Current PhD Projects
A Method for the Design of IT Self-Services in organizational settings
Business analysts praise Development and Information Technology (IT) Operations (DevOps) as one of several approaches underpinning digital business. DevOps describes the effort to integrate software development and IT Operations. This integration enables software developers to perform IT Operations tasks on their own, thereby incorporating the IT self-service paradigm.
Through IT self-service (e.g., cloud service provisioning and automated software deployment) internal customers (e.g., software engineers and IT consultants) become actively involved in the process of IT service delivery. In other words, IT self-service enables the IT department to transfer task-performance to internal customers. For the IT department, this can translate into an improved efficiency from a reduced workload of the IT personnel. IT self-service is about freeing the IT personnel from performing recurrent, routine IT service delivery tasks. It allows to reduce the time the IT department must spend on operational tasks, thereby enabling it to spend more time on a strategic contribution for the organization. To realize such benefits, IT self-services must be designed properly from the IT Operations perspective. So far, academic research has fallen short in guiding service providers on how to design self-services to reduce the service personnel’s workload in service delivery. Hence, scholars call for research that provides guidance for managerial decisions on which services tasks to automate and which customers to address with self-services.
This research follows this call. The goal of this research is to develop a method, which guides IT decision makers in designing IT self-services to reduce the IT personnel’s workload in IT service delivery, based on decision theory principles. The design of the method follows the Design Science Research paradigm. To evaluate the method, it is planned to be instantiated in the form of a decision support system.
Quantified Vehicles: Data, Services, Ecosystems
Digitalization has become an important driver of service and business innovation in the automotive industry. For instance, the Quantified-Self movement has recently been transferred to the automotive domain, resulting in the provision of novel digital services for various stakeholders including e.g. individual drivers and insurance companies. In this direction, a growing number of ICT start-ups from outside Europe have entered the market, and thereby raised awareness of the automotive industry, that in the age of digital technology vehicles will have to exceed their former functionality as a tool for transportation to survive as status symbols. One feasible approach is to provide valuable digital services based on vehicle sensor data which currently is used for the sake of driving only – termed “quantified vehicles”.
The aim of this research is amongst others to analyze vehicle sensor data (data types, availability across manufacturers, interfaces), stakeholders, business models and value models, and the vehicle data value chain, and to design and implement a data acquisition hardware and software, a scalable software architecture for data analysis, and data-driven services. Based on that, scenarios for vehicle data ecosystems will be developed.
Homepage/Blog with news regarding progress of the dissertation project: http://www.christiankaiser.at/
Completed PhD projects
Decision Support in Enterprise Architecture Management
In times of very dynamic markets, enterprises are faced with major challenges. New business models and newly emerging competitors are tantalizing the competition and shifting market shares. Product life cycles are becoming shorter and shorter. Enterprises are therefore faced with a continual change in order to keep pace with this development. This requires both innovative new products and efficient change and implementation processes. Owing to the high IT usage, both in the products and services themselves, as well as in their production and deployment, enterprise architecture management has the important task of adapting the IT used in an enterprise to changing business requirements and enabling modified business models. For example, an enterprise architecture consists of applications that support business processes and technologies that are part of the applications and enable them. Due to the high complexity of the enterprise architecture, the requirement of quick changes leads to great challenges.
The aim of the research work is to support the employees responsible for the change of an enterprise architecture by a method for decision making. The method is based on a physically constructed laboratory at Reutlingen University, the so-called Management Cockpit. This room, consisting of several screens, makes it possible to view a situation from different perspectives in parallel and to identify dependencies between them.
Modelling and Detection of Conflicts in Information Access Policies of Hospitals
Hospitals as crucial facilities of public health systems are categorized as critical infrastructure and are also constrained by additional regulation due to the sensitivity of the processed medical data. In acknowledging this strong correlation between safety and security, public administrations merged formerly separated safety and information security programs into consolidated guidelines that are considering information security as a fundamental corner stone of maintain the availability, safety, and proper functioning of such critical infrastructure.
The information security of the processed data, applications, and health IT systems is safeguarded through an information security management (ISM) and its defined objectives and controls assure a proper regulation of access to facilities that process information as well as the disclosure of protected health information. The rules for any legitimate system access or information disclosure are documented in regulatory, compliance, and enterprise constraints, however, are usually not immediately machine-processable. Access Control Systems (ACS) are utilized to formalize and combine any relevant constraints into commonly processable rulesets. Attribute-based Access Control (ABAC) is one model capable of implementing a top-down-driven ISM in a hospital environment with the inherent advantage of explicitly concentrating on formalizing, combining, and processing access and disclosure regulation through sets of policies. The latter contain legally binding rulesets, enterprise objectives, and general information security concerns in a formalized and processable technical representation.
However, the multitude of simultaneously applied policies with varying degrees of abstraction and an increasing use of IT in a hospital lead to an ever-growing risk of individual policies conflicting with each other. Those collisions may paralyze the ACS ability to decide on the legitimacy on access requests and cause a denial of service situation or a con dentiality breach, effectively crippling the health IT ability to function and perform properly. Therefore, assessing how these conflicts can be identified and mitigated in order to prevent illegitimately assigned access rights or violating any data disclosure laws are being observed in this work. Previous approaches to policy conflict detection cannot be transferred easily to a hospital information system because their characteristics do not consider policies of different types.
By means of the Design Science Research approach this work constructs both a semantic policy model and related specific conflict categories as so-called design artifacts. Both will be applied and evaluated in a conceptual application environment. One significant foundation of the work is, among other sources, the nationally applicable orientation guide for hospital information systems “Orientierungshilfe Krankenhausinformationssysteme” (OH-KIS) of the Working Group for Health, Social Affairs and Technology of the Federal and State Privacy Commissioners.
Using the design artifacts, conflicts in and between access control policies, patient privacy policies, and information security policies can be recognized, effectively enabling a focused mitigation or ideally a correction. Therefore, the management of a hospital information system is supported on a tactical and operational level.