At eSmart 2003, Kekicheff and Brewer [1] reported on the development of the GlobalPlatform Card Security Requirements Specification (CSRS) [2]. They pointed out not only that the CSRS presents a semi-formal security specification for the entire card platform, but also that it proposes a method for selecting the most appropriate card configuration based on risk analysis. Particular attention was...

This paper addresses the concept of model uncertainty within the context of risk analysis. Though model uncertainty is a topic widely discussed in the risk analysis literature, no consensus seems to exist on its meaning, how it should be measured, or its impact on the application of analysis results in decision processes. The purpose of this paper is to contribute to clarification. The first pa...

While security professionals have long talked about risk, moving an organization from a “security” mindset to one that thoughtfully considers information risk is a challenge. Managing information risk means building risk analysis into every business decision. In this panel, we will discuss how CISOs are working to move the conversation from security towards information risk. In particular, we w...

In order to explain how DIYbio knowledge and expertise is developed and shared the use of Practice Theory will help us gain a useful understanding of how working practices are sustained, reproduced and potentially changed. In addition, the development and sharing of thick, evocative, rich descriptions of these practices might contribute to the motivational knowledge of DIYbio practitioners.

Employees and/or functional managers increasingly adopt and use IT systems and services that the IS management of the organization does neither provide nor approve. To effectively counteract such shadow IT in organizations, the understanding of employees’ motivations and drivers is necessary. However, the scant literature on this topic primarily focused on various governance approaches at firm ...

While cloud computing is becoming a mainstream IT sourcing option, especially large companies struggle with the internal governance of cloud and the issue of shadow IT. This study takes a technological frames perspective to contrast the knowledge and expectations that business versus IT stakeholders have regarding cloud IT. Our interview data from 20 business and IT managers display the incongr...

This paper deals with simulation modeling of the vessel traffic in Delaware River. The purpose is to study the impact of deepening on the navigational efficiency in the River. In this regard, vessel calls to terminals, lightering and barge operations, tidal and navigational rules in the River, terminal and anchorage properties as well as vessel profiles are considered in the model. The simulati...

The economic relevance of IT risks is increasing due to various operational, technical as well as regulatory reasons. Increasing flexibility of business processes and increasing dependability on IT require continuous risk assessment, challenging current methods for risk management. Extending IT risk management by a business process-oriented view is a promising approach for taking the occurring ...