Institut für Wirtschaftsinformatik

Dauerhafte URI für die Sammlunghttps://irf.fhnw.ch/handle/11654/66

Listen

Ergebnisse nach Hochschule und Institut

Gerade angezeigt 1 - 10 von 14
  • Vorschaubild
    Publikation
    Touching space: distributed ledger technology for tracking and tracing certificates
    (2023) Moriggl, Pascal; Asprion, Petra; Schneider, Bettina; Scherb, Christopher; Bui, Tung X.
    Components built into space vehicles and equipment (space products) must meet different regulatory requirements; in detail, each component must be certified and sustainably traceable at all times. Space engineers have expressed the need for an interoperable system to collect, manage and route certifications for components, parts and materials that go into space products. The lack of a unified approach in the European space industry is a challenge for companies involved in product development. This research proposes an open-source, secure, fast and distributed ledger technology (DLT) based solution that fits into any IT environment and is well adapted to the needs of manufacturing companies in the space sector. The results show that a blockchain-based solution based on ‘Hyperledger Fabric’ combined with the InterPlanetary File System is viable. The results can guide other researchers and practitioners to consider DLTs when changing their certification management paradigm with suppliers, customers and auditors.
    04B - Beitrag Konferenzschrift
  • Vorschaubild
    Publikation
    Storytelling and gamification in E-learning – An empirical study to educate Swiss microenterprises in data protection
    (2020) Schneider, Bettina; Bontempo Salgueiro, Nathalia; Asprion, Petra; Habbabeh, Ali
    04B - Beitrag Konferenzschrift
  • Vorschaubild
    Publikation
    Decentralized autonomous organizations – Evolution, challenges, and opportunities
    (2022) Schneider, Bettina; Ballesteros, Ruben; Moriggl, Pascal; Asprion, Petra; Bork, Dominik; Barat, Souvik; Asprion, Petra; Marcelletti, Alessandro; Morichetta, Andrea; Schneider, Bettina; Kulkarni, Vinay; Breu, Ruth; Zech, Philipp
    A decentralized autonomous organization (DAO) is an emerging entity facilitated through blockchain technology. It operates under the principle of a decentralized governance structure void of hierarchical leadership, and decisions are made based on community consensus. As DAO and its mechanisms are still in an early stage, its potential evolution and future influence on enterprises remain unclear. This work elaborates on this emerging type of organization through a literature review and case studies of DAOs to demonstrate the current state of the art. The findings presented include a brief discussion of the technology that facilitates these organizations. Additionally, advancements and the common characteristics of existing DAOs are presented. Examining current and defunct DAOs revealed the challenges these organizations should address to reach their full potential in future application areas. Finally, it is concluded which organizations and industries could most likely benefit from the DAO concept in future.
    04B - Beitrag Konferenzschrift
  • Vorschaubild
    Publikation
    Post-quantum cryptography: an introductory overview and implementation challenges of quantum-resistant algorithms
    (2022) Käppler, Sherdel; Schneider, Bettina; Hinkelmann, Knut; Gerber, Aurona
    Cryptographic algorithms are an essential measure to ensure confidentiality and integrity of internet communication. The development of quantum computers (QCs) and their potential to utilize Shor’s Law, is increasingly recognized as a threat to asymmetric cryptography. In response, post-quantum cryptography (PQC) is gaining prominence as a notable field of research aiming to standardize quantum resistant algorithms before the operational usage of QCs. This paper is addressed to people with preliminary knowledge in the field of cryptography and QC. Based on a literature review, the authors provide an overview of challenges faced by the research community and elaborate the advancements in addressing post-quantum threats. A migration strategy from classical cryptosystems to PQC systems is in development, but obstacles such as time constraints and improper implementation complicate the process. Full implementation could take a decade or more. Until then, our paper aims to create awareness for potential challenges when transitioning towards PQC. As categorization scheme for these potential obstacles, we refer to a well- established model in cybersecurity – the McCumber Cube. Conclusions embrace preparing for risks of improper implementation and deriving a multi-step migration. Special attention is expected to be needed for data migration of existing data sets. As a request for future research in PQC, the authors identified the process of implementing post-cryptography standards, e.g., from the National Institute of Standards and Technology (NIST), and an assessment of the perceived readiness of industry to adapt.
    04B - Beitrag Konferenzschrift
  • Vorschaubild
    Publikation
    Exploring cyber security awareness through LEGO serious play part I: the learning experience
    (ToKnowPress, 2020) Asprion, Petra; Schneider, Bettina; Moriggl, Pascal; Grimberg, Frank; Dermol, Valerij
    Lego Serious Play (LSP) is a methodology that helps people brainstorm and discuss complex ideas through storytelling and metaphors. LSP has been successfully applied as a mechanism for creative learning and team building. In this paper, we discuss using LSP to teach core topics of Cyber Security and Resilience (CS&R) in higher education. Initial results suggest that LSP has a positive impact on student learning, while also improving student engagement both, within the course and in their business environment. While the use of LSP discussed here focuses on its implementation in CS&R courses, this highly transferable methodology can be applied across the spectrum of disciplines and for multiple purposes. In addition, it can also be used to facilitate cyber security awareness or risk assessment workshops in various environments.
    04B - Beitrag Konferenzschrift
  • Vorschaubild
    Publikation
    Data protection impact assessment guidelines in the context of the general data protection regulation
    (2019) Grütter, Bodo Jeremy; Schneider, Bettina; Dermol, Valerij
    The European General Data Protection Regulation (EU GDPR) requires companies to carry out a so-called Data Protection Impact Assessment (DPIA) if the processing of personal data is likely to result in a high risk to the rights and freedoms of individuals. But how can it be determined whether a risk should be considered ‘high’ and thus makes a DPIA necessary? Furthermore, if a DPIA is required, how exactly should this be performed? In response to these questions, various guidelines concerning DPIA have been published. The aim of this paper is to give those affected by the new Data Protection law an insight into three current DPIA guidelines and to support them in implementing a GDPR-compliant impact assessment. To this end, each of the selected guidelines will be described, and evaluated in terms of GDPR compliance and DPIA feasibility, i.e. on the one hand, whether the guideline complies with the relevant GDPR articles, and on the other hand what tools are provided to facilitate the operational execution of a DPIA. The study results in an overall evaluation matrix, which shows that all three guidelines have different strengths and propose differing methods for DPIA implementation.
    04B - Beitrag Konferenzschrift
  • Vorschaubild
    Publikation
    Cybersecurity governance – An adapted practical framework for small enterprises
    (2023) Asprion, Petra; Gossner, Philipp; Schneider, Bettina; Bui, Tung X.
    04B - Beitrag Konferenzschrift
  • Vorschaubild
    Publikation
    Persona-oriented data protection impact assessment for small businesses
    (2023) Schneider, Bettina; Asprion, Petra; Misyura, Ilya; Jonkers, Natalie; Zaugg, Esther
    The European (EU) General Data Protection Regulation (GDPR) is applicable since May 2018 and has since posed major challenges for small businesses with limited knowledge and resources. According to Art. 35 of the GDPR, a so-called ‘Data Protection Impact Assessment’ (DPIA) is mandatory if a processing of personal data is likely to result in a high risk to the rights and freedoms of natural persons. There is a demand for low-threshold, practical instruments that support the required DPIA. The objective of this research was to develop a new DPIA instrument that meets the needs – as unit of analysis – of non-technology small businesses and complies with the requirements of the EU GDPR. Design Science Research was used as the methodological framework and identified personas were drivers in the development. The result is two variants of instruments that have been carefully evaluated and proven to be valuable.
    04B - Beitrag Konferenzschrift
  • Vorschaubild
    Publikation
    Teaching data standards using learning applications: a game-based example from supply chain management
    (ToKnowPress, 2018) Schwarzenbach, Marco; Schneider, Bettina
    This paper is highlighting the results of a project that was conducted by the University of Applied Sciences and Arts Northwestern Switzerland and GS1 Switzerland. GS1, a global not-for-profit organization, develops standards related to supply chain management. Teaching programs are offered to raise awareness of the importance of standards and ensure their correct application. As today’s Information Technology enables innovative, interactive learning approaches, an initiative has been started to design a gamified learning application. The design of this application envisages a division into two learning paths. One of the learning paths is aimed at creating the theoretical foundation for understanding the elements and concepts of GS1’s standards. The other path will provide the learners with an interactive showcase that includes elements of storytelling. Both components will be integrated in one common dashboard that guides the learning process. The design of the application is elaborated using established requirements engineering techniques, like mockups or activity diagrams. This paper offers insights into the potential of game-based learning applications for supply chain management in the context of professional and higher education.
    04B - Beitrag Konferenzschrift
  • Vorschaubild
    Publikation
    The real-world data challenges radar: a review on the challenges and risks regarding the use of real-world data
    (Karger, 2021) Grimberg, Frank; Asprion, Petra; Schneider, Bettina; Miho, Enkelejda; Babrak, Lmar; Habbabeh, Ali
    Background: The life science industry has a strong interest in real-world data (RWD), a term that is currently being used in many ways and with varying definitions depending on the source. In this review article, we provide a summary overview of the challenges and risks regarding the use of RWD and its translation into real-world evidence and provide a classification and visualization of RWD challenges by means of the RWD Challenges Radar. Summary: Based on a systematic literature search, we identified 3 types of challenges – organizational, technological, and people-based – that must be addressed when deriving evidence from RWD to be used in drug approval and other applications. It further demonstrates that numerous different aspects, for example, related to the application field and the associated industry, must be considered. A key finding in our review is that the regulatory landscape must be carefully assessed before utilizing RWD. Key Messages: Establishing awareness and insight into the challenges and risks regarding the use of RWD will be key to taking full advantage of the RWD potential. As a result of this review, an “RWD Challenges Radar” will support the establishment of awareness by providing a comprehensive overview of the relevant aspects to be considered when employing RWD.
    01A - Beitrag in wissenschaftlicher Zeitschrift