Current PhD Projects
Quantified Vehicles: Data, Services, Ecosystems
Digitalization has become an important driver of service and business innovation in the automotive industry. For instance, the Quantified-Self movement has recently been transferred to the automotive domain, resulting in the provision of novel digital services for various stakeholders including e.g. individual drivers and insurance companies. In this direction, a growing number of ICT start-ups from outside Europe have entered the market, and thereby raised awareness of the automotive industry, that in the age of digital technology vehicles will have to exceed their former functionality as a tool for transportation to survive as status symbols. One feasible approach is to provide valuable digital services based on vehicle sensor data which currently is used for the sake of driving only – termed “quantified vehicles”.
The aim of this research is amongst others to analyze vehicle sensor data (data types, availability across manufacturers, interfaces), stakeholders, business models and value models, and the vehicle data value chain, and to design and implement a data acquisition hardware and software, a scalable software architecture for data analysis, and data-driven services. Based on that, scenarios for vehicle data ecosystems will be developed.
Homepage/Blog with news regarding progress of the dissertation project: http://www.christiankaiser.at/
Completed PhD projects
Design Principles for Ensuring Compliance in Business Processes
In contrast to process modeling, the modeling of legal requirements requires not only an understanding of processes but also a basic understanding of legal concepts for the interpretation of regulations. However, while process modelers and analysts who are trained in using formal methods may be experts in applying process logic, they do not necessarily understand the normative meanings of a regulation. Modeling languages that help this user group to identify relevant concepts are hence a great advantage in compliance modeling to avoid modeling errors. Paradoxically, these rule languages, also referred to as compliance languages, have yet to be evaluated in terms of their representational or cognitive complexity, so it is impossible to say whether these languages can be efficiently used. In this thesis, we close this research gap and evaluate the complexity and understandability of compliance languages. First, to calculate the complexity, we apply established software metrics and interpret the results with respect to the languages’ expressiveness. As a measure of their expressiveness, we distinguish the normative concepts of legal requirements. Second, to investigate the languages’ understandability, we use a cognitive model of the human problem-solving process and analyze how efficiently users perform a compliance modeling task. Our results have theoretical and practical implications that give directions for the development of compliance languages, and rule-based languages in general.
Conceptualisation and Instruments of preventive returns management in business-to-consumer E-Commerce
The trade of goods via the Internet is continuously increasing. As a result, the number of returns in e-commerce is also rising steadily. Especially in the German business-to-consumer online trade, returns are a great challenge and very cost-intensive. Preventive returns management attempts to prevent returns by starting before the goods are delivered. Thus, it contributes to increasing competitiveness and, if necessary, customer satisfaction. Previous research work was oriented towards conditions abroad that are difficult to transfer and did not provide a comprehensive picture of preventive returns management in the German market. This thesis develops a conceptual framework for preventive returns management in e-commerce. Through this framework, the conditions, design possibilities as well as the effects of preventive returns management can be made visible and evaluated both in science and practice. The work uses a design science approach as a superordinate research paradigm. In addition to qualitative and quantitative studies, approaches from the field of machine learning (e.g. text mining, SVM) were implemented and evaluated. Significant identified design possibilities can be directly implemented in the respective IT processes of the online shop. Above all, rigidly implemented decision-making processes should be changed towards more dynamic IT processes. Furthermore, implementation recommendations for online shops were derived, which can be scientifically proven as well as substantiated by implementations tested in practice.
A Method for the Design of IT Self-Services in organizational settings
Business analysts praise Development and Information Technology (IT) Operations (DevOps) as one of several approaches underpinning digital business. DevOps describes the effort to integrate software development and IT Operations. This integration enables software developers to perform IT Operations tasks on their own, thereby incorporating the IT self-service paradigm.
Through IT self-service (e.g., cloud service provisioning and automated software deployment) internal customers (e.g., software engineers and IT consultants) become actively involved in the process of IT service delivery. In other words, IT self-service enables the IT department to transfer task-performance to internal customers. For the IT department, this can translate into an improved efficiency from a reduced workload of the IT personnel. IT self-service is about freeing the IT personnel from performing recurrent, routine IT service delivery tasks. It allows to reduce the time the IT department must spend on operational tasks, thereby enabling it to spend more time on a strategic contribution for the organization. To realize such benefits, IT self-services must be designed properly from the IT Operations perspective. So far, academic research has fallen short in guiding service providers on how to design self-services to reduce the service personnel’s workload in service delivery. Hence, scholars call for research that provides guidance for managerial decisions on which services tasks to automate and which customers to address with self-services.
This research follows this call. The goal of this research is to develop a method, which guides IT decision makers in designing IT self-services to reduce the IT personnel’s workload in IT service delivery, based on decision theory principles. The design of the method follows the Design Science Research paradigm. To evaluate the method, it is planned to be instantiated in the form of a decision support system.
Decision Support in Enterprise Architecture Management
In times of very dynamic markets, enterprises are faced with major challenges. New business models and newly emerging competitors are tantalizing the competition and shifting market shares. Product life cycles are becoming shorter and shorter. Enterprises are therefore faced with a continual change in order to keep pace with this development. This requires both innovative new products and efficient change and implementation processes. Owing to the high IT usage, both in the products and services themselves, as well as in their production and deployment, enterprise architecture management has the important task of adapting the IT used in an enterprise to changing business requirements and enabling modified business models. For example, an enterprise architecture consists of applications that support business processes and technologies that are part of the applications and enable them. Due to the high complexity of the enterprise architecture, the requirement of quick changes leads to great challenges.
The aim of the research work is to support the employees responsible for the change of an enterprise architecture by a method for decision making. The method is based on a physically constructed laboratory at Reutlingen University, the so-called Management Cockpit. This room, consisting of several screens, makes it possible to view a situation from different perspectives in parallel and to identify dependencies between them.
Modelling and Detection of Conflicts in Information Access Policies of Hospitals
Hospitals as crucial facilities of public health systems are categorized as critical infrastructure and are also constrained by additional regulation due to the sensitivity of the processed medical data. In acknowledging this strong correlation between safety and security, public administrations merged formerly separated safety and information security programs into consolidated guidelines that are considering information security as a fundamental corner stone of maintain the availability, safety, and proper functioning of such critical infrastructure.
The information security of the processed data, applications, and health IT systems is safeguarded through an information security management (ISM) and its defined objectives and controls assure a proper regulation of access to facilities that process information as well as the disclosure of protected health information. The rules for any legitimate system access or information disclosure are documented in regulatory, compliance, and enterprise constraints, however, are usually not immediately machine-processable. Access Control Systems (ACS) are utilized to formalize and combine any relevant constraints into commonly processable rulesets. Attribute-based Access Control (ABAC) is one model capable of implementing a top-down-driven ISM in a hospital environment with the inherent advantage of explicitly concentrating on formalizing, combining, and processing access and disclosure regulation through sets of policies. The latter contain legally binding rulesets, enterprise objectives, and general information security concerns in a formalized and processable technical representation.
However, the multitude of simultaneously applied policies with varying degrees of abstraction and an increasing use of IT in a hospital lead to an ever-growing risk of individual policies conflicting with each other. Those collisions may paralyze the ACS ability to decide on the legitimacy on access requests and cause a denial of service situation or a con dentiality breach, effectively crippling the health IT ability to function and perform properly. Therefore, assessing how these conflicts can be identified and mitigated in order to prevent illegitimately assigned access rights or violating any data disclosure laws are being observed in this work. Previous approaches to policy conflict detection cannot be transferred easily to a hospital information system because their characteristics do not consider policies of different types.
By means of the Design Science Research approach this work constructs both a semantic policy model and related specific conflict categories as so-called design artifacts. Both will be applied and evaluated in a conceptual application environment. One significant foundation of the work is, among other sources, the nationally applicable orientation guide for hospital information systems “Orientierungshilfe Krankenhausinformationssysteme” (OH-KIS) of the Working Group for Health, Social Affairs and Technology of the Federal and State Privacy Commissioners.
Using the design artifacts, conflicts in and between access control policies, patient privacy policies, and information security policies can be recognized, effectively enabling a focused mitigation or ideally a correction. Therefore, the management of a hospital information system is supported on a tactical and operational level.