Cybersecurity Governance – An Adapted Practical Framework for Small Enterprises

Digitalization is advancing and the associated risks are a strategic task for enterprises of all sizes. One risk area to which small businesses often do not pay enough attention are cyber risks. Often, the governance of cyber risks is not embedded at the owner or management level. However, it is important to evaluate, direct and monitor cyber risk mitigation activities by a company's leaders or its owner. A ´cybersecurity governance framework´ for small enterprises was developed and validated by applying Design Science Research. The framework focuses on criteria that are essential for small businesses, such as simplicity of understanding and ease of use (both for non-experts). Six principles identified relevant build the common thread of the framework, which guides the main activities to be implemented: 'responsibility', 'strategy', 'cybersecurity threats and risks', 'development and change', 'conformance' and 'people, skills and competencies'

Building Digital Trust to Protect Whistleblowers - A blockchain-based Reporting Channel

Organizations today need internal reporting channels to report illegal/unethical misconduct. For this purpose, organizations set up one or more - often digital - internal reporting channels. Persons/Employees who want to report misconduct, so-called whistleblowers, expose themselves to reprisals and therefore need trustworthy reporting channels which ensure ´Digital Trust´. Blockchain, a technology that overcomes the need for trust due to its properties of immutability and integrity of data, could be promising as underlying technology for a digital reporting channel which is recognized as trustworthy. In our research, we explored multiple perspectives relevant to a trustworthy digital reporting system. Applying design science research, we evaluated the current state of the art of (digital) reporting channels and developed a prototypical blockchain-based reporting solution called “Integrity@Inside”. The prototype is being iteratively demonstrated and pre-evaluated

An Adaptable Approach for Successful SIEM Adoption in Companies

In corporations around the world, the topic of cybersecurity and information security is becoming increasingly important as the number of cyberattacks on themselves continues to grow. Nowadays, it is no longer just a matter of protecting against cyberattacks, but rather of detecting such attacks at an early stage and responding accordingly. There is currently no generic methodological approach for the implementation of Security Information and Event Management (SIEM) systems that takes academic aspects into account and can be applied independently of the product or developers of the systems. Applying Hevner's design science research approach, the goal of this paper is to develop a holistic procedure model for implementing respective SIEM systems in corporations. According to the study during the validation phase, the procedure model was verified to be applicable. As desire for future research, the procedure model should be applied in various implementation projects in different enterprises to analyze its applicability and completeness.Comment: Submitted to the AC2023 Conferenc

Touching Space: Distributed Ledger Technology for Tracking and Tracing Certificates

Components built into space vehicles and equipment (space products) must meet different regulatory requirements; in detail, each component must be certified and sustainably traceable at all times. Space engineers have expressed the need for an interoperable system to collect, manage and route certifications for components, parts and materials that go into space products. The lack of a unified approach in the European space industry is a challenge for companies involved in product development. This research proposes an open-source, secure, fast and distributed ledger technology (DLT) based solution that fits into any IT environment and is well adapted to the needs of manufacturing companies in the space sector. The results show that a blockchain-based solution based on 'Hyperledger Fabric' combined with the InterPlanetary File System is viable. The results can guide other researchers and practitioners to consider DLTs when changing their certification management paradigm with suppliers, customers and auditors

Proceedings of the workshops co-organized with the 13th IFIP WG 8.1 working conference on the Practice of Enterprise Modelling (PoEM 2020)

Workshops co-organized with the 13th IFIP WG 8.1 working conference on the Practice of Enterprise Modellin