Human Factors in Secure Software Development

While security research has made significant progress in the development of theoretically secure methods, software and algorithms, software still comes with many possible exploits, many of those using the human factor. The human factor is often called ``the weakest link'' in software security. To solve this, human factors research in security and privacy focus on the users of technology and consider their security needs. The research then asks how technology can serve users while minimizing risks and empowering them to retain control over their own data. However, these concepts have to be implemented by developers whose security errors may proliferate to all of their software's users. For example, software that stores data in an insecure way, does not secure network traffic correctly, or otherwise fails to adhere to secure programming best practices puts all of the software's users at risk. It is therefore critical that software developers implement security correctly. However, in addition to security rarely being a primary concern while producing software, developers may also not have extensive awareness, knowledge, training or experience in secure development. A lack of focus on usability in libraries, documentation, and tools that they have to use for security-critical components may exacerbate the problem by blowing up the investment of time and effort needed to "get security right". This dissertation's focus is how to support developers throughout the process of implementing software securely. This research aims to understand developers' use of resources, their mindsets as they develop, and how their background impacts code security outcomes. Qualitative, quantitative and mixed methods were employed online and in the laboratory, and large scale datasets were analyzed to conduct this research. This research found that the information sources developers use can contribute to code (in)security: copying and pasting code from online forums leads to achieving functional code quickly compared to using official documentation resources, but may introduce vulnerable code. We also compared the usability of cryptographic APIs, finding that poor usability, unsafe (possibly obsolete) defaults and unhelpful documentation also lead to insecure code. On the flip side, well-thought out documentation and abstraction levels can help improve an API's usability and may contribute to secure API usage. We found that developer experience can contribute to better security outcomes, and that studying students in lieu of professional developers can produce meaningful insights into developers' experiences with secure programming. We found that there is a multitude of online secure development advice, but that these advice sources are incomplete and may be insufficient for developers to retrieve help, which may cause them to choose un-vetted and potentially insecure resources. This dissertation supports that (a) secure development is subject to human factor challenges and (b) security can be improved by addressing these challenges and supporting developers. The work presented in this dissertation has been seminal in establishing human factors in secure development research within the security and privacy community and has advanced the dialogue about the rigorous use of empirical methods in security and privacy research. In these research projects, we repeatedly found that usability issues of security and privacy mechanisms, development practices, and operation routines are what leads to the majority of security and privacy failures that affect millions of end users

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

The Appsmiths: Community, Identity, Affect And Ideology Among Cocoa Developers From Next To Iphone

This dissertation is an ethnographic study, accomplished through semi-structured interviews and participant observation, of the cultural world of third party Apple software developers who use Apple's Cocoa libraries to create apps. It answers the questions: what motivates Apple developers' devotion to Cocoa technology, and why do they believe it is a superior programming environment? What does it mean to be a "good" Cocoa programmer, technically and morally, in the Cocoa community of practice, and how do people become one? I argue that in this culture, ideologies, normative values, identities, affects, and practices interact with each other and with Cocoa technology in a seamless web, which I call a "techno-cultural frame." This frame includes the construction of a developer's identity as a vocational craftsman, and a utopian vision of software being developed by millions of small-scale freelance developers, or "indies," rather than corporations. This artisanal production is made possible by the productivity gains of Cocoa technology, which ironically makes indies dependent on Apple for tools. This contradiction is reconciled through quasi-religious narratives about Apple and Steve Jobs, which enrolls developers into seeing themselves as partners in a shared mission with Apple to empower users with technology. Although Cocoa helps make software production easier, it is not a deskilling technology but requires extensive learning, because its design heavily incorporates patterns unfamiliar to many programmers. These concepts can only be understood holistically after learning has been achieved, which means that learners must undergo a process of conversion in their mindset. This involves learning to trust that Cocoa will benefit developers before they fully understand it. Such technical and normative lessons occur at sites where Cocoa is taught, such as the training company Big Nerd Ranch. Sharing of technical knowledge and normative practices also occurs in the Cocoa community, online through blog posts, at local club meetings, and at conferences such as Apple's WWDC, which help to enroll developers into the Cocoa techno-cultural frame. Apple's relationship with developers is symbiotic, but asymmetrical, yet despite Apple's coercive power, members of the Cocoa community can influence Apple's policies

Customer co-creation in innovations : a protocol for innovating with end users

The transition into the information revolution or age has made it possible for consumers and users to interfere in the conceptualization, design, production and sales processes of firms. Consumers and users can express their needs in more direct way to producing firms, they have access to the way products and services are made, and last but not least, have access to information on competing products and services that even producers don’t know about. Consumers have become more knowledgeable and are therefore capable of designing and producing their own products and services. The success of innovations or new product and service development is highly dependent on whether they take in consideration the needs and demands of potential users and consumers. In other words, a market orientation is essential for the success of an innovation. Firms would therefore welcome the idea of consumers and users expressing their demands and probably appreciate consumers who want to participate in the new product or service development, because they would have immediate feedback on the potential success of the innovation. Question is, however, how to achieve this and how to successfully co-create with customers in the innovation process. This design research addresses customer co-creation in innovations for product and service industries. It addresses how firms should successfully activate customers or users and what process they should follow, i.e. the kind of customers or users to involve, the tools and techniques to apply, and procedures to be followed. It develops the appropriate interventions for this in a Customer Co-Creation in Innovations (3CI) - Protocol. The nature of this research is prescriptive, based on the Design Science principles, aiming to design a solution for firms that are interested in the co-creation role that customers can play in their organizations regarding innovations. The research results in a protocol which organizations that want to co-create with customers in their innovation process, can use or apply, to effectively co-create with these customers. Effectively in this sense means that the customer input will be of added value to the innovation, resulting in the outcome that the organization succeeds in bringing the innovation into the market or in use. This doesn’t necessarily mean that the innovation will be a commercial success, because this success depends on more and other factors than just customer co-creation. But, in this context customer co-creation gives the organization the necessary confirmation that the innovation fits needs and demands in the market, and thus leads to a higher adaptation than one should expect when not co-creating with customers. There is an abundance of literature that argue the benefits of involving customers in the innovation process, while other address the issue of which customers to involve, so, the research focuses itself on best practices, experiments, and such to develop this protocol. This has been accomplished by studying the diverse modes or appearances of customer involvement in product or service development, such as market research, empathic design, user-centered design, co-design, mass customization, user innovation, open source software development, user generated content, crowdsourcing, and customer co-creation. Although there is a lot of overlap and similarities among these modes of involvement, there are also many differences, indicating that customer co-creation in innovations is contingent on many factors and aspects. To reduce the confusion, a construct of customer co-creation in innovations has been developed, which has been defined as the process where product manufacturers and/or service providers actively engage with their end users or customers in (parts or phases of) innovation projects to jointly perform innovation activities and co-create value, with the aim of increasing effectiveness and efficiency of the innovation process. Effectiveness refers to (1) the result of meeting users’ and customers’ needs and demands in a better way; and (2) increasing customer loyalty. Efficiency refers to (1) the reduction of research and development costs; and (2) the reduction of development time. And to analyze differences and similarities so that the appropriate design propositions can stated, a 3CI framework was developed, covering the following topics: (1) how to determine whether a firm can co-create with its customers in innovations, which are the so called context conditions; (2) how to identify, select, and motivate potential customers to participate in customer-open innovations; (3) how to engage and involve these customers in the innovation process in an effective and efficient way, the process, procedures and methods one can follow, the tools one can use to accomplish this. With this framework the practice of customer co-creation was analyzed by means of five case studies, in which two of them, the author was an actor in designing and executing the process of co-creation. The cases, selected for their diversity, reveal the opportunities and challenges of customer-inclusive innovation. Customer involvement was at least a partial success in all cases. At the same time, it was never a ‘silver bullet’ to permanently transform the way the company worked. 3CI seems to be capable to support both incidental and repeating innovation initiatives of a firm. Another observation is that, whether a B2B or B2C type of firm, a manufacturer or service provider, small or large firms, all seem to be capable of and suited for 3CI. Common in all cases, however, is that the organization’s offerings and markets should be heterogeneous, thereby containing opportunities to either develop line extensions or really novel (radical) offerings. The technology base of the organization, however, does not seem to be a prerequisite. Another theme cutting across the cases is the nature of an ‘innovation community’, where users test, experiment with and modify or enhance existing prototypes and products, paving the roadway to innovation. As for the relationship between innovation type and type of customer, the cases undoubtedly demonstrate that ‘ordinary’ users can provide useful input to develop radical or novel innovations. The cases also demonstrate that nearly all innovation activities can be conducted by co-creating with customers, including needs assessment, ideation, the screening of ideas or concepts, concept testing, design and development, the commercialization of the innovation and even the re-innovation or use stage. So, although one could get the idea of 3CI being of particular interest in the front end of an innovation stage, we see that in all later stages 3CI can be beneficial as well. Typical across all cases is also the contingency of the channel of involvement (online versus face-to-face) with the amount of customers involved, which we have typed as the degree of openness. The more people are involved, the more open (no secrecy) the co-creation is and the more the involvement is obtained through the online channel, either with communities or on an open call. Conversely, the less participants, the more secrecy is needed and the sooner the physical presence or offline participation seems to be imminent in participation. Finally, regarding the use of tools it can be concluded that sophisticated methods for customer co-creation are a complement rather than the sole source of user information. More important seems to be the occurrence of a dialogue between firm and participating customers, implying that the quality of the interaction depends on mutual trust, appreciation, commitment and equality. Tools that support this dialogue, such as the ZMET¿, OBR, or similar techniques, seem to be important to assure effective and efficient contribution from customers. Subsequently, the design process was conducted, first by defining 16 design requirements for the protocol – subdivided in functional and use requirements, and design restrictions and boundary conditions – followed by the development of the design propositions. A grand total of 28 design propositions have been identified, regarding the context of 3CI (10 propositions), the customer requirements (10 propositions) and process (8 propositions). The context propositions reflected the context decisions to be made, i.e. the appropriate strategy, the suitability of the firm’s market, the initiator for the co-creation (firm or customer), and the type of innovation (incremental vs. radical, open vs. closed mode). Wherever appropriate we have also reviewed the appropriate methods, tools and techniques for the best implementation of the interventions. These are the first decisions the firm has to make when undertaking the 3CI Journey. Only when these decisions are made a next step, i.e. determining which customer requirements are appropriate, can be made. It has been argued that any organization can co-create with its customers in innovations, provided that they adopt and maintain a market oriented strategy, along with the necessary tools, space, freedom and transparency for customers to participate. Customer co-creation leads to at least effective incremental innovations, but when the organization applies Customer Knowledge Methods it increases the chance for an effective radical innovation. If secrecy is required, a closed mode approach of co-creation can be followed, entailing that a minimum amount and diversity of external participants are involved, provided that there is a clear scope of innovation objectives and the market it is intended for. Finally, organizations can either rely on customer-initiated ideas or initiate an innovation itself. In the first approach the organization is recommended to create and maintain a customer community, which can be observed and interacted with to elicit the customers’ ideas. The 10 customer design propositions deal with the type of customers to co-create with in innovations and the available interventions to engage with and maintain involvement from the selected participants. We have argued that all (potential) customers are eligible to participate, as long as they have a certain use experience with the product, service or category of innovation. Only in the case of a radical innovation, the company can choose to add some lead users in order to increase the chance of generating really novel ideas or concepts. To find these lead users, the company can make an appeal on the customer community, since lead users are usually known in communities. In order to benefit in the best way from the participating ordinary and lead users, the company should select them on the basis of their willingness to participate. On top of that, participants should be trained or educated in the tools, techniques and methods that are applied during their involvement. To prevent a decrease of intrinsic motivation with participants, companies have to be very prudent with the promise and administering of financial rewards. Rewards can be given, but preferably unexpected and contingent on task complexity and performance demonstrated by the participant. Depending on the channel of involvement, a minimum of 15 to an undetermined maximum of participants is possible, provided that the company reserves sufficient resources to handle the amount of participants. To our initial 20 design propositions we have added an additional 8 design propositions regarding the process of co-creation. We have seen that all innovation stages are suited to co-create with customers. For the appropriate activities in which these customers can contribute we have developed a table depicting activities and contributions per innovation stage. Co-creation can take place in one, more or all stages; to receive the most benefit, customers should be involved as early as possible in the innovation process. To prevent loss of attention, de-motivation and premature abandonment, we have proposed to change participants with ongoing activities; relying on the same customers in all stages can result in ‘myopic’ results. Both online and offline co-creation are possible, depending on openness, amount of participants and available resources. If participation is online, we recommend applying crowdsourcing methods and techniques, preferably within the customer community. To support an effective communication, we finally proposed to use metaphor or analogy based ‘language’ and to treat the participants as if they were team members. Through scrutinizing and analyzing the 28 design propositions in relation to one another and some pre-defined design requirements, we have identified four main routes – metaphorically named the dreamcatcher, contest, touchstone and employment route – that a company can follow when aiming to co-create with customers in the innovation process. The dreamcatcher route appeals on a user community – existing or yet to be created, preferably online, but with a physical possibility – where existing products, services or platforms are used, reviewed and discussed by customers. The company observes and participates in this discussion through a dialogue, possibly also moderating the community. Opportunities are identified by the company and translated into innovation projects by the company, in which customers again can participate. In the contest route the company can pose users with a specific question or request, a challenge, for which they are expected to think of a solution, of which typically one, or a limited amount of solutions are eligible. The intention is to specifically involve the customer in the front end of the innovation, because the company does not know or is not aware yet of customer needs and wants, or the intended product or service requirements. Customer input is then required in the first stage (Conception), but is not necessary excluded in later stages, where customers can test prototypes, assist in the commercialization and the re-innovation. In the touchstone route the company can decide to co-create with customers in any, arbitrary stage or activity of the innovation process, a sort of a one off. In such a case, the company usually has already identified the opportunities, the innovation project and its goals. Customer co-creation is opportune to verify assumptions, fill in details, and provide additional, not thought of product or service requirements. Of course it is possible to co-create with the customer in more than one activity, but this approach is seen as discrete co-creation activities to support just that particular and specific stage, in which the co-creation is required, usually in the implementation stage and thereafter. Finally, in the employment route the company can integrate one or more (limited amount of) customers in the innovation project, e.g. by temporarily employing them. This approach is of particular interest in idea generation, design and development activities, i.e. the Conception and Implementation stage, but later stages aren’t excluded. We can see this approach applied in customized projects, where it is the intention to create something for a specific set of customers or segment. This can be on request by the customer or because the company has discovered an unfulfilled or unattended set of needs with these customers, e.g. through dreamcatching. To decide which route(s) is or are appropriate we have discussed some premises and considerations – objectives for co-creation, stages and contributions for co-creation, type and openness of innovation – that a company has to assess systematically. Each route was elaborated on, providing preparation steps and do’s and don’ts for an effective and efficient contribution from customers. The four routes are also interrelated and do not exclude one another, but nevertheless provide a company with the optimal approach for 3CI. The 3CI-protocol is therefore a robust, handy guideline for companies to co-create with their customers in innovations. Because of the systematic and rigorous analysis and synthesis of theory and practice, the protocol can be applied in most situations. To test and prove the correctness of this last assertion we validated the design by having it reviewed by some potential users, some experts and some scholars, and to base the conclusion of its validity on the opinions of these reviewers. A total of 25 potential reviewers, both national and international, consisting of product/service developers, co-creation intermediaries, consultants and scholars were approached independently from and ‘blind’ to each other to conduct this review. Ten of them consented in participation; three abandoned the review process prematurely for personal reasons, leaving a total of 7 reviewers that have submitted comments. It was agreed on to enhance the review with a Delphi if responses were very divergent. All reviewers found the protocol useful and helpful for guiding the process of customer co-creation. Comments or critique referred mainly to the readability of the protocol, with the remark that users might lose attention because of the academic reasoning. Some of them provided useful additions to the protocol in order to enhance the readability. Also, suggestions were made to promote the protocol to practice, for instance by publishing it via a community and a management book. The comments did not contain divergent viewpoints on the subject, the design and its content, so the Delphi was left out. Based on these comments and suggestions by the reviewers, we have redesigned the protocol into the 3CI Protocol version 1.0, which can be published as a separate document, detached from this thesis, which all potential users can get hold of and apply without having to acquire a copy of the thesis. We propose to use this protocol to further validate it in practice and giving us feedback on its effectiveness. Our main contribution to research in management and organization has been to develop a comprehensive how-to guideline for practitioners, based on and grounded in a diversity of theory. Therefore, we believe that we have contributed with a design that is applicable in all kind of business and organizational contexts where the interaction with end users is aimed at developing new offerings. However, modesty is also in place, when we observe that this has to be proven, yet. Further research can be aimed at obtaining this proof, while other research could focus on the underlying assumptions, which we named generative mechanisms, of the design

Motivating Contributions for Home Computer Security.

Recently, malicious computer users have been compromising computers en masse and combining them to form coordinated botnets. The rise of botnets has brought the problem of home computers to the forefront of security. Home computer users commonly have insecure systems; these users do not have the knowledge, experience, and skills necessary to maintain a secure system. I take steps toward designing a socio-technical system that will hopefully help home computer users make better security decisions. Designing such a system requires additional knowledge before a successful system can be developed. First, more information is needed about the knowledge and skills that home computer users currently possess. I conducted an interview study of home computer users and identified eight distinct mental models of security threats; four are models of ``viruses,'' and four are models of ``hackers.'' The respondents in this study use the models to decide which security precautions should be used and which can be ignored. Second, to share information, users need an incentive to exert the time and effort required for sharing. I describe two mechanisms that can be used in social computing systems to encourage contribution. I illustrate the first mechanism, the side effect mechanism, by describing how it is used in a popular social bookmarking website. I also illustrate a design feature that is important when applying this mechanism: incentive alignment. The second mechanism that I describe is technically simple: set a minimum threshold and exclude users who don't contribute enough. I develop a theory of how users are likely to respond to such a mechanism and use that theory to characterize when such a mechanism should be used. Finally, I bring all of these findings together to suggest some preliminary design features for a socio-technical security system to help home computer users. While there are many unanswered questions, these design features can serve as a starting point for future work in the area.Ph.D.InformationUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/64653/1/rwash_1.pd

Modern Socio-Technical Perspectives on Privacy

This open access book provides researchers and professionals with a foundational understanding of online privacy as well as insight into the socio-technical privacy issues that are most pertinent to modern information systems, covering several modern topics (e.g., privacy in social media, IoT) and underexplored areas (e.g., privacy accessibility, privacy for vulnerable populations, cross-cultural privacy). The book is structured in four parts, which follow after an introduction to privacy on both a technical and social level: Privacy Theory and Methods covers a range of theoretical lenses through which one can view the concept of privacy. The chapters in this part relate to modern privacy phenomena, thus emphasizing its relevance to our digital, networked lives. Next, Domains covers a number of areas in which privacy concerns and implications are particularly salient, including among others social media, healthcare, smart cities, wearable IT, and trackers. The Audiences section then highlights audiences that have traditionally been ignored when creating privacy-preserving experiences: people from other (non-Western) cultures, people with accessibility needs, adolescents, and people who are underrepresented in terms of their race, class, gender or sexual identity, religion or some combination. Finally, the chapters in Moving Forward outline approaches to privacy that move beyond one-size-fits-all solutions, explore ethical considerations, and describe the regulatory landscape that governs privacy through laws and policies. Perhaps even more so than the other chapters in this book, these chapters are forward-looking by using current personalized, ethical and legal approaches as a starting point for re-conceptualizations of privacy to serve the modern technological landscape. The book’s primary goal is to inform IT students, researchers, and professionals about both the fundamentals of online privacy and the issues that are most pertinent to modern information systems. Lecturers or teacherscan assign (parts of) the book for a “professional issues” course. IT professionals may select chapters covering domains and audiences relevant to their field of work, as well as the Moving Forward chapters that cover ethical and legal aspects. Academicswho are interested in studying privacy or privacy-related topics will find a broad introduction in both technical and social aspects

Modern Socio-Technical Perspectives on Privacy

This open access book provides researchers and professionals with a foundational understanding of online privacy as well as insight into the socio-technical privacy issues that are most pertinent to modern information systems, covering several modern topics (e.g., privacy in social media, IoT) and underexplored areas (e.g., privacy accessibility, privacy for vulnerable populations, cross-cultural privacy). The book is structured in four parts, which follow after an introduction to privacy on both a technical and social level: Privacy Theory and Methods covers a range of theoretical lenses through which one can view the concept of privacy. The chapters in this part relate to modern privacy phenomena, thus emphasizing its relevance to our digital, networked lives. Next, Domains covers a number of areas in which privacy concerns and implications are particularly salient, including among others social media, healthcare, smart cities, wearable IT, and trackers. The Audiences section then highlights audiences that have traditionally been ignored when creating privacy-preserving experiences: people from other (non-Western) cultures, people with accessibility needs, adolescents, and people who are underrepresented in terms of their race, class, gender or sexual identity, religion or some combination. Finally, the chapters in Moving Forward outline approaches to privacy that move beyond one-size-fits-all solutions, explore ethical considerations, and describe the regulatory landscape that governs privacy through laws and policies. Perhaps even more so than the other chapters in this book, these chapters are forward-looking by using current personalized, ethical and legal approaches as a starting point for re-conceptualizations of privacy to serve the modern technological landscape. The book’s primary goal is to inform IT students, researchers, and professionals about both the fundamentals of online privacy and the issues that are most pertinent to modern information systems. Lecturers or teacherscan assign (parts of) the book for a “professional issues” course. IT professionals may select chapters covering domains and audiences relevant to their field of work, as well as the Moving Forward chapters that cover ethical and legal aspects. Academicswho are interested in studying privacy or privacy-related topics will find a broad introduction in both technical and social aspects

Матеріали 1-го симпозіуму з передових освітніх технологій - Том 1: AET

Матеріали 1-го симпозіуму з передових освітніх технологій.Proceedings of the 1st Symposium on Advances in Educational Technology

Human Practice. Digital Ecologies. Our Future. : 14. Internationale Tagung Wirtschaftsinformatik (WI 2019) : Tagungsband

Erschienen bei: universi - Universitätsverlag Siegen. - ISBN: 978-3-96182-063-4Aus dem Inhalt: Track 1: Produktion & Cyber-Physische Systeme Requirements and a Meta Model for Exchanging Additive Manufacturing Capacities Service Systems, Smart Service Systems and Cyber- Physical Systems—What’s the difference? Towards a Unified Terminology Developing an Industrial IoT Platform – Trade-off between Horizontal and Vertical Approaches Machine Learning und Complex Event Processing: Effiziente Echtzeitauswertung am Beispiel Smart Factory Sensor retrofit for a coffee machine as condition monitoring and predictive maintenance use case Stakeholder-Analyse zum Einsatz IIoT-basierter Frischeinformationen in der Lebensmittelindustrie Towards a Framework for Predictive Maintenance Strategies in Mechanical Engineering - A Method-Oriented Literature Analysis Development of a matching platform for the requirement-oriented selection of cyber physical systems for SMEs Track 2: Logistic Analytics An Empirical Study of Customers’ Behavioral Intention to Use Ridepooling Services – An Extension of the Technology Acceptance Model Modeling Delay Propagation and Transmission in Railway Networks What is the impact of company specific adjustments on the acceptance and diffusion of logistic standards? Robust Route Planning in Intermodal Urban Traffic Track 3: Unternehmensmodellierung & Informationssystemgestaltung (Enterprise Modelling & Information Systems Design) Work System Modeling Method with Different Levels of Specificity and Rigor for Different Stakeholder Purposes Resolving Inconsistencies in Declarative Process Models based on Culpability Measurement Strategic Analysis in the Realm of Enterprise Modeling – On the Example of Blockchain-Based Initiatives for the Electricity Sector Zwischenbetriebliche Integration in der Möbelbranche: Konfigurationen und Einflussfaktoren Novices’ Quality Perceptions and the Acceptance of Process Modeling Grammars Entwicklung einer Definition für Social Business Objects (SBO) zur Modellierung von Unternehmensinformationen Designing a Reference Model for Digital Product Configurators Terminology for Evolving Design Artifacts Business Role-Object Specification: A Language for Behavior-aware Structural Modeling of Business Objects Generating Smart Glasses-based Information Systems with BPMN4SGA: A BPMN Extension for Smart Glasses Applications Using Blockchain in Peer-to-Peer Carsharing to Build Trust in the Sharing Economy Testing in Big Data: An Architecture Pattern for a Development Environment for Innovative, Integrated and Robust Applications Track 4: Lern- und Wissensmanagement (e-Learning and Knowledge Management) eGovernment Competences revisited – A Literature Review on necessary Competences in a Digitalized Public Sector Say Hello to Your New Automated Tutor – A Structured Literature Review on Pedagogical Conversational Agents Teaching the Digital Transformation of Business Processes: Design of a Simulation Game for Information Systems Education Conceptualizing Immersion for Individual Learning in Virtual Reality Designing a Flipped Classroom Course – a Process Model The Influence of Risk-Taking on Knowledge Exchange and Combination Gamified Feedback durch Avatare im Mobile Learning Alexa, Can You Help Me Solve That Problem? - Understanding the Value of Smart Personal Assistants as Tutors for Complex Problem Tasks Track 5: Data Science & Business Analytics Matching with Bundle Preferences: Tradeoff between Fairness and Truthfulness Applied image recognition: guidelines for using deep learning models in practice Yield Prognosis for the Agrarian Management of Vineyards using Deep Learning for Object Counting Reading Between the Lines of Qualitative Data – How to Detect Hidden Structure Based on Codes Online Auctions with Dual-Threshold Algorithms: An Experimental Study and Practical Evaluation Design Features of Non-Financial Reward Programs for Online Reviews: Evaluation based on Google Maps Data Topic Embeddings – A New Approach to Classify Very Short Documents Based on Predefined Topics Leveraging Unstructured Image Data for Product Quality Improvement Decision Support for Real Estate Investors: Improving Real Estate Valuation with 3D City Models and Points of Interest Knowledge Discovery from CVs: A Topic Modeling Procedure Online Product Descriptions – Boost for your Sales? Entscheidungsunterstützung durch historienbasierte Dienstreihenfolgeplanung mit Pattern A Semi-Automated Approach for Generating Online Review Templates Machine Learning goes Measure Management: Leveraging Anomaly Detection and Parts Search to Improve Product-Cost Optimization Bedeutung von Predictive Analytics für den theoretischen Erkenntnisgewinn in der IS-Forschung Track 6: Digitale Transformation und Dienstleistungen Heuristic Theorizing in Software Development: Deriving Design Principles for Smart Glasses-based Systems Mirroring E-service for Brick and Mortar Retail: An Assessment and Survey Taxonomy of Digital Platforms: A Platform Architecture Perspective Value of Star Players in the Digital Age Local Shopping Platforms – Harnessing Locational Advantages for the Digital Transformation of Local Retail Outlets: A Content Analysis A Socio-Technical Approach to Manage Analytics-as-a-Service – Results of an Action Design Research Project Characterizing Approaches to Digital Transformation: Development of a Taxonomy of Digital Units Expectations vs. Reality – Benefits of Smart Services in the Field of Tension between Industry and Science Innovation Networks and Digital Innovation: How Organizations Use Innovation Networks in a Digitized Environment Characterising Social Reading Platforms— A Taxonomy-Based Approach to Structure the Field Less Complex than Expected – What Really Drives IT Consulting Value Modularity Canvas – A Framework for Visualizing Potentials of Service Modularity Towards a Conceptualization of Capabilities for Innovating Business Models in the Industrial Internet of Things A Taxonomy of Barriers to Digital Transformation Ambidexterity in Service Innovation Research: A Systematic Literature Review Design and success factors of an online solution for cross-pillar pension information Track 7: IT-Management und -Strategie A Frugal Support Structure for New Software Implementations in SMEs How to Structure a Company-wide Adoption of Big Data Analytics The Changing Roles of Innovation Actors and Organizational Antecedents in the Digital Age Bewertung des Kundennutzens von Chatbots für den Einsatz im Servicedesk Understanding the Benefits of Agile Software Development in Regulated Environments Are Employees Following the Rules? On the Effectiveness of IT Consumerization Policies Agile and Attached: The Impact of Agile Practices on Agile Team Members’ Affective Organisational Commitment The Complexity Trap – Limits of IT Flexibility for Supporting Organizational Agility in Decentralized Organizations Platform Openness: A Systematic Literature Review and Avenues for Future Research Competence, Fashion and the Case of Blockchain The Digital Platform Otto.de: A Case Study of Growth, Complexity, and Generativity Track 8: eHealth & alternde Gesellschaft Security and Privacy of Personal Health Records in Cloud Computing Environments – An Experimental Exploration of the Impact of Storage Solutions and Data Breaches Patientenintegration durch Pfadsysteme Digitalisierung in der Stressprävention – eine qualitative Interviewstudie zu Nutzenpotenzialen User Dynamics in Mental Health Forums – A Sentiment Analysis Perspective Intent and the Use of Wearables in the Workplace – A Model Development Understanding Patient Pathways in the Context of Integrated Health Care Services - Implications from a Scoping Review Understanding the Habitual Use of Wearable Activity Trackers On the Fit in Fitness Apps: Studying the Interaction of Motivational Affordances and Users’ Goal Orientations in Affecting the Benefits Gained Gamification in Health Behavior Change Support Systems - A Synthesis of Unintended Side Effects Investigating the Influence of Information Incongruity on Trust-Relations within Trilateral Healthcare Settings Track 9: Krisen- und Kontinuitätsmanagement Potentiale von IKT beim Ausfall kritischer Infrastrukturen: Erwartungen, Informationsgewinnung und Mediennutzung der Zivilbevölkerung in Deutschland Fake News Perception in Germany: A Representative Study of People’s Attitudes and Approaches to Counteract Disinformation Analyzing the Potential of Graphical Building Information for Fire Emergency Responses: Findings from a Controlled Experiment Track 10: Human-Computer Interaction Towards a Taxonomy of Platforms for Conversational Agent Design Measuring Service Encounter Satisfaction with Customer Service Chatbots using Sentiment Analysis Self-Tracking and Gamification: Analyzing the Interplay of Motivations, Usage and Motivation Fulfillment Erfolgsfaktoren von Augmented-Reality-Applikationen: Analyse von Nutzerrezensionen mit dem Review-Mining-Verfahren Designing Dynamic Decision Support for Electronic Requirements Negotiations Who is Stressed by Using ICTs? A Qualitative Comparison Analysis with the Big Five Personality Traits to Understand Technostress Walking the Middle Path: How Medium Trade-Off Exposure Leads to Higher Consumer Satisfaction in Recommender Agents Theory-Based Affordances of Utilitarian, Hedonic and Dual-Purposed Technologies: A Literature Review Eliciting Customer Preferences for Shopping Companion Apps: A Service Quality Approach The Role of Early User Participation in Discovering Software – A Case Study from the Context of Smart Glasses The Fluidity of the Self-Concept as a Framework to Explain the Motivation to Play Video Games Heart over Heels? An Empirical Analysis of the Relationship between Emotions and Review Helpfulness for Experience and Credence Goods Track 11: Information Security and Information Privacy Unfolding Concerns about Augmented Reality Technologies: A Qualitative Analysis of User Perceptions To (Psychologically) Own Data is to Protect Data: How Psychological Ownership Determines Protective Behavior in a Work and Private Context Understanding Data Protection Regulations from a Data Management Perspective: A Capability-Based Approach to EU-GDPR On the Difficulties of Incentivizing Online Privacy through Transparency: A Qualitative Survey of the German Health Insurance Market What is Your Selfie Worth? A Field Study on Individuals’ Valuation of Personal Data Justification of Mass Surveillance: A Quantitative Study An Exploratory Study of Risk Perception for Data Disclosure to a Network of Firms Track 12: Umweltinformatik und nachhaltiges Wirtschaften Kommunikationsfäden im Nadelöhr – Fachliche Prozessmodellierung der Nachhaltigkeitskommunikation am Kapitalmarkt Potentiale und Herausforderungen der Materialflusskostenrechnung Computing Incentives for User-Based Relocation in Carsharing Sustainability’s Coming Home: Preliminary Design Principles for the Sustainable Smart District Substitution of hazardous chemical substances using Deep Learning and t-SNE A Hierarchy of DSMLs in Support of Product Life-Cycle Assessment A Survey of Smart Energy Services for Private Households Door-to-Door Mobility Integrators as Keystone Organizations of Smart Ecosystems: Resources and Value Co-Creation – A Literature Review Ein Entscheidungsunterstützungssystem zur ökonomischen Bewertung von Mieterstrom auf Basis der Clusteranalyse Discovering Blockchain for Sustainable Product-Service Systems to enhance the Circular Economy Digitale Rückverfolgbarkeit von Lebensmitteln: Eine verbraucherinformatische Studie Umweltbewusstsein durch audiovisuelles Content Marketing? Eine experimentelle Untersuchung zur Konsumentenbewertung nachhaltiger Smartphones Towards Predictive Energy Management in Information Systems: A Research Proposal A Web Browser-Based Application for Processing and Analyzing Material Flow Models using the MFCA Methodology Track 13: Digital Work - Social, mobile, smart On Conversational Agents in Information Systems Research: Analyzing the Past to Guide Future Work The Potential of Augmented Reality for Improving Occupational First Aid Prevent a Vicious Circle! The Role of Organizational IT-Capability in Attracting IT-affine Applicants Good, Bad, or Both? Conceptualization and Measurement of Ambivalent User Attitudes Towards AI A Case Study on Cross-Hierarchical Communication in Digital Work Environments ‘Show Me Your People Skills’ - Employing CEO Branding for Corporate Reputation Management in Social Media A Multiorganisational Study of the Drivers and Barriers of Enterprise Collaboration Systems-Enabled Change The More the Merrier? The Effect of Size of Core Team Subgroups on Success of Open Source Projects The Impact of Anthropomorphic and Functional Chatbot Design Features in Enterprise Collaboration Systems on User Acceptance Digital Feedback for Digital Work? Affordances and Constraints of a Feedback App at InsurCorp The Effect of Marker-less Augmented Reality on Task and Learning Performance Antecedents for Cyberloafing – A Literature Review Internal Crowd Work as a Source of Empowerment - An Empirical Analysis of the Perception of Employees in a Crowdtesting Project Track 14: Geschäftsmodelle und digitales Unternehmertum Dividing the ICO Jungle: Extracting and Evaluating Design Archetypes Capturing Value from Data: Exploring Factors Influencing Revenue Model Design for Data-Driven Services Understanding the Role of Data for Innovating Business Models: A System Dynamics Perspective Business Model Innovation and Stakeholder: Exploring Mechanisms and Outcomes of Value Creation and Destruction Business Models for Internet of Things Platforms: Empirical Development of a Taxonomy and Archetypes Revitalizing established Industrial Companies: State of the Art and Success Principles of Digital Corporate Incubators When 1+1 is Greater than 2: Concurrence of Additional Digital and Established Business Models within Companies Special Track 1: Student Track Investigating Personalized Price Discrimination of Textile-, Electronics- and General Stores in German Online Retail From Facets to a Universal Definition – An Analysis of IoT Usage in Retail Is the Technostress Creators Inventory Still an Up-To-Date Measurement Instrument? Results of a Large-Scale Interview Study Application of Media Synchronicity Theory to Creative Tasks in Virtual Teams Using the Example of Design Thinking TrustyTweet: An Indicator-based Browser-Plugin to Assist Users in Dealing with Fake News on Twitter Application of Process Mining Techniques to Support Maintenance-Related Objectives How Voice Can Change Customer Satisfaction: A Comparative Analysis between E-Commerce and Voice Commerce Business Process Compliance and Blockchain: How Does the Ethereum Blockchain Address Challenges of Business Process Compliance? Improving Business Model Configuration through a Question-based Approach The Influence of Situational Factors and Gamification on Intrinsic Motivation and Learning Evaluation von ITSM-Tools für Integration und Management von Cloud-Diensten am Beispiel von ServiceNow How Software Promotes the Integration of Sustainability in Business Process Management Criteria Catalog for Industrial IoT Platforms from the Perspective of the Machine Tool Industry Special Track 3: Demos & Prototyping Privacy-friendly User Location Tracking with Smart Devices: The BeaT Prototype Application-oriented robotics in nursing homes Augmented Reality for Set-up Processe Mixed Reality for supporting Remote-Meetings Gamification zur Motivationssteigerung von Werkern bei der Betriebsdatenerfassung Automatically Extracting and Analyzing Customer Needs from Twitter: A “Needmining” Prototype GaNEsHA: Opportunities for Sustainable Transportation in Smart Cities TUCANA: A platform for using local processing power of edge devices for building data-driven services Demonstrator zur Beschreibung und Visualisierung einer kritischen Infrastruktur Entwicklung einer alltagsnahen persuasiven App zur Bewegungsmotivation für ältere Nutzerinnen und Nutzer A browser-based modeling tool for studying the learning of conceptual modeling based on a multi-modal data collection approach Exergames & Dementia: An interactive System for People with Dementia and their Care-Network Workshops Workshop Ethics and Morality in Business Informatics (Workshop Ethik und Moral in der Wirtschaftsinformatik – EMoWI’19) Model-Based Compliance in Information Systems - Foundations, Case Description and Data Set of the MobIS-Challenge for Students and Doctoral Candidates Report of the Workshop on Concepts and Methods of Identifying Digital Potentials in Information Management Control of Systemic Risks in Global Networks - A Grand Challenge to Information Systems Research Die Mitarbeiter von morgen - Kompetenzen künftiger Mitarbeiter im Bereich Business Analytics Digitaler Konsum: Herausforderungen und Chancen der Verbraucherinformati