Stephan Kühnel

Martin Luther University Halle-Wittenberg | MLU · Department of Management Information Systems and Operations Research

The term compliance essentially refers to ensuring that business processes, operations and practices conform to an agreed set of rules. Such rules can influence both business processes and components of an information technology (IT) architecture, resulting in relationships between (1) compliance requirements, (2) process elements and (3) IT compon...

RPA is a new approach to automating processes that has gained momentum in recent years. Research and vendors highlight potential benefits of RPA, such as increased efficiency, quality, cost reduction, and higher customer and employee satisfaction. However, as interest in RPA grows, so does the need to demonstrate its benefits, which in turn require...

Information technology (IT) departments are increasingly challenged to replace legacy applications with novel public cloud software as a service (SaaS) to innovate the organization's business processes. The resulting hybrid cloud is formed by integrating the added SaaS with existing IT services. The decision to adopt SaaS in such a hybrid cloud ser...

A well-known approach to managing and controlling workflows in organizations is the workflow management system (WFMS). Recently, approaches utilizing augmented reality headsets as WFMS front ends have been discussed, enabling higher efficiency, effectiveness, and usability for certain application scenarios. However, existing design-oriented approac...

Deterrence theory is one of the most commonly used theories to study information security policy non-compliance behavior. However, the results of studies in the information security field are ambiguous. To further address this heterogeneity, various influencing factors have been considered in the context of deterrence theory. However, a current cha...

Proceedings of the 3rd International Workshop on Current Information Security and Compliance Issues in Information Systems Research (CIISR 2023), Co-located with the 18th International Conference on Wirtschaftsinformatik (WI 2023), Paderborn, Germany, September 18, 2023. CEUR Workshop Proceedings 3512, CEUR-WS.org 2023.

The management and organization of volunteering in the social sector have been strongly influenced by technological progress over the last two decades. New proposals for IT-based volunteering management platforms that draw on many elements of social media are appearing with increasing frequency. In this article, we analyzed the current state of the...

Complying with data protection regulations is an essential duty for organizations since violating them would lead to monetary penalties from authorities. In Europe, the General Data Protection Regulation (GDPR) defines personal data and requirements for dealing with this type of data. Hence, organizations must identify business activities that deal...

Cyber-attacks can cause severe economic damages to businesses today. Therefore, every company needs to protect its IT systems from such attacks by implementing effective IT security measures. When it comes to deciding on an IT security measure, there is a variety of decision approaches that can offer support on choosing an economically reasonable o...

In recent years, the importance of information security has grown significantly due to the rise of cyber threats and attacks. However, evaluating investments in information security can be challenging, as traditional methods often rely solely on monetary factors and fail to capture the dynamic nature of business processes. This paper introduces a n...

The rise in distraction-related traffic accidents necessitates in-car infotainment systems that prioritize safety, as current systems often prioritize entertainment and convenience, contributing to the high number of distracted driving fatalities. Therefore, this paper applied a design science research approach to develop a design theory for Augmen...

Under the minitrack "ICTs for Sustainable and Intelligent Mobility Solutions" (as part of the Main Track “Green IS and Sustainability"), we call for rigorous research that enhances our understanding of the role of information and communication technologies (ICTs) in promoting sustainable and intelligent mobility solutions. ICTs in this context can,...

The development of the DASC-PM (Data Science Process Model) is based on the knowledge of a large working group consisting of experts in Data Science. We believe that the procedure de-scribed in the DASC-PM can be used beneficially in data-driven projects and offers support in structuring complex projects. In version 1.1 of the DASC-PM, which was pu...

Die Entwicklung des DASC-PM (Data Science Process Model) basiert auf dem Wissen einer gro-ßen Arbeitsgruppe, die sich aus Expertinnen und Experten der Data Science zusammensetzt. Wir sind der Meinung, dass die im DASC-PM beschriebene Vorgehensweise in datengetriebenen Pro-jekten nutzbringend eingesetzt werden kann und eine Unterstützung bei der Str...

Disaster managers are in charge of encountering natural disasters, yet, more often supported by citizens, so-called spontaneous volunteers. Their help has repeatedly been reported to be valuable for reducing disaster scales, regarding an increase in natural disasters occurrences with devastating effects. However, their characteristic to emerge in l...

Augmented reality (AR) is currently discussed as an approach to promote the personal health of elderly and cognitively impaired people, with spatial AR being a promising, wearable-less solution to enable an augmented living space (ALiS) that immersively provides and communicates individual, needs-oriented functionalities in the areas of perception,...

Social learning theory has attracted increasing attention in recent years in terms of its use to study information security policy non-compliance behavior. But previous results of studies in the field of information security have been rather heterogeneous. Various influencing factors have been considered within the framework of social learning theo...

This article presents the Data Science Process Model version 1.1 (DASC-PM v1.1) and a case study to illustrate how the comprehensively designed project phases, tasks, and resulting elements of a data science project interact and how they can be selected, adapted, and implemented for individual purposes. This allows organizations that differ, for ex...

Zusammenfassung Data-Science-Projekte sind typischerweise interdisziplinär, adressieren vielfältige Problemstellungen aus unterschiedlichen Domänen und sind häufig durch heterogene Projektmerkmale geprägt. Bestrebungen in Richtung einer einheitlichen Charakterisierung von Data-Science-Projekten sind insbesondere dann relevant, wenn über deren Durch...

In this paper, we present the four-stage concept, implementation, application, and 2-stage evaluation of the tool EconBPC. EconBPC is a software artifact that emerged from a design science research initiative on the use of extensible event streams (XES). It was created to take a first step towards an automated activity-based monetary assessment of...

This document contains a user manual and a download link for EconBPC. EconBPC is a software artifact that emerged from a design science research initiative on the use of extensible event streams (XES). It was created to take a first step towards an automated activity-based monetary assessment of security and compliance measures in business processe...

The everyday life of elderly and cognitively impaired people can be significantly supported through information technology solutions, with spatial augmented reality being a promising one of them. With our solution approach, we are developing an Augmented Living Space (ALiS), whereby content is projected and communicated within the living space. Thu...

In February 2020, the first version of a comprehensive process model for data science projects appeared: the Data Science Process Model (DASC-PM). The positive feedback we have received indicates we were able to contribute to the discussion of data science activities that we were hoping for. Over the last two years, the DASC-PM has found its way in...

A currently discussed approach to increase efficiency during task execution, inter alia to reduce error rates and execution times, is the utilization of headset-based augmented reality systems (HARS). Additional to direct task support, HARSes can offer workflow management and control functions. However, these are only covered very limitedly by exis...

Information security attacks typically exploit the weakest link in the chain, which in most cases is the IT end user at the workplace. While great strides have been made in understanding and explaining information security behavior, little is known about how such behavior is acquired by individuals in the first place. This research approaches the p...

Im Februar 2020 erschien mit dem Data Science Process Modell (DASC-PM) die erste Version eines umfassenden Vorgehensmodells für Data-Science-Projekte. Die vielen positiven Rückmeldungen, die wir erhalten haben, zeigen uns, dass wir den erhofften Beitrag zur Diskussion rund um Data-Science-Aktivitäten leisten konnten. Das DASC-PM hat in den letzten...

The execution of workflows in many application fields is increasingly linked to the processing of context information. This makes it possible to provide users with the right information at the right time in order to optimally support workflow execution. A current approach to realize context-sensitive support are augmented reality systems. These pro...

Businesses today are faced with the challenge of adapting processes to an increasing amount of compliance regulations. These expensive adjustments result in compliance management becoming an enormous cost driver. It seems all the more surprising that there is still a large research gap in terms of quantitative measures for assessing the efficiency...

Business process discovery approaches analyze event logs to create process models describing the current state of the underlying processes. Because this type of process mining is especially relevant for low-structured processes, there are approaches designed to deal with such processes by simplifying the resulting model. Such simplifications are pr...

Der Beitrag stellt anhand des Data Science Process Model (DASC-PM) und mittels einer Fallstudie dar, wie die umfassend gestalteten Projektphasen, Aufgaben und Ergebniselemente eines Data-Science-Projekts ineinandergreifen und für den individuellen Einsatzzweck ausgewählt, angepasst und umgesetzt werden können. Dies erlaubt Organisationen, ihre indi...

Proceedings of the First International Workshop on Current Compliance Issues in Information Systems Research (CIISR 2021), Co-located with the 16th International Conference on Wirtschaftsinformatik (WI 2021), Online (initially located in Duisburg-Essen, Germany), March 9th, 2021. Originally published online by CEUR Workshop Proceedings (CEUR-WS.org...

Als Ergebnis einer virtuellen Arbeitsgruppe aus Wissenschaftler:innen und Praktiker:innen entstand zwischen April 2019 und Februar 2020 das Data-Science-Vorgehensmodell DASC-PM, dessen Ziel es ist, vorhandenes Wissen über die Durchführung von Data-Science-Projekten für alle Interessensgruppen in geeigneter Form zu strukturieren. Unter Berücksichtig...

The scale of many recent disasters would have been far more dramatic without the help of spontaneous volunteers. Practice and academia expressed the need for knowledge about factors influencing the behavior of spontaneous volunteers, especially for coordination and simulation purposes, and for decision support systems. While the impact of external...

Digitalization increases the complexity of work processes and generates large amounts of data. In this context, efficient processing is needed, providing the right information at the right time and place to the right employees (context sensitivity). Automated presentation of such "right" information can be achieved by technologies that use augmente...

Mit der rasanten Durchdringung von Cloud Services im Markt entscheiden sich immer mehr Organisationen (z. B. Unternehmen), Cloud Services zu konsumieren anstatt Applikationen selbst zu betreiben und damit die Digitalisierung ihrer Geschäftsprozesse weiter voran zu treiben. Nach Gartner steigen die Public Cloud Märkte und nach Synergy Research Group...

Cloud computing provides IT infrastructures and services via networks, and it enables economic potentials for end users as well as a focus on core competencies. In addition to its extensive potentials, cloud computing in general, and hybrid cloud computing in particular, pose new challenges in the negotiation and formulation of Service Level Agreem...

Data-driven disciplines like data mining and knowledge management already provide process-based frameworks for data analysis projects, such as the well-known cross-industry standard process for data mining (CRISP-DM) or knowledge discovery in databases (KDD). Although the domain of data science addresses a much broader problem space, i.e., also con...

In many industries, ensuring compliance in business processes has become a cost-intensive task due to intensive regulation. For companies to operate profitably despite current regulatory developments, approaches to the economic assessment and analysis of process-based compliance measures are needed. The dissertation entitled "Economic Assessment an...

In den meisten Berufsbranchen und Forschungsdisziplinen ist der Begriff Data Mining, der sich im engen Sinne mit der Analyse von Datenbeständen zur Mustererkennung befasst, seit mehreren Dekaden bekannt. Betrachtet man jedoch aktuelle Stellenausschreibungen und wissenschaftliche Artikel, die Daten und Datenanalysen adressieren, so stößt man unweige...

In conjunction with the 16th International Conference on Wirtschaftsinformatik (WI2021), the First International Workshop on Current Compliance Issues in Information Systems Research (CIISR) will be held in 2021. We cordially invite you to submit completed research papers/complete practical reports (max. 12 pages), research in progress papers/short...

Das Thema Data Science hat in den letzten Jahren in vielen Organisationen stark an Aufmerksamkeit gewonnen. Häufig herrscht jedoch weiterhin große Unklarheit darüber, wie diese Disziplin von anderen abzugrenzen ist, welche Besonderheiten der Ablauf eines Data-Science-Projekts besitzt und welche Kompetenzen vorhanden sein müssen, um ein solches Proj...

Bei Katastrophen (auch: „Disasters“) handelt es sich um zumeist verheerende Ereignisse, die negative Folgen nach sich ziehen. Wie verheerend diese Auswirkungen tatsächlich sind, zeigt eine von der United Nations Office for Disaster Risk Reduction (UNDRR) veröffentlichte Studie (vgl. Wallemacq/House). So gab es in den vergangenen 20 Jahren mehr als...

Business process compliance (BPC) refers to business processes that meet requirements originating from different sources, such as laws, directives, standards, etc. BPC has become a heavy cost driver that requires both technical and economic support. While there are numerous tools for the technical support of compliance with requirements, there is a...

The file contains the appendices A-G of the paper "Conceptualization, Design, and Implementation of EconBPC – A Software Artifact for the Economic Analysis of Business Process Compliance".

Compliance – ein Begriff, den vor 10 Jahren noch kaum jemand kannte, findet regelmäßiger denn je Anwendung in den Medien. Dank dem stetigen Erlass neuer Gesetze, Verordnungen oder Richtlinien und daraus folgender Konsequenzen, die gleichermaßen Unternehmen wie auch Privatpersonen betreffen, sind Compliance-relevante Themen auch aus aktuellen Nachri...

Abstract (English version): In many industries, compliance with regulatory requirements in business processes, or so-called business process compliance, has become a cost-intensive task due to continually intensified regulation. For companies to operate profitably despite such intensive regulation, approaches to the economic assessment, analysis,...

In the originally published version of chapter 24, the total values of table 2 and the text on page 417 were initially published with errors. This has been corrected and the supplementary material has been updated.

Business Process Compliance (BPC) denotes the execution of business processes in accordance with applicable compliance requirements. BPC can be satisfied through compliance processes that are integrated into the business process. In addition, compliance requirements place demands against IT components that are sometimes necessary to execute busines...

In the original version of this chapter, the term “vector product” was used instead of “scalar product” in the first paragraph of page 236. This has now been corrected.

Information security attacks usually exploit the weakest link in the chain — in many cases the end user at the workplace. While major advances have been made in understanding and explaining information security behavior, little is known about how such behavior is acquired in the first place. This research approaches the phenomenon through the lens...

Das Interuniversitäre Doktorandenseminar der Wirtschaftsinformatik kann inzwischen auf eine langjährige Tradition zurückblicken. Bereits zum 22. Mal finden sich Doktorandinnen und Doktoranden, Professorinnen und Professoren aus Mitteldeutschland zusammen um Promotionsvorhaben und aktuelle Forschungsergebnisse zu präsentieren und zu diskutieren. Sei...

Business process compliance (BPC) denotes business processes that adhere to requirements originating from different sources, e.g., laws or regulations. Compliance measures are used in business processes to prevent compliance violations and their consequences, such as fines or monetary sanctions. Compliance measures also incur costs, e.g., for tools...

Business Process Compliance (BPC) means ensuring that business processes are in accordance with relevant compliance requirements. Thus, BPC is an essential part of both business process management (BPM) and compliance management (CM). Digitization has also been referred to as a "digital revolution" that describes a technological change that has ext...

The adherence of business process compliance (BPC) is crucial for many companies. In addition, business processes may be supported by IT components, which can also be affected by compliance requirements. Due to business process change and the avoidance of compliance violations, companies must analyze, among other things, the interactions between bu...

Recent disasters have revealed growing numbers of citizens who participate in responses to disasters. These so-called spontaneous unaffiliated on-site volunteers (SUVs) have become valuable resources for mitigating disaster scales. However, their self-coordination has also led to harm or putting themselves in danger. The necessity to coordinate SUV...

Owing to the constant rise in the number of regulatory requirements, checking and ensuring business process compliance (BPC) becomes increasingly complex and thus more costly. Although managing BPC in a cost-effective way is critical for organisations, it lacks a corresponding domain model. In response, the paper at hand introduces a theoretically...

Checking and ensuring business process compliance (BPC) can be very costly, especially given redundant or conflicting compliance requirements or intensive regulation in general. Although managing BPC in a cost-effective way is critical for organisations, corresponding methods and pro-cedures are lacking. This paper outlines a research agenda for de...

Gesetze, Normen oder Standards stellen eine Vielzahl, sogenannter Compliance- Anforderungen an Geschäftsprozesse und Informationstechnologie (IT). Änderung an Aktivitäten eines Geschäftsprozesses, IT-Komponenten oder bestehenden Compliance-Anforderungen erfordern weiterhin die Sicherstellung der Konformität des Geschäftsprozesses oder der ITKompone...

Dynamic markets and new technology developments lead to an increasing number of compliance requirements. Thus, affected business processes must be flexible and adaptable. Ensuring business processes compliance (BPC) is traditionally operationalized by means of controls, which can be described as simple target-performance comparisons. Since such con...

Gesetze, Normen oder Standards stellen eine Vielzahl, sogenannter Compliance-Anforderungen an Geschäftsprozesse und Informationstechnologie (IT). Änderung an Aktivitäten eines Geschäftsprozesses, IT-Komponenten oder bestehenden Compliance-Anforderungen erfordern weiterhin die Sicherstellung der Konformität des Geschäftsprozesses oder der IT-Kompone...

Zusammenfassung Business Process Compliance (BPC) bezeichnet die Einhaltung von Anforderungen (aus Gesetzen, Standards, internen Vorgaben usw.) bei der Definition und Ausführung von Geschäftsprozessen. Die Sicherstellung von BPC ist für Unternehmen häufig eine komplexe und kostenintensive Angelegenheit. Um eine Beeinträchtigung der Wettbewerbssitua...

Business Process Compliance (BPC) is defined as the adherence of requirements within the conception and execution of business processes. Ensuring BPC can be very complex and expensive despite IT support, especially in the presence of a variety of redundant and conflicting compliance requirements or an intensive regulation in general. This results i...

Die Entwicklung neuer Technologien sowie Bemühungen um eine zunehmende Digitalisierung sind im Kontext der IT-Sicherheit für Unternehmen Segen und Fluch zugleich. Denn einerseits bieten technologische Neuerungen offensichtlich viel Potential für die Stärkung oder den Erhalt der Wettbewerbsposition von Unternehmen. Andererseits kann die Einführung n...

Actual research approaches out of the business process management in conjunction with the control and compliance theory place new demands on the flexibility of processes. Since current ontologies are not able to depict control and business processes considering these demands, we merged existing approaches and developed the refined and extended onto...

Ein modernes Risikomanagement ist längst keine Aufgabe mehr, die Unternehmen auf freiwilliger Basis und zum Selbstschutz betreiben. Vielmehr ist ein institutionalisiertes Risikomanagement in vielen Bereichen heute gesetzliche Vorschrift (siehe hierzu bspw. das Gesetz zur Kontrolle und Transparenz im Unternehmensbereich (KonTraG), das u. a. in §91 A...

Der folgende Artikel greift das nach wie vor aktuelle Thema Compliance auf und beleuchtet dessen Bedeutung insbesondere im Hinblick auf die unternehmensinterne IT. Dabei soll herausgestellt werden, welcher Unterschied zwischen Compliance im Allgemeinen und IT-Compliance einerseits, sowie zwischen IT-Compliance und Compliance by IT andererseits best...

Big Data ist ein Begriff, dem man längst nicht mehr nur in Forschung und Lehre begegnet. Der Terminus hat in vielen betrieblichen Bereichen Einzug gehalten und wird inzwischen gerne und vielschichtig verwendet. Doch was verbirgt sich eigentlich hinter Big Data und vor allem auch hinter den darauf aufbauenden Analysen? Dieser Beitrag geht dieser...

Ineffektive Compliance-Kontrollen bergen hohe Risiken, werden in der Unternehmenspraxis jedoch häufig aus Kostengründen in Kauf genommen. Der vorliegende Beitrag stellt einen neuartigen Ansatz vor, der die Spezifizierung effizienter und effektiver Compliance-konformer Kontrollprozesse ermöglicht. Mit dem diskutierten Ebenenmodell und dem aktivitäts...