About the Project
In order to plan and implement security measures efficiently, their impact on business processes must also be taken into account.
Motivation
Due to the increasing threat of cyber attacks and new legal requirements, companies are required to implement complex bundles of IT security measures (ITS measures). As companies have to decide between different ITS measures, their proper evaluation becomes a central challenge. Investment and operating costs are not the only decisive factors in the evaluation. Rather, ITS measures have a far-reaching impact on business processes, since they influence process complexity, flexibility and productivity, among other things. “Classic” evaluation approaches to investment costing, such as return on security investment, quickly reach their limits when it comes to the impact on processes.
Our Approach
In ProBITS, an innovative approach is being researched that will enable a process-oriented evaluation of ITS measures. The core is a multi-criteria decision model that can be used to record and evaluate ITS measures with regard to corporate processes and select them on the basis of economic target variables. In addition, further support services are planned: An extended process modeling language is being developed that takes into account the interactions between ITS measures and enterprise processes. A corresponding process model for the introduction and implementation of ITS measures will allow adequate scaling that also meets the business requirements of SMEs. Finally, the IT tool developed can be used to efficiently evaluate and select appropriate ITS measures. The effectiveness of the evaluation approach is shown in two demonstrators: First, the developed process-oriented approach is compared with classical methods. Then, the applicability of the approach is tested in the domains of health and smart meters.
2 DEMONSTRATORS
"ProBITS discovers"
-Comparison of Classical IT Methods-
"ProBITS in action"
-Application Test in the Domains of Health and Smart Meters-
Innovations and Future Aspects
Up to now, economic aspects can hardly be considered in the selection of ITS measures, since comprehensive models for evaluation are largely lacking. With the help of the project results, companies can include effects on business processes in their economic evaluation of ITS measures that have hardly been calculable so far. The analysis of adoption and usage barriers makes it possible to identify possible causes for existing obstacles in the implementation of ITS measures and to offer appropriate support. The project thus makes a significant contribution to increasing IT security while at the same time not disregarding economic criteria. Companies in general and SMEs in particular benefit from this.
Contact
Chair of Information Systems, in particular Sustainability
University of Paderborn
Warburger Straße 100
33098 Paderborn
E-Mail: probits@upb.de
Chair of Information Management, esp. Business Information Management
Martin Luther University Halle-Wittenberg
Universitätsring 3
06108 Halle (Saale)
E-Mail: probits@wiwi.uni-halle.de