About the Project
In order to plan and implement security measures efficiently, their impact on business processes must also be taken into account.
Due to the increasing threat of cyber attacks and new legal requirements, companies are required to implement complex bundles of IT security measures (ITS measures). As companies have to decide between different ITS measures, their proper evaluation becomes a central challenge. Investment and operating costs are not the only decisive factors in the evaluation. Rather, ITS measures have a far-reaching impact on business processes, since they influence process complexity, flexibility and productivity, among other things. “Classic” evaluation approaches to investment costing, such as return on security investment, quickly reach their limits when it comes to the impact on processes.
In ProBITS, an innovative approach is being researched that will enable a process-oriented evaluation of ITS measures. The core is a multi-criteria decision model that can be used to record and evaluate ITS measures with regard to corporate processes and select them on the basis of economic target variables. In addition, further support services are planned: An extended process modeling language is being developed that takes into account the interactions between ITS measures and enterprise processes. A corresponding process model for the introduction and implementation of ITS measures will allow adequate scaling that also meets the business requirements of SMEs. Finally, the IT tool developed can be used to efficiently evaluate and select appropriate ITS measures. The effectiveness of the evaluation approach is shown in two demonstrators: First, the developed process-oriented approach is compared with classical methods. Then, the applicability of the approach is tested in the domains of health and smart meters.
-Comparison of Classical IT Methods-
“ProBITS in action”
-Application Test in the Domains of Health and Smart Meters-
Innovations and Future Aspects
Up to now, economic aspects can hardly be considered in the selection of ITS measures, since comprehensive models for evaluation are largely lacking. With the help of the project results, companies can include effects on business processes in their economic evaluation of ITS measures that have hardly been calculable so far. The analysis of adoption and usage barriers makes it possible to identify possible causes for existing obstacles in the implementation of ITS measures and to offer appropriate support. The project thus makes a significant contribution to increasing IT security while at the same time not disregarding economic criteria. Companies in general and SMEs in particular benefit from this.
Juniorprofessur für Informationssicherheit und Compliance
Platz der Göttinger Sieben 5
Lehrstuhl für Wirtschaftsinformatik, insb. Betriebliches Informationsmanagement
06108 Halle (Saale)