Economic Assessment and Analysis of Compliance in Business Processes: A Systematic Literature Review and Research Agenda

Businesses today are faced with the challenge of adapting processes to an increasing amount of compliance regulations. These expensive adjustments result in compliance management becoming an enormous cost driver. It seems all the more surprising that there is still a large research gap in terms of quantitative measures for assessing the efficiency of compliance in business processes. This challenge primarily motivates the topic of this paper, as an economic assessment of business process compliance (BPC) becomes increasingly relevant. Based on a systematic and rigorous literature review, this paper provides an overview of current research and thereupon investigates concepts to economic assessment of BPC with a focus on quantitative measures. The analysis shows that not all contributions dealt to the same extent with the economic assessment of BPC and that the resulting concepts cannot be strictly separated from one another

Categories of Approaches for IT Security Investment Decisions: A systematic literature review

The repurposing of problem-solving artifacts is an efficient way to innovate. Originating in evolutional theory, exaptation – the repurposing of an existing trait – gained recently attention in IS research due to the generative and malleable characteristics of digital technologies. Notwithstanding, research on this theoretical construct in IS research is scarce, while the innovation and economics literature already adapted the theory to, e.g., explain and predict disruptive market behaviors. With a scoping literature review, this paper pursues to draw a comprehensive picture of the current state of research of exaptation in IS research. Through an analysis of 46 publications, we could structure the field, derive three valuable contributions for the general exaptation theory and outline a future research agenda provide orientation and inspiration for further exaptation research in the digital and organizational context

A Process-Based Approach to Information Security Investment Evaluation: Design, Implementation, and Evaluation

In recent years, the importance of information security has grown significantly due to the rise of cyber threats and attacks. However, evaluating investments in information security can be challenging, as traditional methods often rely solely on monetary factors and fail to capture the dynamic nature of business processes. This paper introduces a novel process-based evaluation method for assessing the effect of investments in information security on business processes. The paper outlines practical design requirements for the method and its instantiation as a prototype, which is then evaluated using a three-step approach with two companies from the healthcare and energy sectors. The evaluation results demonstrate the proposed method\u27s usefulness in information security investment decisions. This paper contributes to the field of information security investment evaluation by providing a proof-of-concept that potentially paves the way for future research to increase the quality and economics of investments in information security