifying and unfolding key limitations of current research, and c) applying a decision-theoretic perspective, which opens new horizons to IS business value research and shows paths for overcoming the limitations. The adoption of this perspective results in a decision-theoretic foundation of IS business value research and includes the proposition of a consistent terminology and a research model that frames further research."}],"extern":"1","date_created":"2018-11-14T14:24:25Z","has_accepted_license":"1","status":"public","file":[{"access_level":"open_access","date_created":"2018-12-11T15:24:22Z","file_name":"IS business value - ECIS - Final Version.pdf","relation":"main_file","content_type":"application/pdf","date_updated":"2018-12-13T15:20:37Z","creator":"hsiemes","file_id":"6193","file_size":174368}],"file_date_updated":"2018-12-13T15:20:37Z","publication":"Proceedings of the 18th European Conference on Information Systems (ECIS 2010)","keyword":["Decision theory","IT value","IS assessment","IS evaluation"],"author":[{"last_name":"Schryen","id":"72850","first_name":"Guido","full_name":"Schryen, Guido"},{"full_name":"Bodenstein, Christian","first_name":"Christian","last_name":"Bodenstein"}],"oa":"1","date_updated":"2022-01-06T07:02:14Z","language":[{"iso":"eng"}],"title":"A decision-theoretic foundation of IS business value research","department":[{"_id":"277"}]},{"place":"Bonn","title":"A Fuzzy Model for IT Security Investments","department":[{"_id":"277"}],"editor":[{"first_name":"Felix","full_name":"C. Freiling, Felix","last_name":"C. Freiling"}],"date_updated":"2022-01-06T07:02:18Z","oa":"1","series_title":"GI-Edition: lecture notes in informatics. Proceedings","language":[{"iso":"eng"}],"abstract":[{"text":"This paper presents a fuzzy set based decision support model for taking uncertainty into account when making security investment decisions for distributed systems. The proposed model is complementary to robabilistic approaches and useful in situations where probabilistic information is either unavailable or not appropriate to reliably predict future conditions. We ?rst present the speci?cation of a formal security language that allows to specify under which conditions a distributed system is protected against security violations. We show that each term of the security language can be transformed into an equivalent propositional logic term. Then we use propositional logic terms to de?ne a fuzzy set based decision model. This optimization model incorporates uncertainty with regard to the impact of investments on the achieved security levels of components of the distributed system. The model also accounts for budget and security constraints, in order to be applicable in practice.","lang":"eng"}],"extern":"1","user_id":"61579","ddc":["000"],"file":[{"file_name":"security_fuzzy_LNI Version.pdf","date_created":"2018-12-11T15:22:12Z","access_level":"open_access","file_size":372660,"file_id":"6190","creator":"hsiemes","content_type":"application/pdf","date_updated":"2018-12-13T15:20:03Z","relation":"main_file"}],"file_date_updated":"2018-12-13T15:20:03Z","publication":"Sicherheit 2010 : Sicherheit, Schutz und Zuverl{\\\"a}ssigkeit ; Konferenzband der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f{\\\"u}r Informatik e.V. (GI), 5. - 7. Oktober 2010 in Berlin","author":[{"full_name":"Schryen, Guido","first_name":"Guido","id":"72850","last_name":"Schryen"}],"publisher":"Gesellschaft für Informatik","date_created":"2018-11-14T14:35:59Z","has_accepted_license":"1","status":"public","volume":170,"intvolume":" 170","_id":"5642","page":"289-304","type":"conference","year":"2010","citation":{"ieee":"G. Schryen, “A Fuzzy Model for IT Security Investments,” in Sicherheit 2010 : Sicherheit, Schutz und Zuverl{\\\"a}ssigkeit ; Konferenzband der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f{\\\"u}r Informatik e.V. (GI), 5. - 7. Oktober 2010 in Berlin, 2010, vol. 170, pp. 289–304.","short":"G. Schryen, in: F. C. Freiling (Ed.), Sicherheit 2010 : Sicherheit, Schutz Und Zuverl{\\\"a}ssigkeit ; Konferenzband Der 5. Jahrestagung Des Fachbereichs Sicherheit Der Gesellschaft F{\\\"u}r Informatik e.V. (GI), 5. - 7. Oktober 2010 in Berlin, Gesellschaft für Informatik, Bonn, 2010, pp. 289–304.","bibtex":"@inproceedings{Schryen_2010, place={Bonn}, series={GI-Edition: lecture notes in informatics. Proceedings}, title={A Fuzzy Model for IT Security Investments}, volume={170}, booktitle={Sicherheit 2010 : Sicherheit, Schutz und Zuverl{\\\"a}ssigkeit ; Konferenzband der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f{\\\"u}r Informatik e.V. (GI), 5. - 7. Oktober 2010 in Berlin}, publisher={Gesellschaft für Informatik}, author={Schryen, Guido}, editor={C. Freiling, FelixEditor}, year={2010}, pages={289–304}, collection={GI-Edition: lecture notes in informatics. Proceedings} }","mla":"Schryen, Guido. “A Fuzzy Model for IT Security Investments.” Sicherheit 2010 : Sicherheit, Schutz Und Zuverl{\\\"a}ssigkeit ; Konferenzband Der 5. Jahrestagung Des Fachbereichs Sicherheit Der Gesellschaft F{\\\"u}r Informatik e.V. (GI), 5. - 7. Oktober 2010 in Berlin, edited by Felix C. Freiling, vol. 170, Gesellschaft für Informatik, 2010, pp. 289–304.","chicago":"Schryen, Guido. “A Fuzzy Model for IT Security Investments.” In Sicherheit 2010 : Sicherheit, Schutz Und Zuverl{\\\"a}ssigkeit ; Konferenzband Der 5. Jahrestagung Des Fachbereichs Sicherheit Der Gesellschaft F{\\\"u}r Informatik e.V. (GI), 5. - 7. Oktober 2010 in Berlin, edited by Felix C. Freiling, 170:289–304. GI-Edition: Lecture Notes in Informatics. Proceedings. Bonn: Gesellschaft für Informatik, 2010.","apa":"Schryen, G. (2010). A Fuzzy Model for IT Security Investments. In F. C. Freiling (Ed.), Sicherheit 2010 : Sicherheit, Schutz und Zuverl{\\\"a}ssigkeit ; Konferenzband der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f{\\\"u}r Informatik e.V. (GI), 5. - 7. Oktober 2010 in Berlin (Vol. 170, pp. 289–304). Bonn: Gesellschaft für Informatik.","ama":"Schryen G. A Fuzzy Model for IT Security Investments. In: C. Freiling F, ed. Sicherheit 2010 : Sicherheit, Schutz Und Zuverl{\\\"a}ssigkeit ; Konferenzband Der 5. Jahrestagung Des Fachbereichs Sicherheit Der Gesellschaft F{\\\"u}r Informatik e.V. (GI), 5. - 7. Oktober 2010 in Berlin. Vol 170. GI-Edition: lecture notes in informatics. Proceedings. Bonn: Gesellschaft für Informatik; 2010:289-304."}},{"file":[{"relation":"main_file","date_updated":"2018-12-13T15:17:00Z","content_type":"application/pdf","creator":"hsiemes","file_id":"6186","file_size":302340,"access_level":"open_access","file_name":"2010_Book_ScandinavianInformationSystems - Schryen.pdf","date_created":"2018-12-11T15:14:51Z"}],"author":[{"last_name":"Schryen","id":"72850","first_name":"Guido","full_name":"Schryen, Guido"}],"keyword":["Literature review","Business value","Information systems","Methodology","Theory"],"publication":"Proceedings of the First Scandinavian Conference on Information Systems (SCIS)","file_date_updated":"2018-12-13T15:17:00Z","has_accepted_license":"1","status":"public","date_created":"2018-11-14T14:36:26Z","abstract":[{"lang":"eng","text":"Enduring doubts about the value of IS investments reveal that IS researchers have not fully managed to identify and to explain the economic benefits of IS. This paper assumes that literature reviews, which represent a powerful instrument for the identification and synthesis of knowledge, have not tapped their full potential to address this issue due to deficiencies in methodology. The analysis of 18 literature reviews published in pertinent academic outlets during the past 20 years shows such deficiencies. Two of the most critical weaknesses identified are (1) the lack of theory use in most reviews and (2) a weak linkage of reviews, resulting in little progress in theory and framework development. The systematic identification of these weaknesses and the extraction of promising methodological examples from past literature are the main contributions of this work, which supports the composition of more effective literature reviews in future research."}],"extern":"1","user_id":"61579","ddc":["000"],"citation":{"bibtex":"@inproceedings{Schryen_2010, title={An Analysis of Literature Reviews on IS Business Value: How Deficiencies in Methodology and Theory Use Resulted in Limited Effectiveness}, booktitle={Proceedings of the First Scandinavian Conference on Information Systems (SCIS)}, author={Schryen, Guido}, year={2010} }","mla":"Schryen, Guido. “An Analysis of Literature Reviews on IS Business Value: How Deficiencies in Methodology and Theory Use Resulted in Limited Effectiveness.” Proceedings of the First Scandinavian Conference on Information Systems (SCIS), 2010.","apa":"Schryen, G. (2010). An Analysis of Literature Reviews on IS Business Value: How Deficiencies in Methodology and Theory Use Resulted in Limited Effectiveness. In Proceedings of the First Scandinavian Conference on Information Systems (SCIS).","ama":"Schryen G. An Analysis of Literature Reviews on IS Business Value: How Deficiencies in Methodology and Theory Use Resulted in Limited Effectiveness. In: Proceedings of the First Scandinavian Conference on Information Systems (SCIS). ; 2010.","chicago":"Schryen, Guido. “An Analysis of Literature Reviews on IS Business Value: How Deficiencies in Methodology and Theory Use Resulted in Limited Effectiveness.” In Proceedings of the First Scandinavian Conference on Information Systems (SCIS), 2010.","ieee":"G. Schryen, “An Analysis of Literature Reviews on IS Business Value: How Deficiencies in Methodology and Theory Use Resulted in Limited Effectiveness,” in Proceedings of the First Scandinavian Conference on Information Systems (SCIS), 2010.","short":"G. Schryen, in: Proceedings of the First Scandinavian Conference on Information Systems (SCIS), 2010."},"type":"conference","year":"2010","_id":"5643","department":[{"_id":"277"}],"title":"An Analysis of Literature Reviews on IS Business Value: How Deficiencies in Methodology and Theory Use Resulted in Limited Effectiveness","language":[{"iso":"eng"}],"date_updated":"2022-01-06T07:02:18Z","oa":"1"},{"department":[{"_id":"277"}],"title":"Preserving knowledge on IS business value: what literature reviews have done","language":[{"iso":"eng"}],"oa":"1","date_updated":"2022-01-06T07:02:19Z","volume":52,"status":"public","has_accepted_license":"1","date_created":"2018-11-14T14:38:02Z","author":[{"first_name":"Guido","full_name":"Schryen, Guido","last_name":"Schryen","id":"72850"}],"publisher":"Springer","keyword":["Business value","Information systems","Literature review","Meta review"],"file_date_updated":"2018-12-13T15:17:12Z","publication":"Business \\& Information Systems Engineering (BISE)","file":[{"file_id":"6187","creator":"hsiemes","file_size":525443,"relation":"main_file","date_updated":"2018-12-13T15:17:12Z","content_type":"application/pdf","file_name":"BISE-PreservingknowledgeonISbusinessvalue-Manuscript-1.pdf","date_created":"2018-12-11T15:19:37Z","access_level":"open_access"}],"ddc":["000"],"user_id":"61579","extern":"1","abstract":[{"text":"The economic relevance of information systems has been studied for many years and has attracted an abundance of research papers. However, the ?productivity paradoxon? of the 90s, Carr?s widely recognized paper ?IT doesn?t matter?, and several studies that do not find a positive correlation between IS investments and economic performance reveal long-lasting difficulties for IS researchers to explain ?IS business value?. Business executives and researchers also continue to question the value of IS investments. This raises the question of whether literature reviews have tapped their potential to address the concerns by covering key research areas of IS business value and preserving their key findings. In order to address this question, this paper identifies and describes 12 key research areas, and synthesizes what literature reviews published in pertinent academic outlets have done to preserve knowledge. The analysis of 22 literature reviews shows that some crucial areas have not been (sufficiently) covered. They provide fertile areas for future literature reviews. As this work is based on the results of more than 200 research papers, it is capable of drawing a comprehensive picture of the current state-of-the-art in IS business value research.","lang":"eng"}],"citation":{"bibtex":"@article{Schryen_2010, title={Preserving knowledge on IS business value: what literature reviews have done}, volume={52}, number={4}, journal={Business \\& Information Systems Engineering (BISE)}, publisher={Springer}, author={Schryen, Guido}, year={2010}, pages={225–237} }","mla":"Schryen, Guido. “Preserving Knowledge on IS Business Value: What Literature Reviews Have Done.” Business \\& Information Systems Engineering (BISE), vol. 52, no. 4, Springer, 2010, pp. 225–37.","apa":"Schryen, G. (2010). Preserving knowledge on IS business value: what literature reviews have done. Business \\& Information Systems Engineering (BISE), 52(4), 225–237.","ama":"Schryen G. Preserving knowledge on IS business value: what literature reviews have done. Business \\& Information Systems Engineering (BISE). 2010;52(4):225-237.","chicago":"Schryen, Guido. “Preserving Knowledge on IS Business Value: What Literature Reviews Have Done.” Business \\& Information Systems Engineering (BISE) 52, no. 4 (2010): 225–37.","ieee":"G. Schryen, “Preserving knowledge on IS business value: what literature reviews have done,” Business \\& Information Systems Engineering (BISE), vol. 52, no. 4, pp. 225–237, 2010.","short":"G. Schryen, Business \\& Information Systems Engineering (BISE) 52 (2010) 225–237."},"year":"2010","type":"journal_article","page":"225-237","issue":"4","_id":"5644","intvolume":" 52"},{"language":[{"iso":"eng"}],"date_updated":"2022-01-06T07:02:19Z","oa":"1","department":[{"_id":"277"}],"title":"Ökonomischer Wert von Informationssystemen - Beitrag von Literatur-Reviews zum Wissenserhalt ( = Preserving Knowledge on IS Business Value. What Literature Reviews Have Done)","type":"journal_article","year":"2010","citation":{"bibtex":"@article{Schryen_2010, title={Ökonomischer Wert von Informationssystemen - Beitrag von Literatur-Reviews zum Wissenserhalt ( = Preserving Knowledge on IS Business Value. What Literature Reviews Have Done)}, volume={52}, number={4}, journal={Wirtschaftsinformatik}, publisher={Gabler; Springer}, author={Schryen, Guido}, year={2010}, pages={225–237} }","mla":"Schryen, Guido. “Ökonomischer Wert von Informationssystemen - Beitrag von Literatur-Reviews Zum Wissenserhalt ( = Preserving Knowledge on IS Business Value. What Literature Reviews Have Done).” Wirtschaftsinformatik, vol. 52, no. 4, Gabler; Springer, 2010, pp. 225–37.","chicago":"Schryen, Guido. “Ökonomischer Wert von Informationssystemen - Beitrag von Literatur-Reviews Zum Wissenserhalt ( = Preserving Knowledge on IS Business Value. What Literature Reviews Have Done).” Wirtschaftsinformatik 52, no. 4 (2010): 225–37.","ama":"Schryen G. Ökonomischer Wert von Informationssystemen - Beitrag von Literatur-Reviews zum Wissenserhalt ( = Preserving Knowledge on IS Business Value. What Literature Reviews Have Done). Wirtschaftsinformatik. 2010;52(4):225-237.","apa":"Schryen, G. (2010). Ökonomischer Wert von Informationssystemen - Beitrag von Literatur-Reviews zum Wissenserhalt ( = Preserving Knowledge on IS Business Value. What Literature Reviews Have Done). Wirtschaftsinformatik, 52(4), 225–237.","ieee":"G. Schryen, “Ökonomischer Wert von Informationssystemen - Beitrag von Literatur-Reviews zum Wissenserhalt ( = Preserving Knowledge on IS Business Value. What Literature Reviews Have Done),” Wirtschaftsinformatik, vol. 52, no. 4, pp. 225–237, 2010.","short":"G. Schryen, Wirtschaftsinformatik 52 (2010) 225–237."},"page":"225-237","_id":"5645","intvolume":" 52","issue":"4","publisher":"Gabler; Springer","author":[{"full_name":"Schryen, Guido","first_name":"Guido","id":"72850","last_name":"Schryen"}],"publication":"Wirtschaftsinformatik","file_date_updated":"2018-12-13T15:19:50Z","file":[{"file_size":850718,"creator":"hsiemes","file_id":"6189","date_updated":"2018-12-13T15:19:50Z","content_type":"application/pdf","relation":"main_file","date_created":"2018-12-11T15:21:36Z","file_name":"Schryen2010_Article_ÖkonomischerWertVonInformation.pdf","access_level":"open_access"}],"volume":52,"status":"public","has_accepted_license":"1","date_created":"2018-11-14T14:38:45Z","extern":"1","abstract":[{"text":"The economic relevance of information systems has been studied for many years and has attracted an abundance of research papers. However, the ?productivity paradoxon? of the 1990s, Carr?s widely recognized paper ?IT doesn?t matter?, and several studies that do not find a positive correlation between IS investments and economic performance reveal long-lasting difficulties for IS researchers to explain ?IS business value?. Business executives and researchers also continue to question the value of IS investments. This raises the question of whether literature reviews have tapped their potential to address the concerns by covering key research areas of IS business value and preserving their key findings. In order to address this question, this paper identifies and describes 12 key research areas, and synthesizes what literature reviews published in pertinent academic outlets have done to preserve knowledge. The analysis of 22 literature reviews shows that some crucial areas have not been (sufficiently) covered. They provide fertile areas for future literature reviews. As this work is based on the results of more than 200 research papers, it is capable of drawing a comprehensive picture of the current state-of-the-art in IS business value research.","lang":"eng"}],"ddc":["000"],"user_id":"61579"},{"year":"2009","citation":{"ama":"Volkamer M, Schryen G, Langer L, Schmidt A, Buchmann J. Elektronische Wahlen: Verifizierung vs. Zertifizierung. In: Workshop Elektronische Wahlen, Elektronische Teilhabe, Societyware, 39th GI-Jahrestagung. ; 2009.","apa":"Volkamer, M., Schryen, G., Langer, L., Schmidt, A., & Buchmann, J. (2009). Elektronische Wahlen: Verifizierung vs. Zertifizierung. In Workshop Elektronische Wahlen, elektronische Teilhabe, Societyware, 39th GI-Jahrestagung.","chicago":"Volkamer, Melanie, Guido Schryen, Lucie Langer, Axel Schmidt, and Johannes Buchmann. “Elektronische Wahlen: Verifizierung vs. Zertifizierung.” In Workshop Elektronische Wahlen, Elektronische Teilhabe, Societyware, 39th GI-Jahrestagung, 2009.","bibtex":"@inproceedings{Volkamer_Schryen_Langer_Schmidt_Buchmann_2009, title={Elektronische Wahlen: Verifizierung vs. Zertifizierung}, booktitle={Workshop Elektronische Wahlen, elektronische Teilhabe, Societyware, 39th GI-Jahrestagung}, author={Volkamer, Melanie and Schryen, Guido and Langer, Lucie and Schmidt, Axel and Buchmann, Johannes}, year={2009} }","mla":"Volkamer, Melanie, et al. “Elektronische Wahlen: Verifizierung vs. Zertifizierung.” Workshop Elektronische Wahlen, Elektronische Teilhabe, Societyware, 39th GI-Jahrestagung, 2009.","short":"M. Volkamer, G. Schryen, L. Langer, A. Schmidt, J. Buchmann, in: Workshop Elektronische Wahlen, Elektronische Teilhabe, Societyware, 39th GI-Jahrestagung, 2009.","ieee":"M. Volkamer, G. Schryen, L. Langer, A. Schmidt, and J. Buchmann, “Elektronische Wahlen: Verifizierung vs. Zertifizierung,” in Workshop Elektronische Wahlen, elektronische Teilhabe, Societyware, 39th GI-Jahrestagung, 2009."},"type":"conference","language":[{"iso":"eng"}],"_id":"5597","date_updated":"2022-01-06T07:02:05Z","oa":"1","publication":"Workshop Elektronische Wahlen, elektronische Teilhabe, Societyware, 39th GI-Jahrestagung","department":[{"_id":"277"}],"file_date_updated":"2018-12-18T13:15:26Z","author":[{"first_name":"Melanie","full_name":"Volkamer, Melanie","last_name":"Volkamer"},{"first_name":"Guido","full_name":"Schryen, Guido","last_name":"Schryen","id":"72850"},{"last_name":"Langer","first_name":"Lucie","full_name":"Langer, Lucie"},{"first_name":"Axel","full_name":"Schmidt, Axel","last_name":"Schmidt"},{"last_name":"Buchmann","full_name":"Buchmann, Johannes","first_name":"Johannes"}],"file":[{"date_created":"2018-12-18T13:15:26Z","file_name":"Elektronische Wahlen - GI 2009.pdf","access_level":"open_access","file_size":60870,"file_id":"6313","creator":"hsiemes","date_updated":"2018-12-18T13:15:26Z","content_type":"application/pdf","relation":"main_file"}],"date_created":"2018-11-14T11:49:04Z","status":"public","has_accepted_license":"1","extern":"1","abstract":[{"lang":"eng","text":"Der Beitrag diskutiert die kontroversen Ans{\\\"a}tze ? Verifizierung versus Evaluation/Zertifizierung ? zur Sicherung elektronischer Wahlen mit Wahlger{\\\"a}ten. Dabei spielt das Urteils des Bundesverfassungsgerichts [BVG099] eine zentrale Rolle. Hierin wird entschieden, dass die Zertifizierung des Wahlger{\\\"a}tes nicht ausreicht und es werden Verifizierungsfunktionen gefordert, die den W{\\\"a}hlern die M{\\\"o}glichkeit geben sich von der Integrit{\\\"a}t des Wahlergebnisses zu {\\\"u}berzeugen. Der Beitrag zeigt auf, dass auch mit der Implementierung entsprechender Verifizierungsfunktionen nicht auf Zertifizierung verzichtet werden kann, da an ein Wahlger{\\\"a}t auch andere Anforderungen wie etwa hinsichtlich des Wahlgeheimnisses gestellt werden. Es wird au{\\ss}erdem die Frage diskutiert, warum der Zertifizierung hinsichtlich dieser zus{\\\"a}tzlichen Anforderungen vertraut werden kann, w{\\\"a}hrend dies nicht der Fall bei der Integrit{\\\"a}tsanforderung ist."}],"title":"Elektronische Wahlen: Verifizierung vs. Zertifizierung","ddc":["000"],"user_id":"61579"},{"title":"Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland","department":[{"_id":"277"}],"date_updated":"2022-01-06T07:02:12Z","oa":"1","language":[{"iso":"eng"}],"abstract":[{"lang":"eng","text":"Remote voting through the Internet provides convenience and access to the electorate. At the same time, the security concerns facing any distributed application are magnified when the task is so crucial to democratic society. In addition, some of the electoral process loses transparency when it is encapsulated in information technology. In this paper, we examine the public record of three recent elections that used Internet voting. Our specific goal is to identify any potential flaws that security experts would recognize, but may have not been identified in the rush to implement technology. To do this, we present a multiple exploratory case study, looking at elections conducted between 2006 and 2007 in Estonia, Netherlands, and Switzerland. These elections were selected as particularly interesting and accessible, and each presents its own technical and security challenges. The electoral environment, technical design and process for each election are described, including reconstruction of details which are implied but not specified within the source material. We found that all three elections warrant significant concern about voter security, verifiability, and transparency. Usability, our fourth area of focus, seems to have been well-addressed in these elections. While our analysis is based on public documents and previously published reports, and therefore lacking access to any confidential materials held by electoral officials, this comparative analysis provides interesting insight and consistent questions across all these cases. Effective review of Internet voting requires an aggressive stance towards identifying potential security and operational flaws, and we encourage the use of third party reviews with critical technology skills during design, programming, and voting to reduce the changes of failure or fraud that would undermine public confidence."}],"extern":"1","user_id":"61579","ddc":["000"],"file":[{"content_type":"application/pdf","date_updated":"2018-12-18T13:16:07Z","relation":"main_file","file_size":1544790,"file_id":"6316","creator":"hsiemes","access_level":"open_access","date_created":"2018-12-18T13:16:07Z","file_name":"JOURNAL VERSION.pdf"}],"file_date_updated":"2018-12-18T13:16:07Z","keyword":["e-voting","Internet voting","Internet election","security","verifiability","RIES","Estonia","Neuch{\\^a}tel"],"publication":"IEEE Transactions on Information Forensics \\& Security","publisher":"IEEE","author":[{"id":"72850","last_name":"Schryen","full_name":"Schryen, Guido","first_name":"Guido"},{"full_name":"Rich, Eliot","first_name":"Eliot","last_name":"Rich"}],"date_created":"2018-11-14T14:06:44Z","status":"public","has_accepted_license":"1","volume":4,"intvolume":" 4","_id":"5621","issue":"4 Part","page":"729-744","type":"journal_article","year":"2009","citation":{"ieee":"G. Schryen and E. Rich, “Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland,” IEEE Transactions on Information Forensics \\& Security, vol. 4, no. 4 Part, pp. 729–744, 2009.","short":"G. Schryen, E. Rich, IEEE Transactions on Information Forensics \\& Security 4 (2009) 729–744.","bibtex":"@article{Schryen_Rich_2009, title={Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland}, volume={4}, number={4 Part}, journal={IEEE Transactions on Information Forensics \\& Security}, publisher={IEEE}, author={Schryen, Guido and Rich, Eliot}, year={2009}, pages={729–744} }","mla":"Schryen, Guido, and Eliot Rich. “Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland.” IEEE Transactions on Information Forensics \\& Security, vol. 4, no. 4 Part, IEEE, 2009, pp. 729–44.","chicago":"Schryen, Guido, and Eliot Rich. “Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland.” IEEE Transactions on Information Forensics \\& Security 4, no. 4 Part (2009): 729–44.","apa":"Schryen, G., & Rich, E. (2009). Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland. IEEE Transactions on Information Forensics \\& Security, 4(4 Part), 729–744.","ama":"Schryen G, Rich E. Security in Large-Scale Internet Elections: A Retrospective Analysis of Elections in Estonia, The Netherlands, and Switzerland. IEEE Transactions on Information Forensics \\& Security. 2009;4(4 Part):729-744."}},{"department":[{"_id":"277"}],"title":"Open Source vs. Closed Source Software: Towards Measuring Security","language":[{"iso":"eng"}],"date_updated":"2022-01-06T07:02:13Z","oa":"1","file":[{"creator":"hsiemes","file_id":"6310","file_size":456497,"relation":"main_file","content_type":"application/pdf","date_updated":"2018-12-18T13:14:09Z","date_created":"2018-12-18T13:14:09Z","file_name":"ACM VERSION.pdf","access_level":"open_access"}],"keyword":["Open source software","Closed source software","Security","Metrics"],"publication":"24th Annual ACM Symposium on Applied Computing","file_date_updated":"2018-12-18T13:14:09Z","author":[{"last_name":"Schryen","id":"72850","first_name":"Guido","full_name":"Schryen, Guido"},{"full_name":"Kadura, Rouven","first_name":"Rouven","last_name":"Kadura"}],"date_created":"2018-11-14T14:12:27Z","has_accepted_license":"1","status":"public","abstract":[{"text":"The increasing availability and deployment of open source software in personal and commercial environments makes open source software highly appealing for hackers, and others who are interested in exploiting software vulnerabilities. This deployment has resulted in a debate ?full of religion? on the security of open source software compared to that of closed source software. However, beyond such arguments, only little quantitative analysis on this research issue has taken place. We discuss the state-of-the-art of the security debate and identify shortcomings. Based on these, we propose new metrics, which allows to answer the question to what extent the review process of open source and closed source development has helped to fix vulnerabilities. We illustrate the application of some of these metrics in a case study on OpenOffice (open source software) vs. Microsoft Office (closed source software).","lang":"eng"}],"extern":"1","user_id":"61579","ddc":["000"],"year":"2009","citation":{"short":"G. Schryen, R. Kadura, in: 24th Annual ACM Symposium on Applied Computing, 2009.","ieee":"G. Schryen and R. Kadura, “Open Source vs. Closed Source Software: Towards Measuring Security,” in 24th Annual ACM Symposium on Applied Computing, 2009.","chicago":"Schryen, Guido, and Rouven Kadura. “Open Source vs. Closed Source Software: Towards Measuring Security.” In 24th Annual ACM Symposium on Applied Computing, 2009.","apa":"Schryen, G., & Kadura, R. (2009). Open Source vs. Closed Source Software: Towards Measuring Security. In 24th Annual ACM Symposium on Applied Computing.","ama":"Schryen G, Kadura R. Open Source vs. Closed Source Software: Towards Measuring Security. In: 24th Annual ACM Symposium on Applied Computing. ; 2009.","bibtex":"@inproceedings{Schryen_Kadura_2009, title={Open Source vs. Closed Source Software: Towards Measuring Security}, booktitle={24th Annual ACM Symposium on Applied Computing}, author={Schryen, Guido and Kadura, Rouven}, year={2009} }","mla":"Schryen, Guido, and Rouven Kadura. “Open Source vs. Closed Source Software: Towards Measuring Security.” 24th Annual ACM Symposium on Applied Computing, 2009."},"type":"conference","_id":"5625"},{"extern":"1","abstract":[{"lang":"eng","text":"While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments is still weak. Addressing this research gap, this paper presents a comprehensive empirical investigation of the patching behavior of software vendors/communities of widely deployed open source and closed source software packages, including operating systems, database systems, web browsers, email clients, and office systems. As the value of any empirical study relies on the quality of data available, this paper also discusses in detail data issues, explains to what extent the empirical analysis can be based on vulnerability data contained in the NIST National Vulnerability Database, and shows how data on vulnerability patches was collected by the author to support this study. The results of the analysis suggest that it is not the particular software development style that determines patching behavior, but rather the policy of the particular software vendor."}],"ddc":["000"],"title":"A comprehensive and comparative analysis of the patching behavior of open source and closed source software vendors","user_id":"61579","department":[{"_id":"277"}],"file_date_updated":"2018-12-18T13:14:48Z","publication":"5th International Conference on IT Security Incident Management \\& IT Forensics","author":[{"full_name":"Schryen, Guido","first_name":"Guido","id":"72850","last_name":"Schryen"}],"file":[{"access_level":"open_access","date_created":"2018-12-18T13:14:48Z","file_name":"Conference Version.pdf","relation":"main_file","date_updated":"2018-12-18T13:14:48Z","content_type":"application/pdf","file_id":"6311","creator":"hsiemes","file_size":594302}],"date_created":"2018-11-14T14:40:04Z","status":"public","has_accepted_license":"1","_id":"5646","date_updated":"2022-01-06T07:02:19Z","oa":"1","citation":{"ieee":"G. Schryen, “A comprehensive and comparative analysis of the patching behavior of open source and closed source software vendors,” in 5th International Conference on IT Security Incident Management \\& IT Forensics, 2009.","short":"G. Schryen, in: 5th International Conference on IT Security Incident Management \\& IT Forensics, 2009.","mla":"Schryen, Guido. “A Comprehensive and Comparative Analysis of the Patching Behavior of Open Source and Closed Source Software Vendors.” 5th International Conference on IT Security Incident Management \\& IT Forensics, 2009.","bibtex":"@inproceedings{Schryen_2009, title={A comprehensive and comparative analysis of the patching behavior of open source and closed source software vendors}, booktitle={5th International Conference on IT Security Incident Management \\& IT Forensics}, author={Schryen, Guido}, year={2009} }","ama":"Schryen G. A comprehensive and comparative analysis of the patching behavior of open source and closed source software vendors. In: 5th International Conference on IT Security Incident Management \\& IT Forensics. ; 2009.","apa":"Schryen, G. (2009). A comprehensive and comparative analysis of the patching behavior of open source and closed source software vendors. In 5th International Conference on IT Security Incident Management \\& IT Forensics.","chicago":"Schryen, Guido. “A Comprehensive and Comparative Analysis of the Patching Behavior of Open Source and Closed Source Software Vendors.” In 5th International Conference on IT Security Incident Management \\& IT Forensics, 2009."},"year":"2009","type":"conference","language":[{"iso":"eng"}]},{"title":"Security of open source and closed source software: An empirical comparison of published vulnerabilities","department":[{"_id":"277"}],"date_updated":"2022-01-06T07:02:19Z","oa":"1","language":[{"iso":"eng"}],"abstract":[{"lang":"eng","text":"Reviewing literature on open source and closed source security reveals that the discussion is often determined by biased attitudes toward one of these development styles. The discussion specifically lacks appropriate metrics, methodology and hard data. This paper contributes to solving this problem by analyzing and comparing published vulnerabilities of eight open source software and nine closed source software packages, all of which are widely deployed. Thereby, it provides an extensive empirical analysis of vulnerabilities in terms of mean time between vulnerability disclosures, the development of disclosure over time, and the severity of vulnerabilities, and allows for validating models provided in the literature. The investigation reveals that (a) the mean time between vulnerability disclosures was lower for open source software in half of the cases, while the other cases show no differences, (b) in contrast to literature assumption, 14 out of 17 software packages showed a significant linear or piecewise linear correlation between time and the number of published vulnerabilities, and (c) regarding the severity of vulnerabilities, no significant differences were found between open source and closed source."}],"extern":"1","user_id":"61579","ddc":["000"],"file":[{"access_level":"open_access","file_name":"Security of Open Source and Closed Source Software An Empirical - AMCIS Version.pdf","date_created":"2018-12-18T13:16:39Z","date_updated":"2018-12-18T13:16:39Z","content_type":"application/pdf","relation":"main_file","file_size":483690,"creator":"hsiemes","file_id":"6317"}],"author":[{"last_name":"Schryen","id":"72850","first_name":"Guido","full_name":"Schryen, Guido"}],"file_date_updated":"2018-12-18T13:16:39Z","publication":"15th Americas Conference on Information Systems","keyword":["Vulnerabilities","security","open source software","closed source software","empirical comparison"],"has_accepted_license":"1","status":"public","date_created":"2018-11-14T14:41:24Z","_id":"5647","year":"2009","citation":{"mla":"Schryen, Guido. “Security of Open Source and Closed Source Software: An Empirical Comparison of Published Vulnerabilities.” 15th Americas Conference on Information Systems, 2009.","bibtex":"@inproceedings{Schryen_2009, title={Security of open source and closed source software: An empirical comparison of published vulnerabilities}, booktitle={15th Americas Conference on Information Systems}, author={Schryen, Guido}, year={2009} }","apa":"Schryen, G. (2009). Security of open source and closed source software: An empirical comparison of published vulnerabilities. In 15th Americas Conference on Information Systems.","ama":"Schryen G. Security of open source and closed source software: An empirical comparison of published vulnerabilities. In: 15th Americas Conference on Information Systems. ; 2009.","chicago":"Schryen, Guido. “Security of Open Source and Closed Source Software: An Empirical Comparison of Published Vulnerabilities.” In 15th Americas Conference on Information Systems, 2009.","ieee":"G. Schryen, “Security of open source and closed source software: An empirical comparison of published vulnerabilities,” in 15th Americas Conference on Information Systems, 2009.","short":"G. Schryen, in: 15th Americas Conference on Information Systems, 2009."},"type":"conference"}]