Institut für Wirtschaftsinformatik
Dauerhafte URI für die Sammlunghttps://irf.fhnw.ch/handle/11654/66
Listen
17 Ergebnisse
Ergebnisse nach Hochschule und Institut
Publikation Touching space: distributed ledger technology for tracking and tracing certificates(2023) Moriggl, Pascal; Asprion, Petra; Schneider, Bettina; Scherb, Christopher; Bui, Tung X.Components built into space vehicles and equipment (space products) must meet different regulatory requirements; in detail, each component must be certified and sustainably traceable at all times. Space engineers have expressed the need for an interoperable system to collect, manage and route certifications for components, parts and materials that go into space products. The lack of a unified approach in the European space industry is a challenge for companies involved in product development. This research proposes an open-source, secure, fast and distributed ledger technology (DLT) based solution that fits into any IT environment and is well adapted to the needs of manufacturing companies in the space sector. The results show that a blockchain-based solution based on ‘Hyperledger Fabric’ combined with the InterPlanetary File System is viable. The results can guide other researchers and practitioners to consider DLTs when changing their certification management paradigm with suppliers, customers and auditors.04B - Beitrag KonferenzschriftPublikation Storytelling and gamification in E-learning – An empirical study to educate Swiss microenterprises in data protection(2020) Schneider, Bettina; Bontempo Salgueiro, Nathalia; Asprion, Petra; Habbabeh, Ali04B - Beitrag KonferenzschriftPublikation Agile management in cybersecurity(2023) Asprion, Petra; Giovanoli, Claudio; Scherb, Christopher; Bhat, Sourabha; Gerber, Aurona; Hinkelmann, KnutCybersecurity management has emerged as a topic of growing importance on a global scale. Applying traditional management practices to cybersecurity is often too cumbersome and can lead to significant delays. Today's enterprises must be able to adapt to ever-evolving digital threats and act with corresponding agility and flexibility. Agile methods are well suited for projects without a defined scope, duration, tasks, and resources and has been identified as suitable for meeting the management challenges of cybersecurity teams. Based on an in-depth literature review, this study assumed that adopting an agile approach to cybersecurity helps organizations manage cybersecurity effectively. A first prototypical model was developed and evaluated which combines agile methods with cybersecurity functions - based on a recognized reference model.04B - Beitrag KonferenzschriftPublikation Building digital trust to protect whistleblowers - A blockchain-based reporting channel(2023) Asprion, Petra; Grieder, Hermann; Grimberg, FrankOrganizations today need internal reporting channels to report illegal/unethical misconduct. For this purpose, organizations set up one or more - often digital - internal reporting channels. Persons/Employees who want to report misconduct, so-called whistleblowers, expose themselves to reprisals and therefore need trustworthy reporting channels which ensure ´Digital Trust´. Blockchain, a technology that overcomes the need for trust due to its properties of immutability and integrity of data, could be promising as underlying technology for a digital reporting channel which is recognized as trustworthy. In our research, we explored multiple perspectives relevant to a trustworthy digital reporting system. Applying design science research, we evaluated the current state of the art of (digital) reporting channels and developed a prototypical blockchain-based reporting solution called “Integrity@Inside”. The prototype is being iteratively demonstrated and pre-evaluated.04B - Beitrag KonferenzschriftPublikation Decentralized autonomous organizations – Evolution, challenges, and opportunities(2022) Schneider, Bettina; Ballesteros, Ruben; Moriggl, Pascal; Asprion, Petra; Bork, Dominik; Barat, Souvik; Asprion, Petra; Marcelletti, Alessandro; Morichetta, Andrea; Schneider, Bettina; Kulkarni, Vinay; Breu, Ruth; Zech, PhilippA decentralized autonomous organization (DAO) is an emerging entity facilitated through blockchain technology. It operates under the principle of a decentralized governance structure void of hierarchical leadership, and decisions are made based on community consensus. As DAO and its mechanisms are still in an early stage, its potential evolution and future influence on enterprises remain unclear. This work elaborates on this emerging type of organization through a literature review and case studies of DAOs to demonstrate the current state of the art. The findings presented include a brief discussion of the technology that facilitates these organizations. Additionally, advancements and the common characteristics of existing DAOs are presented. Examining current and defunct DAOs revealed the challenges these organizations should address to reach their full potential in future application areas. Finally, it is concluded which organizations and industries could most likely benefit from the DAO concept in future.04B - Beitrag KonferenzschriftPublikation Exploring cyber security awareness through LEGO serious play part I: the learning experience(ToKnowPress, 2020) Asprion, Petra; Schneider, Bettina; Moriggl, Pascal; Grimberg, Frank; Dermol, ValerijLego Serious Play (LSP) is a methodology that helps people brainstorm and discuss complex ideas through storytelling and metaphors. LSP has been successfully applied as a mechanism for creative learning and team building. In this paper, we discuss using LSP to teach core topics of Cyber Security and Resilience (CS&R) in higher education. Initial results suggest that LSP has a positive impact on student learning, while also improving student engagement both, within the course and in their business environment. While the use of LSP discussed here focuses on its implementation in CS&R courses, this highly transferable methodology can be applied across the spectrum of disciplines and for multiple purposes. In addition, it can also be used to facilitate cyber security awareness or risk assessment workshops in various environments.04B - Beitrag KonferenzschriftPublikation Cybersecurity governance – An adapted practical framework for small enterprises(2023) Asprion, Petra; Gossner, Philipp; Schneider, Bettina; Bui, Tung X.04B - Beitrag KonferenzschriftPublikation Towards a distributed ledger system for supply chains(2019) Asprion, Petra; Hübner, Philipp; Moriggl, Pascal; Bui, Tung X.Interoperability and traceability of digital supply chains are becoming a major competitive factor. Businesses operating in supply chains need to share interoperable information and systematically track product and service deliveries. This research investigates a novel approach to model digital supply chains and operationalizes this through a "Distributed Ledger System" in combination with "Smart Contracts". Based on design science, relevance and rigor for a novel approach are derived. As resulting ‘artifacts’, exemplary supply chains using colored Petri-nets are modeled as a structured and automatable instance for the sketched ‘Token-flow Supply Chains’. For the operation of our visionary scenario, a baseline concept with an associated architecture is drafted. We argue that the outlined approach and related artifacts are predestined to achieve a new quality of performance and innovation including bridging the current challenges for digital supply chains.04B - Beitrag KonferenzschriftPublikation Persona-oriented data protection impact assessment for small businesses(2023) Schneider, Bettina; Asprion, Petra; Misyura, Ilya; Jonkers, Natalie; Zaugg, EstherThe European (EU) General Data Protection Regulation (GDPR) is applicable since May 2018 and has since posed major challenges for small businesses with limited knowledge and resources. According to Art. 35 of the GDPR, a so-called ‘Data Protection Impact Assessment’ (DPIA) is mandatory if a processing of personal data is likely to result in a high risk to the rights and freedoms of natural persons. There is a demand for low-threshold, practical instruments that support the required DPIA. The objective of this research was to develop a new DPIA instrument that meets the needs – as unit of analysis – of non-technology small businesses and complies with the requirements of the EU GDPR. Design Science Research was used as the methodological framework and identified personas were drivers in the development. The result is two variants of instruments that have been carefully evaluated and proven to be valuable.04B - Beitrag KonferenzschriftPublikation Blockchain as an enabler for cybersecurity use case: electronic health records in Switzerland(Sun SITE, Informatik V, RWTH Aachen, 2020) Moriggl, Pascal; Asprion, Petra; Kramer, Fabienne; Asprion, Petra; Bāliņa, Signe; Forbrig, Peter; Kampars, Jānis; Kirikova, Mārīte; Møller, Charles; Morichetta, Andrea; Roelens, Ben; Sandkuhl, KurtIn the application of Electronic Health Records (EHR), cybersecurity is an essential control and needs to be strongly considered to fulfill data protection requirements. Regarding cybersecurity needs in Healthcare, blockchain-based technologies seem promising due to the inherent security features. Therefore, this study investigates in cybersecurity requirements for EHR and whether a blockchain-based solution can cover these. There are already approaches which apply Blockchain for EHR, but these do not explicitly consider cybersecurity, which forms the research gap. As a unit of analysis, 'Hyperledger Sawtooth' as an enterprise blockchain platform was used. The results showed that Hyperledger Sawtooth performs quite well regarding the coverage of cybersecurity-relevant requirements for EHR. However, there are 'natural' divergences concerning specific cybersecurity attributes between blockchain-based and non-blockchainbased systems. The outcome of this study is a generic assessment tool which can be used to assess the coverage of cybersecurity requirements for both blockchainbased and non-blockchain-based EHR systems.04B - Beitrag Konferenzschrift