TY - CONF AU - Yasasin, Emrah AU - Schryen, Guido ID - 5541 T2 - 23rd European Conference on Information Systems (ECIS 2015) TI - Requirements for IT Security Metrics - An Argumentation Theory Based Approach ER - TY - CONF AB - The protection of information technology (IT) has become and is predicted to remain a key economic challenge for organizations. While research on IT security investment is fast growing, it lacks a theoretical basis for structuring research, explaining economic-technological phenomena and guide future research. We address this shortcoming by suggesting a new theoretical model emerging from a multi-theoretical perspective adopt-ing the Resource-Based View and the Organizational Learning Theory. The joint appli-cation of these theories allows to conceptualize in one theoretical model the organiza-tional learning effects that occur when the protection of organizational resources through IT security countermeasures develops over time. We use this model of IT security invest-ments to synthesize findings of a large body of literature and to derive research gaps. We also discuss managerial implications of (closing) these gaps by providing practical ex-amples. AU - Weishäupl, Eva AU - Yasasin, Emrah AU - Schryen, Guido ID - 5588 KW - Information Security KW - Investment KW - Literature review KW - Resource-based View KW - Organi-zational Learning Theory KW - Multi-theoretical Perspective T2 - International Conference on Information Systems TI - A Multi-Theoretical Literature Review on Information Security Investments using the Resource-Based View and the Organizational Learning Theory ER - TY - CONF AU - Weishäupl, Eva AU - Yasasin, Emrah AU - Schryen, Guido ID - 5589 T2 - 23rd European Conference on Information Systems (ECIS 2015) TI - IT Security Investments Through the Lens of the Resource-Based View: A new Theoretical Model and Literature Review ER - TY - CONF AB - Nowadays, providing employees with failure-free access to various systems, applications and services is a crucial factor for organizations? success as disturbances potentially inhibit smooth workflows and thereby harm productivity. However, it is a challenging task to assign access rights to employees? accounts within a satisfying time frame. In addition, the management of multiple accounts and identities can be very onerous and time consuming for the responsible administrator and therefore expensive for the organization. In order to meet these challenges, firms decide to invest in introducing an Identity and Access Management System (IAMS) that supports the organization by using policies to assign permissions to accounts, groups, and roles. In practice, since various versions of IAMSs exist, it is a challenging task to decide upon introduction of an IAMS. The following study proposes a first attempt of a decision support model for practitioners which considers four alternatives: Introduction of an IAMS with Role-based Access Control RBAC) or without and no introduction of IAMS again with or without RBAC. To underpin the practical applicability of the proposed model, we parametrize and operationalize it based on a real world use case using input from an expert interview. AU - Weishäupl, Eva AU - Kunz, Michael AU - Yasasin, Emrah AU - Wagner, Gerit AU - Prester, Julian AU - Schryen, Guido AU - Pernul, Günther ID - 5590 KW - Identity and Access Management KW - Economic Decision Making KW - Information Systems KW - Information Security Investment KW - Decision Theory T2 - 2nd International Workshop on Security in highly connected IT Systems (SHCIS?15) TI - Towards an Economic Approach to Identity and Access Management Systems Using Decision Theory ER - TY - JOUR AU - Schryen, Guido AU - Weishäupl, Eva ID - 5616 IS - 2 JF - Managementkompass TI - IT-Sicherheit: Ökonomisch Planen und Bewerten ER - TY - CONF AB - Literature reviews play an important role in the development of knowledge. Yet, we observe a lack of theoretical underpinning of and epistemological insights into how literature reviews can contribute to knowledge creation and have actually contributed in the IS discipline. To address these theoretical and empirical research gaps, we suggest a novel epistemological model of literature reviews. This model allows us to align different contributions of literature reviews with their underlying knowledge conversions - thereby building a bridge between the previously largely unconnected fields of literature reviews and epistemology. We evaluate the appropriateness of the model by conducting an empirical analysis of 173 IS literature reviews which were published in 39 pertinent IS journals between 2000 and 2014. Based on this analysis, we derive an epistemological taxonomy of IS literature reviews, which complements previously suggested typologies. AU - Schryen, Guido AU - Wagner, Gerit AU - Benlian, Alexander ID - 5618 KW - Literature review KW - Research methods/methodology KW - Theory of knowledge T2 - International Conference on Information Systems (ICIS) TI - Theory of Knowledge for Literature Reviews: An Epistemological Model, Taxonomy and Empirical Analysis of IS Literature ER - TY - JOUR AU - Schryen, Guido AU - Rauchecker, Gerhard AU - Comes, Martina ID - 5622 IS - 4 JF - Business & Information Systems Engineering (BISE) TI - Resource Planning in Disaster Response - Decision Support Models and Methodologies VL - 57 ER - TY - JOUR AU - Schryen, Guido ID - 5634 IS - Art 12 JF - Communications of the AIS TI - Writing qualitative IS literature reviews ? Guidelines for synthesis, interpretation and guidance of research VL - 37 ER - TY - CONF AU - Rauchecker, Gerhard AU - Yasasin, Emrah AU - Schryen, Guido ID - 5672 T2 - 11th International Conference on Trust, Privacy, and Security in Digital Business (TRUSTBUS) TI - A Decision Support System for IT Security Incident Management ER - TY - JOUR AU - Fink, Andreas AU - Kliewer, Natalia AU - Mattfeld, Dirk AU - Mönch, Lars AU - Rothlauf, Franz AU - Schryen, Guido AU - Suhl, Leena AU - Voß, Stefan ID - 5686 IS - 1 JF - Business & Information Systems Engineering (BISE) TI - Model-based Decision Support in Manufacturing and Service Networks VL - 6 ER -