About the Project

In order to plan and implement security measures efficiently, their impact on business processes must also be taken into account.

Motivation

Due to the increasing threat of cyber attacks and new legal requirements, companies are required to implement complex bundles of IT security measures (ITS measures). As companies have to decide between different ITS measures, their proper evaluation becomes a central challenge. Investment and operating costs are not the only decisive factors in the evaluation. Rather, ITS measures have a far-reaching impact on business processes, since they influence process complexity, flexibility and productivity, among other things. “Classic” evaluation approaches to investment costing, such as return on security investment, quickly reach their limits when it comes to the impact on processes.

Our Approach

In ProBITS, an innovative approach is being researched that will enable a process-oriented evaluation of ITS measures. The core is a multi-criteria decision model that can be used to record and evaluate ITS measures with regard to corporate processes and select them on the basis of economic target variables. In addition, further support services are planned: An extended process modeling language is being developed that takes into account the interactions between ITS measures and enterprise processes. A corresponding process model for the introduction and implementation of ITS measures will allow adequate scaling that also meets the business requirements of SMEs. Finally, the IT tool developed can be used to efficiently evaluate and select appropriate ITS measures. The effectiveness of the evaluation approach is shown in two demonstrators: First, the developed process-oriented approach is compared with classical methods. Then, the applicability of the approach is tested in the domains of health and smart meters.

2 DEMONSTRATORS
“ProBITS discovers”

-Comparison of Classical IT Methods-


“ProBITS in action”

-Application Test in the Domains of Health and Smart Meters-

Innovations and Future Aspects

Up to now, economic aspects can hardly be considered in the selection of ITS measures, since comprehensive models for evaluation are largely lacking. With the help of the project results, companies can include effects on business processes in their economic evaluation of ITS measures that have hardly been calculable so far. The analysis of adoption and usage barriers makes it possible to identify possible causes for existing obstacles in the implementation of ITS measures and to offer appropriate support. The project thus makes a significant contribution to increasing IT security while at the same time not disregarding economic criteria. Companies in general and SMEs in particular benefit from this.

Latest News

Our first newsletter 202 has been sent to members of the ITSECURITY Competence Center. Apply now to not miss any update! Just send an E-Mail to probits@uni-goettingen.de with subject “newsletter”. Download Newsletter (.pdf) here: Newsletter Download
Our first newsletter 2021 has been sent to members of the ITSECURITY Competence Center. Apply now to not miss any update!
The website is now online. We look forward to your visit and will provide regular updates on the progress of the project.

Contact

Juniorprofessur für Informationssicherheit und Compliance
Georg-August-Universität Göttingen
Platz der Göttinger Sieben 5
37073 Göttingen
E-Mail: probits@uni-goettingen.de

Lehrstuhl für Wirtschaftsinformatik, insb. Betriebliches Informationsmanagement
Martin-Luther-Universität Halle-Wittenberg
Universitätsring 3
06108 Halle (Saale) 
E-Mail: probits@wiwi.uni-halle.de