Logo des Repositoriums

Auflistung nach Schlagwort "IT-security"

1 - 6 von 6
  • Zeitschriftenartikel
    Cloud-Architekturen für Datenanalysen in Wirtschaftsprüfungsgesellschaften
    (HMD Praxis der Wirtschaftsinformatik: Vol. 53, No. 5, 2016) Adelmeyer, Michael; Teuteberg, Frank
    Durch die zunehmende Digitalisierung von Prozessen steigt die Datenmenge in Unternehmen weiter an. Dies erfordert den Einsatz neuer Methoden und IT-Architekturen in der Wirtschaftsprüfung, um diese Datenmengen bewältigen zu können. Im Vergleich zu klassischen IT-Architekturen können durch den Einsatz von Cloud-Architekturen für rechen- und speicherintensive Datenanalysen Effizienzpotentiale realisiert und neue Prüfungsansätze ermöglicht werden. Eine Cloud-Architektur bietet jedoch nicht uneingeschränkt Vorteile, vielmehr müssen spezifische Risiken und Anforderungen bedacht werden, zum Beispiel in Bezug auf den Schutz und die Sicherheit von teils sensiblen Mandantendaten und deren rechtskonforme Speicherung und Verarbeitung. Der vorliegende Beitrag basiert auf einer Erhebung in einer führenden Wirtschaftsprüfungsgesellschaft, die im Vorfeld zur Einführung einer Cloud-Architektur durchgeführt wurde. Es werden Herausforderungen und Potentiale einer solchen Lösung aufgezeigt sowie eine potentielle Umsetzung und Integration für den Anwendungsfall von Datenanalysen in der Wirtschaftsprüfung vorgestellt.AbstractThe ever-growing digitalization of processes increases the data amount generated in companies. This requires the application of new auditing techniques and IT architectures in order to handle the increasing data amount. Compared to traditional IT architectures, the use of cloud architectures for computer- and storage-intensive data analyses could leverage efficiency opportunities and allow for the realization of new auditing approaches. However, the use of cloud architectures does not only involve advantages, the specific risks and requirements that arise from the application of this technology must also be factored in, e. g., the protection, security and the legally compliant storage and processing of sensitive client data. This paper is based on a study that was conducted in a leading assurance company prior to the implementation of a cloud solution. The focus lies on the identification of challenges and potentials of such a cloud solution. Furthermore, a potential implementation as well as an integration of a cloud architecture for the individual application of data analyses in the field of auditing are introduced.
  • Konferenzbeitrag
    Exploring the Human Factor in IT-security: A mobile lab for Investigating User Behavior
    (Open Identity Summit 2023, 2023) Fähnrich, Nicolas; Köster, Kevin; Renkel, Patrick; Huber, Richard; Menz, Nadja
    The threat of cybersecurity incidents is increasingly challenging for companies and employee interaction plays a crucial role in the majority of cyberattacks. In this paper, we present a mobile, scalable IT-security lab to investigate the human factor in such incidents. The lab enables study participants to experience cyberattacks in an immersive workplace environment. In order to ensure that the target group of small and medium sized company (SME) employees is reached, we have designed the mobile lab in such a way that it can be easily operated in different locations and sizes.
  • Konferenzbeitrag
    A lightweight trust management infrastructure for self-sovereign identity
    (Open Identity Summit 2021, 2021) Kubach, Michael; Roßnagel, Heiko
    Decentralized approaches towards digital identity management, often summarized under the currently popular term Self-sovereign identity (SSI) are being associated with high hopes for a bright future of identity management (IdM). Numerous private, open source as well as publicly funded research initiatives pursue this approach with the aim to finally bring universally usable, trustworthy, interoperable, secure, and privacy friendly digital identities for everyone and all use cases. However, a major challenge that so far has been only rudimentary addressed, is the trust management in these decentralized identity ecosystems. This paper first elaborates this problem before presenting an approach for a trust management infrastructure in SSI ecosystems that is based on already completed work for trust management in digital transactions.
  • Konferenzbeitrag
    Online tool for matching company demands with IT-security offerings
    (Open Identity Summit 2022, 2022) Fähnrich, Nicolas; Roßnagel, Heiko
    Small and medium sized companies (SMEs) are often insufficiently protected against cyberattacks although there is a wide range of cybersecurity guidelines, products and services availableIn this paper, we present an online tool to support SMEs in improving their IT-security level by enabling them to identify critical business processes and to identify the most pressing protection needs by using a lightweight value chain-based approach. For using the online tool, no expert knowledge of the company’s IT-infrastructure or implemented IT-security measures is required, since no assessment of cybersecurity threats but of the impact of potential damage scenarios on business processes is carried out. Based on a generated set of recommendations, companies are provided with suitable IT-security measures and corresponding offerings in a prioritized order. These offerings include services and products to implement the given recommendations.
  • Konferenzbeitrag
    Self-sovereign and Decentralized identity as the future of identity management?
    (Open Identity Summit 2020, 2020) Kubach, Michael; Schunck, Christian H.; Sellung, Rachelle; Roßnagel, Heiko
    Blockchain-based Self-sovereign and Decentralized identity approaches are seen by many as the future of identity management. These solutions are supposed to finally bring universally usable, trustworthy, secure, and privacy friendly digital identities for everyone and all use cases. This paper first presents the promises of this technological app
  • Konferenzbeitrag
    A user-centric approach to IT-security risk analysis for an identity management solution
    (Open Identity Summit 2022, 2022) Fähnrich, Nicolas; Winterstetter, Matthias; Kubach, Michael
    In order to build identity management (IdM) solutions that are secure in the practical application context, a holistic approach their IT-security risk analysis is required. This complements the indispensable technical, and crypto-focused analysis of risks and vulnerabilities with an approach that puts another important vector for security in the center: the users and their usage of the technology over the whole lifecycle. In our short paper we focus exclusively on the user-centric approach and present an IT-security risk analysis that is structured around the IdM lifecycle.