Abstract
While initial evidence from the expert review of the EDSM shows that the created decision support model indeed helps to support the decision-making process and the creation of appropriate DSS, the utility, the quality, and the organisational fit of the EDSM needs to be shown in practice. In order to achieve this, this chapter is dedicated to an empirical, expert interview-based evaluation approach.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
True genius resides in the capacity for evaluation of uncertain, hazardous, and conflicting information.
– Winston Churchill
British Politician( 1874 – 1965)
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Hevner et al. (2004, p. 85). Furthermore, Sect. 2.2.1 presents the guidelines in detail.
- 2.
See Sect. 1.3 for details.
- 3.
Cf. Sect. 4.4.
- 4.
Cf. Chap. 6.
- 5.
Cf. Sect. 5.4.
- 6.
Hevner et al. (2004, p. 85).
- 7.
Hevner et al. (2004, p. 85).
- 8.
Hevner et al. (2004, p. 86).
- 9.
Yin (2003).
- 10.
Cf. Sect. 5.2.1 for details.
- 11.
Further information about the participants of the evaluation interviews can be found in Table E.1 in the Annex of this document.
- 12.
The slides are available in Annex B.
- 13.
See http://edm.myasterisk.de for details.
- 14.
Cf. Sect. 5.2.3.
- 15.
Mayring (2008, p. 59).
- 16.
Cf. Sect. 7.2.
- 17.
The developed interview guideline and its questions are available in Annex E.2.
- 18.
Mayring (2008, p. 61).
- 19.
Hypothesis 1 ( H1): DSS are needed and appropriate decision support models can help to enhance the decision-making process and the evaluation process significantly.
- 20.
This topic was also mentioned occasionally in the initial interview study (cf. Sect. 3.3).
- 21.
The Deming Cycle (named after W. Edwards Deming) is a set of activities (Plan, Do, Check, Act) designed to drive continuous improvement. Initially implemented in manufacturing, it has broad applicability in business and in various ISO standards (e.g., ISO 9.000 or ISO 27.000).
- 22.
Hypothesis 2 ( H2): The presented EDSM, with its constructs and linkages, represents a feasible model for evaluating EIdM introductions.
- 23.
Cf. Fig. 5.9 – Added linkage between acceptance (A) and compliance, risk, and security (CRS)
- 24.
Cf. Fig. 5.9 – Added linkage between process (P) and compliance, risk, and security (CRS).
- 25.
Hypothesis 3 ( H3): The application of the EDSM, in order to derive appropriate DSS, is feasible, also besides the presented prototype.
- 26.
Research Question: Is the proposed EDSM (and its instantiation, the EDM prototype) appropriate and does it offer utility and enhancements for the decision-making process when evaluating introductions of EIdM in an organisation?
- 27.
This aspect is also discussed by Mayring (2008, p. 43).
References
Akkermans, H. A., & Oorschot, K. E. (2005). A case study of balanced scorecard development using system dynamics. Journal of the Operational Research Society, 56(8), 931–941.
Akkermans, H. A., & van Oorschot, K. E. (2002). Developing a balanced scorecard with system dynamics. In Proceeding of the 2002 international system dynamics conference, Palermo, Italy.
Altmeier, J. (2006). Return on security investment am beispiel der business-applikation SAP. HMD – Praxis der Wirtschaftsinformatik, 248, 68–76.
Anthony, R. N. (1965). Planning and control systems; a framework for analysis [by] Robert N. Anthony. Boston: Division of Research, Graduate School of Business Administration, Harvard University.
Axelrod, C. W. (2008). Accounting for value and uncertainty in security metrics. Information Systems Control Journal, 2008(6), 25–29.
Bacon, C. J. (1992). The use of decision criteria in selecting information systems/technology investments. MIS Quarterly, 16(3), 335–353.
Baier, T. (2005). Persönliches digitales Identitätsmanagement. Universität Hamburg, Fachbereich Informatik, Verteilte Systeme und Informationssysteme. Available at: http://www.sub.uni-hamburg.de/opus/volltexte/2006/2746/pdf/TBaier-Diss-IDM.pdf. Accessed 2012-09-27.
Balzert, H. (2001). Lehrbuch der Software-Technik – Software-Management, Software- Qualitätssicherung, Unternehmensmodellierung (2nd ed.). Lehrbücher der Informatik. Heidelberg et al.: Spektrum Akademischer Verlag.
Bamberg, G., Coenenberg, A. G., & Krapp, M. (2008). Betriebswirtschaftliche entscheidungslehre (14th ed.). Vahlens Kurzlehrbücher. München: Vahlen.
Banker, R. D., Chang, H., & Kao, Y.-C. (2010). Evaluating cross-organizational impacts of information technology an empirical analysis. European Journal of Information Systems, 19(2), 153–167.
Baschin, A. (2001). Die Balanced Scorecard für Ihren IT-Bereich: ein Leitfaden für Aufbau und Einführung. Frankfurt/Main: Campus-Verlag.
Baschin, A., & Steffen, A. (2001). IT-controlling mit der balanced scorecard. Zeitschrift für Controlling u. Management, 45(6), 367–371.
Bauer, M., Meints, M., & Hansen, M. (Eds.) (2005). Deliverable D3.1: Structured overview on prototypes and concepts of identity management systems. FIDIS NoE. Available at: http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp3-del3.1.overview_on_IMS.final.pdf. Accessed 2012-09-27.
Becker, J. (2008). Ein Plädoyer für die gestaltungsorientierte Wirtschaftsinformatik. In R. Jung & T. Myrach (Eds.), Quo vadis Wirtschaftsinformatik? (pp. 3–21). Wiesbaden: Gabler.
Becker, J. (2010). Prozess der gestaltungsorientierten Wirtschaftsinformatik. In H. Österle, R. Winter & W. Brenner (Eds.), Gestaltungsorientierte Wirtschaftsinformatik: Ein Plädoyer für Rigor und Relevanz (pp. 13–17). Nürnberg: Infowerk ag.
Becker, J., & Niehaves, B. (2007). Epistemological perspectives on IS research: A framework for analysing and systematizing epistemological assumptions. Information Systems Journal, 17(2), 197–214.
Bedner, M., & Ackermann, T. (2010). Schutzziele der IT-sicherheit. Datenschutz und Datensicherheit (DuD), 34(5), 323–328.
Benamati, J., & Lederer, A. L. (2001). How IT organizations handle rapid IT change: Five coping mechanisms. Information Technology and Management, 2(1), 95–112.
Benamati, J., Lederer, A. L., & Singh, M. (1997). Changing information technology and information technology management. Information Management, 31(5), 275–288.
Berghel, H. (2005). The two sides of ROI: Return on investment vs. risk of incarceration. Communications of the ACM, 48(4), 15–20.
Bernnat, R., Bauer, M., Zink, W., Bieber, N., & Jost, D. (2010). Die IT-sicherheitsbranche in Deutschland – Aktuelle lage und ordnungspolitische handlungsempfehlung. Bundesministerium für Wirtschaft und Technologie (BMWI). Available at: http://www.bmwi.de/BMWi/Redaktion/PDF/Publikationen/Studien/it-sicherheitsbranche-de-aktuelle-lage,property=pdf,bereich=bmwi,sprache=de,rwb=true.pdf. Accessed 2012-09-27.
Blohm, H., & Lüder, K. (1995). Investition, schwachstellenanalyse des investitionsbereichs und investitionsrechnung (8th ed.). Munich: Vahlen.
Bortz, J., & Döring, N. (2006). Forschungsmethoden und evaluation für human- und sozialwissenschaftler (4th ed.). Springer-Lehrbuch, Springer eBook Collection, Behavioral Science [Dig. Serial], Springer-11776 [Dig. Serial]. Berlin et al.: Springer.
Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., & Boss, R. W. (2009). If someone is watching, I’ll do what I’m asked: Mandatoriness, control and information security. European Journal of Information Systems, 18(6), 151–164.
Brocke, J. v., Strauch, G., & Buddendick, C. (2007). Return on security investments – towards a methodological foundation of measurement systems. In Proceedings of the 13th Americas conference on information systems (AMCIS), Keystone, CO, USA. Association for Information Systems (AIS).
Brugger, R. (2005). Der IT business case – Kosten erfassen und analysieren Nutzen erkennen und quantifizieren wirtschaftlichkeit nachweisen und realisieren. Xpert.press, Springer eBook Collection, Computer Science [Dig. Serial], Springer-11774 [Dig. Serial]. Berlin et al.: Springer.
Bundesamt für Sicherheit in der Informationstechnik. (Ed.) (2008a). BSI standard 100-1 information security management systems (ISMS) (1.5 ed.). Bonn: Bundesamt für Sicherheit in der Informationstechnik (BSI). Available at: https://www.bsi.bund.de/cae/servlet/contentblob/471428/publicationFile/27993/standard_100-1_e_pdf.pdf. Accessed 2012-09-27.
Bundesamt für Sicherheit in der Informationstechnik. (Ed.) (2008b). BSI-standard 100-2: IT-Grundschutz methodology (1.5 ed.). Bonn: Bundesamt für Sicherheit in der Informationstechnik (BSI). Available at: https://www.bsi.bund.de/cae/servlet/contentblob/471430/publicationFile/27994/standard_100-2_e_pdf.pdf. Accessed 2012-09-27.
Bundesamt für Sicherheit in der Informationstechnik. (Ed.) (2008c). BSI-standard 100-3: Risk analysis based on IT-Grundschutz (1.5 ed.). Bonn: Bundesamt für Sicherheit in der Informationstechnik (BSI). Available at: https://www.bsi.bund.de/cae/servlet/contentblob/471432/publicationFile/27992/standard_100-3_e_pdf.pdf. Accessed 2012-09-27.
Bundesamt für Sicherheit in der Informationstechnik. (2009). IT-Grundschutzhandbuch: Handbuch für die sichere Anwendung der Informationstechnik (11th ed.). Bonn: Bundesanzeiger. Available at: https://www.bsi.bund.de/cae/servlet/contentblob/478418/publicationFile/55550/it-grundschutz-kataloge_2009_EL11_de.pdf. Accessed 2012-09-27.
Burghardt, M. (2007). Einführung in Projektmanagement – Definition, Planung, Kontrolle, Abschluss (5th ed.). Erlangen: Publicis Corporate Publishing.
Burrell, G., & Morgan, G. (1979). Sociological paradigms and organisational analysis – elements of the sociology of corporate life. London et al: Ashgate.
Cameron, K. (2002). The laws of identity. Technical report, identityblog.com. Available at: http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf. Accessed 2012-09-27.
Carr, N. G. (2003). IT doesn’t matter. Harvard business review, 81(5), 41–49.
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). A model for evaluating IT security investments. Communications of the ACM, 47(7), 87–92.
Chan, F. K., & Thong, J. Y. (2009). Acceptance of agile methodologies: A critical review and conceptual framework. Decision Support Systems (DSS), 46(4), 803–814.
Clauß, S., & Köhntopp, M. (2001). Identity managements and its support of multilateral security. Computer Networks, 37(2), 205–219.
CMMI Product Team. (2002). Capability maturity model integration (CMMI) – version 1.1. Pitsburgh: Carnegie Mellon University. Available at: http://www.sei.cmu.edu/reports/02tr012.pdf. Accessed 2012-09-27.
Cobbold, I. C., & Lawrie, G. J. G. (2002a). Classification of balanced scorecards based on their intended use. In Proceedings of the 3rd international conference on performance measurement and management (PMA 2002). Boston, MA: Performance Measurement Association (PMA).
Cobbold, I. C., & Lawrie, G.J. G. (2002b). The development of the balanced scorecard as a strategic management tool. In Proceedings of the 3rd international conference on performance measurement and management (PMA 2002). Boston, MA: Performance Measurement Association (PMA).
Cole, M., & Avison, D. (2007). The potential of hermeneutics in information systems research. European Journal of Information Systems, 16(6), 820–833.
Cole, R., Purao, S., Rossi, M., & Sein, M. (2005). Being proactive: Where action research meets design research. In D. E. Avison & Galletta, D. F. (Eds.), ICIS – proceedings of the international conference on information systems, ICIS 2005, 11–14 Dec 2005, Las Vegas, NV, USA (pp. 325–336). Association for Information Systems.
Damianides, M. (2005). Sarbanes–Oxley and IT governance: New guidance on it control and compliance. Information Systems Management, 22(1), 77–85.
David, J. S., Schuff, D., & St. Louis, R. (2002). Managing your total IT cost of ownership. Communications of the ACM, 45(1), 101–106.
Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13, 319–339.
Davis, H. Z., Apple, S., & Cohn, G. (2008). Free lunches and ROI: A modern fable. Management Accounting Quarterly, 9(2), 16–25.
De Clercq, J. (2002). Single sign-on architectures. In InfraSec ’02: Proceedings of the international conference on infrastructure security (pp. 40–58). London: Springer.
Dhillon, G., & Backhouse, J. (2001). Current directions in IS security research: Towards socio-organizational perspectives. Information Systems Journal, 11(2), 127–153.
Dong, L., Neufeld, D. J., & Higgins, C. (2009). Top management support of enterprise systems implementations. Journal of Iinformation Technology, 24(1), 55–80.
Dörner, W. (2003). IT-investitionen – investitionstheoretische Behandlung von Unsicherheit (Schriftenreihe innovative betriebswirtschaftliche Forschung und Praxis, Vol. 145). Hamburg: Verlag Dr. Kovač.
Downe-Wamboldt, B. (1992). Content analysis: Method, applications, and issues. Health Care for Women International, 13(3), 313–321.
Durand, A. (2003). Three phases of identity infrastructure adoption. Available at: http://blog.andredurand.com/?p=146. Accessed 2012-09-27.
Easterby-Smith, M., Thorpe, R., & Löwe, A. (2002). Management research (2nd ed.). London: Sage Publications Ltd.
Economist Intelligence Unit (2006). Complying with rules for identity management. London et al: The Economist Intelligence Unit. Available at: http://www.identrust.com/pdf/EIU_IdenTrust_Compliance.pdf. Accessed 2012-09-27.
Faisst, U., Prokein, O., & Wegmann, N. (2007). Modell zur dynamischen investitionsrechnung von IT-Sicherheitsmaßnahmen. Zeitschrift für Betriebswirtschaft, 77(5), 511–538.
Farahmand, F., Navathe, S. B., Sharp, G. P., & Enslow, P. H. (2005). A management perspective on risk of security threats to information systems. Information Technology and Management, 6(2–3), 203–225.
FIDIS IdMS Database (2009). FIDIS database on identity management systems. Available at: http://www.fidis.net/interactive/ims-db/. Accessed 2012-09-27.
Flieder, K. (2008). Identity- und access-management mit EAI-Konzepten und -technologien. Datenschutz und Datensicherheit (DuD), 32(8), 532–536.
Flynn, M. J. (2007). Enterprise identity services. Available at: http://360tek.blogspot.com/2006/07/enterprise-identity-services.html. Accessed 2012-09-27.
Franklin, C. J. (2002). The ABCs of ROI. Network Computing, 93–95.
Gaedke, M., Meinecke, J., & Nussbaumer, M. (2005). A modeling approach to federated identity and access management. In WWW ’05: Special interest tracks and posters of the 14th international conference on World Wide Web (pp. 1156–1157). New York: ACM.
Georges, P. M. (2000). The management cockpit – the human interface for management software – reviewing 50 user sites over 10 years of experience. Wirtschaftsinformatik, 42(2), 131–136.
Gericke, W., Thorleuchter, D., Weck, G., Reiländer, F., & Loß, D. (2009). Vertrauliche verarbeitung staatlich eingestufter information – die informationstechnologie im Geheimschutz. Informatik Spektrum, 32(2), 102–109.
Geschka, H., & Hammer, R. (1997). Die Szenario Technik in der strategischen Unternehmensplanung. In D. Hahn & B. Taylor (Eds.), Strategische Unternehmensplanung – strategische Unternehmensführung (7th ed., pp. 464–489). Heidelberg: Physica.
Ghasemzadeh, F., & Archer, N. P. (2000). Project portfolio selection through decision support. Decision Support Systems (DSS), 29, 73–88.
Gläser, J., & Laudel, G. (2006). Experteninterviews und qualitative Inhaltsanalyse als Instrumente rekonstruierender Untersuchungen (2nd ed.). Wiesbaden: VS, Verlag für Sozialwissenschaften.
Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 5(4), 438–457.
Gorry, G. A., & Scott Morton, M. S. (1971). A framework for management information systems. Sloan Management Review, 13(1), 55–71.
Greening, D. W., Barringer, B. R., & Macy, G. (1996). A qualitative study of managerial challenges facing small business geographic expansion. Journal of Business Venturing, 11(4), 233–256.
Gregor, S. (2006). The nature of theory in information systems. MIS Quarterly, 30(3), 491–506.
Grob, H. L., Strauch, G., & Buddendick, C. (2008). Conceptual design of a method to support IS security investment decisions. In R. Kaschek, C. Kop, C. Steinberger & G. Fliedl (Eds.), Information systems and e-business technologies – 2nd international united information systems conference, UNISCON 2008, Klagenfurt, Austria, 22–25 Apr 2008 (Lecture notes in business information processing, Vol. 5, pp. 445–456). Berlin et al.: Springer
Groß, M. (2007). In zehn Schritten zum identity-management. Available at: http://www.computerwoche.de/590967. Accessed 2012-09-27.
Grover, V., Lyytinen, K., Sirnivasan, A., & Tan, N. C. (2008). Contributing to rigorous and forward thinking explanatory theory. Journal of the Association for Information Systems (JAIS), 9(2), 40–47.
Guida, R., Stahl, R., Bunt, T., Secrest, G., & Moorcones, J. (2004). Deploying and using public key technology: Lessons learned in real life. IEEE Security and Privacy, 2(4), 67–71.
Hall, J. A., & Liedtka, S. L. (2007). The Sarbanes–Oxley act: Implications for large-scale IT outsourcing. Communications of the ACM, 50(3), 95–100.
Halperin, R., & Backhouse, J. (2008). A roadmap for research on identity in the information society. Identity in the Information Society (JIDIS), 1(1), 1–12.
Hansen, M., Krasemann, H., Krause, C., Rost, M., & Genghini, R. (2003). Identity management systems (IMS): Identification and comparison. Technical report, Independent Centre for Privacy Protection (ICPP), Kiel (Germany). Study made for the Institute for Prospective Technological Studies – Joint Research Centre Seville(Spain). Available online at http://www.datenschutzzentrum.de/idmanage/study/ICPP_SNG_IMS-Study.pdf. Accessed 2012-09-27.
Hansen, M., Berlich, P., Camenisch, J., Clauß, S., Pfitzmann, A., & Waidner, M. (2004). Privacy-enhancing identity management. Information Security Technical Report, 9(1), 35–44.
Hansen, M., Meints, M., & Rost, M. (2006). Initial scenarios for mobile identity management. In D. Royer (Ed.), Collection of topics and clusters of mobility and identity – towards a taxonomy of mobility and identity, number D11.1 (pp. 20–28). FIDIS NoE. Available at: http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp11-del11.1.mobility_and_identity.pdf. Accessed 2012-09-27.
Hatch, M. J. (1997). Organization theory – modern, symbolic, and postmodern perspectives. Oxford et al.: Oxford University Press.
Helfert, M., Foley, O., Ge, M., & Cappiello, C. (2009). Analysing the effect of security on information quality dimensions. In S. Newell, E. A. Whitley, N. Pouloudi, J. Wareham & L. Mathiassen (Eds.), 17th European conference on information systems, Verona, Italy (pp. 2785–2797).
Hensen, J. (2007). Online-Wörterbuch evaluation. Available at: http://www.evoluation.de/glossary. Accessed 2012-09-27.
Hevner, A. R., March, S. T., & Park, J. (2004). Design science in information systems research. MIS Quarterly, 28(1), 75–105.
Hitt, L. M., & Brynjolfsson, E. (1996). Productivity, business profitability, and customer surplus – three different measures of technology value. MIS Quarterly, 20(2), 121–142.
Hoepman, J.-H., Joosten, R., & Siljee, J. (2009). Comparing identity management frameworks in a business context. In V. Matyas, S. Fischer-Huebner, D. Cvrcek & P. Svenda (Eds.), Proceedings of the IFIP/FIDIS summer school on “The future of identity in the information society” (pp. 184–196). Berlin et al.: Springer.
Holten, R. (2007). Deriving an IS-theory from an epistemological position. In 18th Australasian conference on information systems, Toowoomba, 5–7 Dec 2007 (pp. 1–10). Toowoomba: University of Southern Queensland.
Holten, R., Dreiling, A., & Becker, J. (2005). Ontology-driven method engineering for information systems development. In P. Green & M. Rosemann (Eds.), Business systems analysis with ontologies (pp. 174–217). Hershey: Idea Group Publishing.
Hommel, W. (2007). Architektur- und Werkzeugkonzepte für föderiertes Identitäts-Management. Ph.D. thesis, Fakultät für Mathematik, Informatik und Statistik der Ludwig-Maximilians-Universität München. Available at: http://edoc.ub.uni-muenchen.de/7300/1/Hommel_Wolfgang.pdf. Accessed 2012-09-27.
Hommel, W., & Reiser, H. (2005). Federated identity management in business-to-business outsourcing. In B. Marques, T. Nebe & R. Oliveira (Eds.), Proocedings of the 12th annual workshop of HP OpenView University Association (HPOVUA 2005), Porto, Portugal (pp. 81–93).
Hommel, W., Knittl, S., & Pluta, D. (2008). Strategy and tools for identity management and its process integration in the Munich scientific network. In 14th international conference of European University Information Systems (EUNIS 2008), Arhus, Denmark. Available at: http://eunis.dk/papers/p1.pdf. Accessed 2012-09-27.
Horváth, P. (2006). Controlling (Vahlens Handücher der Wirtschafts- und Sozialwissenschaften, 10th ed.). München: Vahlen.
Hsieh, H.-F., & Shannon, S. E. (2005). Three approaches to qualitative content analysis. Qualitative Health Research, 15(9), 1277–1288.
Huberman, A. M., & Miles, M. B. (1983). Drawing valid meaning from qualitative data: Some techniques of data reduction and display. Quafity and Quantity, 17(4), 281–339.
Hühnlein, D. (2008). Identitätsmanagement – Eine visualisierte Begriffsbestimmung. Datenschutz und Datensicherheit (DuD), 32(3), 161–163.
Jacobson, R. (1987). The validity of ROI as a measure of business performance. The American Economic Review, 77, 470–478.
Jonen, A., & Lingnau, V. (2007). Bewertung von IT-Investitionen – Einbezug von Werttreibern und Risiken. Controlling & Management (ZfCM), 51(4), 246–250.
Jonen, A., Lingnau, V., Müller, J., & Müller, P. (2004). Balanced IT-Decision-Card, Ein Instrument für das Investitionscontrolling von IT-Projekten. Wirtschaftsinformatik, 46(3), 196–203.
Kaplan, R. S., & Norton, D. P. (1996). The balanced scorecard: Translating strategy into action. Boston: Random House.
Kaplan, R. S., & Norton, D. P. (2004). Strategy maps – converting intangible assets into tangible outcomes. Boston: Harvard Business School Press.
Keil, M., Lyytinen, K., Cule, P. E., & Schmidt, R. C. (1998). A framework identifying software project risks. Communications of the ACM, 41(11), 76–83.
Klecun, E., & Cornford, T. (2005). A critical approach to evaluation. European Journal of Information Systems (EJIS), 14(3), 229–243.
Klinger, K. (2008). Identitätsmanagement – Steuerung von Provisionierungsprozessen auf Basis personalwirtschaftlicher Ereignisse. dissertation.de.
Kohm, M., & Morawski, J. (2009). Koma-Script: Eine Sammlung von Klassen und Paketen für LaTeX2ε (3rd ed.). Berlin: Edition dante by Lehmanns Media.
Koschinat, S., & Royer, D. (2010). Bewertung und Einordnung von Ansätzen zur ex-anten Evaluation von IT Sicherheitsinvestitionen. Working Report No. 1, Professur für M-Business, Uni Franfurt, Frankfurt. Available at: http://www.m-chair.net. Accessed 2012-09-27.
KPMG (2008). KPMG’s 2008 European identity and access management survey. KPMG Netherlands. Available at: http://www.kpmg.cz/czech/images/but/0805_Identity-Access-Management-Survey.pdf. Accessed 2012-09-27.
KPMG (2009). KPMG’s 2009 European identity and access management survey. KPMG Netherlands. Available at: http://www.kpmg.fi/Binary.aspx?Section=174&Item=5738. Accessed 2012-09-27.
Krcmar, H. (1990). Informationsverarbeitungs-Controlling – Zielsetzung und Erfolgsfaktoren. IM Information Management, 5(3), 6–15.
Kütz, M. (Ed.) (2003). Kennzahlen in der IT – Werkzeuge für Controlling und Management. Heidelberg: dpunkt.verlag.
Laux, H. (2007). Entscheidungstheorie – und 12 Tabellen (Springer-Lehrbuch, 7th ed.). Berlin et al.: Springer.
Lee, A. S. (1989). A scientific methodology for MIS case studies. MIS Quarterly, 13(1), 33–50.
Lee, A. S. (1991). Integrating positivist and interpretive approaches to organizational research. Organisational Science, 4(2), 342–365.
Lee, A. S. (1999). Rigor and relevance in MIS research: Beyond the approach of positivism alone. MIS Quarterly, 23(1), 29–33.
Liu, L., & Yetton, P. (2010). Sponsorship and IT vendor management of projects. Journal of Information Technology, 25, 56–64.
Locher, C. (2005). Methodologies for evaluating information security investments – what basel II can change in the financial industry. In Proceedings of the 13th European conference on information systems, information systems in a rapidly changing economy, ECIS 2005, Regensburg, Germany, 26–28 May 2005.
Lopez, J., Oppliger, R., & Pernul, G. (2004). Authentication and authorization infrastructures (AAIs) – a comparative survey. Computers Security, 23, 578–590.
Lopez, J., Oppliger, R., & Pernul, G. (2005). Why have public key infrastructures failed so far? Internet Research, 15(5), 544–556.
Lorenz, J. (2005). Der RoI sagt nur die halbe Wahrheit. COMPUTERWOCHE. Available at: http://www.computerwoche.de/569697. Accessed 2012-09-27.
Magnusson, C., Molvidsson, J., & Zetterqvist, S. (2007). Value creation and return on security investmensts (ROSI). In H. Venter, L. Labuschagne, J. Eloff & R. von Solms (Eds.), IFIP SEC 2007: New approaches for security, privacy and trust in complex environments (Vol. 232, pp. 25–35). Berlin et al.: Springer.
Mann, C. C. (2002). Homeland insecurity. The Atlantic Monthly. Available at: http://www.theatlantic.com/past/docs/issues/2002/09/mann.htm. Accessed 2012-09-27.
March, S. T., & Smith, G. F. (1995). Design and natural science research on information technology. Decision Support Systems (DSS), 15(4), 251–266.
Markus, M. L. (1983). Power, politics, and MIS implementation. Communications of the ACM, 26(6), 430–444.
Martin, L. (2007). Security is free. DMReview, 17(12), 16–17.
Martinsons, M., Davidson, R., & Tse, D. (1999). The balanced scorecard: A foundation for the strategic management of information systems. Decision Support Systems (DSS), 25(1), 71–88.
Martucci, L. A. (2009). Identity and anonymity in Ad Hoc networks. Ph.D. thesis, Karlstad University.
Mauterer, H., & Gemünden, H. G. (2002). Der Nutzen von ERP-Systemen – eine Analyse am Beispiel von SAP R/3 (DUV, Wirtschaftsinformatik, 1st ed.). Wiesbaden: Dt. Univ.-Verl.
Mayring, P. (2008). Qualitative Inhaltsanalyse – Grundlagen und Techniken (Beltz Pädagogik, 10th ed.). Weinheim et al.: Beltz.
Mayring, P., & Brunner, E. (2007). Qualitative inhaltsanalys. In R. Buber & H. H. Holzmüller (Eds.), Qualitative Marktforschung: Konzepte – Methoden – Analysen (pp. 669–680). Wiesbaden: Betriebswirtschaftlicher Verlag Dr. Th. Gabler/GWV Fachverlage GmbH.
Mayring, P., & Gläser-Zikuda, M. (2005). Die Praxis der qualitativen Inhaltsanalyse (UTB, Pädagogik, Psychologie, Vol. 8269). Weinheim et al.: Beltz.
Meints, M., & Gasson, M. N. (2009). High-tech ID and emerging technologies. In K. Rannenberg, D. Royer & A. Deuker (Eds.), The future of identity in the information society – challenges and opportunities (pp. 129–189). Berlin et al.: Springer.
Meints, M., & Royer, D. (2008). Der Lebenszyklus von Identitäten. Datenschutz und Datensicherheit (DuD), 32(3), 201.
Meints, M., & Zwingelberg, H. (Eds.) (2009). Deliverable D3.17: Identity management systems – recent developments. Frankfurt et al.: FIDIS NoE. Available at: http://www.fidis.net/fileadmin/fidis/deliverables/new_deliverables3/fidis-wp3-del3.17_Identity_Management_Systems-recent_developments-final.pdf. Accessed 2012-09-27.
Mercuri, R. T. (2003). Analyzing security costs. Communications of the ACM, 46(6), 15–18.
Meyer, M., Zarnekow, R., & Kolbe, L. M. (2003). IT-Governance: Begriff, Status quo und Bedeutung. Wirtschaftsinformatik, 45(4), 445–448.
Mezler-Andelberg, C. (2008). Identity Management - eine Einführung - Grundlagen, Technik, wirtschaftlicher Nutzen. Heidelberg: Dpunkt.verlag.
Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis – an expanded sourcebook (2nd ed.). Thousand Oaks et al.: Sage.
Milis, K., & Mercken, R. (2004). The use of the balanced scorecard for the evaluation of information and communication technology projects. International Journal of Project Management, 22(2), 87–97.
Moll, K.-R., Broy, M., Pizka, M., Seifert, T., Bergner, K., & Rausch, A. (2004). Erfolgreiches Management von Software-Projekten. Informatik Spektrum, 27(5), 419–432.
Mooraj, S., Oyon, D., & Hostettler, D. (1999). The balanced scorecard: A necessary good or an unnecessary evil? European Management Journal, 17(5), 481–491.
Mott, J. D., & Granata, G. (2006). The value of teaching and learning technology: Beyond ROI. EDUCAUSE Quarterly, 29(2), 48–54.
Muntermann, J. (2007). Event-driven mobile financial information services. Germany: Deutscher Universitätsverlag.
Myers, M. D. (1997). Qualitative research in information systems. MIS Quarterly, 21(2), 241–242. Available at: http://www.misq.org/discovery/MISQD_isworld/. Accessed 2012-09-27.
Nabeth, T. (2009). Identity of identity. In K. Rannenberg, D. Royer & A. Deuker (Eds.), The future of identity in the information society – challenges and opportunities (pp. 19–69). Berlin et al.: Springer.
Nabeth, T., & Hildebrandt, M. (Eds.) (2005). Deliverable D2.1: Inventory of topics and clusters. Frankfurt et al.: FIDIS NoE. Available at: http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp2-del2.1_Inventory_of_topics_and_clusters.pdf. Accessed 2012-09-27.
Nabeth, T., Benoist, E., Anrig, B., Meints, M., Hansen, M., Gasson, M., & Warwick, K. (Eds.) (2005). Deliverable D2.3: Models. Frankfurt et al.: FIDIS NoE. Available at: http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp2-del2.3.models.pdf. Accessed 2012-09-27.
Neubauer, T., Klemen, M., & Biffl, S. (2005). Business process-based valuation of IT-security. In K. Sullivan (Ed.), Proceedings of the seventh international workshop on economics-driven software engineering research (pp. 1–5). St. Louis: ACM Press.
Nowey, T., Federrath, H., Klein, C., & Plößl, K. (2005). Ansätze zur Evaluierung von Sicherheitsinvestitionen. In H. Federrath (Ed.), Sicherheit 2005: Sicherheit – Schutz und Zuverlässigkeit, Beiträge der 2. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.v. (GI), Regensburg, 5–8 Apr 2005 (Lecture notes on informatics (LNI), Vol. 62, pp. 15–26). Gesellschaft für Informatik (GI).
Nunamaker, J. F. J., Chen, M., & Purdin, T. D. (1991). Systems development in information systems research. Journal of Management Information Systems, 7(3), 89–106.
Okujava, S., & Remus, U. (2006). Wirtschaftlichkeit von Unternehmensportalen. IT – Information Technology, 48(2), 99–111.
Olivier, M. S. (2009). Information technology research – a practical guide for computer science and informatics (2nd ed.). Pretoria: Van Schaik.
Österle, H., Becker, J., Frank, U., Hess, T., Karagiannis, D., Krcmar, H., Loos, P., Mertens, P., Oberweis, A., & Sinz, E. J. (2010). Memorandum zur gestaltungsorientierten Wirtschaftsinformatik. In H. Österle, R. Winter & W. Brenner (Eds.), Gestaltungsorientierte Wirtschaftsinformatik: Ein Plädoyer für Rigor und Relevanz (pp. 1–6). Nürnberg: Infowerk ag. Also available at: http://www.wirtschaftsinformatik.or.at/fileadmin/DKEHP/Repository/Memorandum__GWI_2010-03-08.pdf. Accessed 2012-09-27.
Pashalidis, A., & Mitchell, C. J. (2003). A taxonomy of single sign-on systems. In R. Safavi-Naini & J. Seberry (Eds.), Information security and privacy, 8th Australasian conference, ACISP 2003, Proceedings, Wollongong, Australia, 9–11 July 2003 (Lecture notes in computer science, Vol. 2727, pp. 249–264). Berlin/New York: Springer.
Peffers, K., Tuunanen, T., Rothenberger, M., & Chatterjee, S. (2008). A design science research methodology for information systems research. Journal of Management Information Systems (JMIS), 24(3), 45–77. Available at: http://www.sirel.fi/ttt/Downloads/Design%20Science%20Research%20Methodology%202008.pdf. Accessed 2012-09-27.
Perkins, E. L., & Allan, A. (2005). Consider identity and access management as a process, not a technology. Technical report G00129998, Gartner research.
Perkins, E., & Carpenter, P. (2009). The Gartner IAM program maturity model. Available at: http://www.slideshare.net/smooregartner/the-gartner-iam-program-maturity-model. Accessed 2012-09-27.
Pfadenhauer, M. (2005). Auf gleicher Augenhöhe reden: Das Experteninterview – ein Gespräch zwischen Experten und Quasi-Experten. In A. Bogner, B. Littig & W. Menz (Eds.), Das Experteninterview – Theorie, Methode, Anwendung (2nd ed., pp. 113–130). Wiesbaden: Verlag für Sozialwissenschaften.
Pfitzinger, E. (2009). Projekt DIN EN ISO 9001:2008 (2nd ed.). Berlin et al.: DIN Deutsches Institut für Normierung e.V. Beuth Verlag GmbH.
Pfitzmann, B. (2004). Privacy in enterprise identity federation – policies for liberty 2 single sign on. Information Security Technical Report, 9(1), 45–58.
Pisello, T. (2001). Return on investment for information technology providers. New Canaan: Information Economics Press.
Pohlmann, N. (2006). Wie wirtschaftlich sind IT-Sicherheitsmaßnahmen? HMD - Praxis Wirtschaftsinformatik, 248, 26–34.
Poon, P., & Wagner, C. (2001). Critical success factors revisited: Success and failure cases of information systems for senior executives. Decision Support Systems (DSS), 30, 393–418.
Potthof, I. (1998). Kosten und Nutzen der Informationsverarbeitung: Analyse und Beurteilung von Investitionsentscheidungen. Wiesbaden: DUV/Gabler.
Power, D. J. (2001). Supporting decision-makers: An expanded framework. Available at: http://dssresources.com/papers/supportingdm/PowerEBKSupp.pdf. Accessed 2012-09-27.
Power, D. J. (2004). Specifying an expanded framework for classifying and describing decision support systems. Communications of the Association for Information Systems (CAIS), 13(13), 158–166.
Power, D. J. (2009). A brief history of decision support systems. Available at: http://dssresources.com/history/dsshistory.html. Accessed 2012-09-27.
PRINCE2 Project (2010). PRINCE2 – PRojects IN Controlled Environments (2nd ed.). Available at: http://www.prince2.com. Accessed 2012-09-27.
Purser, S. A. (2004). Improving the ROI of the security management process. Computers & Security, 23(6), 542–546.
Rannenberg, K. (2000). Mehrseitige Sicherheit – Schutz für Unternehmen und ihre Partner im Internet. Wirtschaftsinformatik, 42(6), 489–498.
Rannenberg, K., Royer, D., & Deuker, A. (2009). The future of identity in the information society: Challenges and opportunities. Heidelberg et al.: Springer.
Ricoeur, P. (1980). Oneself as another. Chicago, IL: The University of Chicago Press.
Riepl, L. (1998). TCO versus ROI. Information Management, 13(2), 7–12.
Rosenquist, M. (2007). Measuring the return on IT security investments (Intel Whitepaper). Technical report, Intel Corporation.
Rossnagel, H., & Royer, D. (2005). Investing in security solutions – can qualified electronic signatures be profitable for mobile operators. In Association for Information Systems (AIS) (Ed.), Proceedings of the 11th Americas conference on information systems (AMCIS), Omaha, Nebraska (pp. 3248–3257).
Roussos, G., Peterson, D., & Patel, U. (2003). Mobile identity management: An enacted view. International Journal of Electronic Commerce, 8(1), 81–100.
Royer, D. (2008a). Assessing the value of enterprise identity management (EIdM) – towards a generic evaluation approach. In E. R. Weippl, G. Quirchmyr & J. Slya (Eds.), Proceedings of the 3rd international conference on availability, reliability and security (ARES 2008 – the international dependability conference) (pp. 779–786). Barcelona: IEEE Press.
Royer, D. (2008b). Enterprise identity management – What’s in it for organisations? In S. Fischer-Huebner, P. Duquenoy, A. Zuccato & L. Martucci (Eds.), Proceedings of the IFIP/FIDIS summer school on “The future of identity in the information society” (Lecture notes on informatics (LNI), pp. 403–416). Berlin et al: Springer.
Royer, D. (2008c). Ganzheitliche Bewertung von Enterprise Identity Management Systemen – Der Ansatz der Balanced Scorecard als taktisches Entscheidungsunterstützungsinstrument. In A. Alkassar & J. Siekmann (Eds.), Sicherheit 2008 – 4. Jahrestagung Fachbereich Sicherheit der Gesellschaft für Informatik, Saarbrücken, Germany (pp. 449–460). Gesellschaft für Informatik (GI).
Royer, D. (2010). Supporting decision making for enterprise identity management – an explanatory model for describing the relevant impacts. In P. M. Alexander, M. Turpin & J. P. van Deventer (Eds.), 18th European conference on information systems 2010 (ECIS 2010), Pretoria, Republic of South Africa. Association for Information Systems (AIS).
Royer, D., & Meints, M. (2008). Planung und Bewertung von Enterprise Identity Managementsystemen. Datenschutz und Datensicherheit (DuD), 32(3), 189–193.
Royer, D., & Meints, M. (2009). Enterprise identity management – towards a decision support framework based on the balanced scorecard approach. Business & Information Systems Engineering (BISE), 1(3), 245–253. Also available in German in: Wirtschaftsinformatik (WI), 51(3), 284–294.
Royer, D., & Rannenberg, K. (2006). Mobilität, mobile Technologie und Identität. Datenschutz und Datensicherheit (DuD), 30(9), 571–575.
Roztocki, N., & Weistroffer, H. R. (2007). Identifying success factors for information technology investments: contribution of activity based costing. In H. Österle, J. Schelp & R. Winter (Eds.), 15th European conference on information systems 2007 (ECIS 2007), St. Gallen, Switzerland (pp. 1031–1040). AIS.
Ryan, J. J. C. H., & Ryan, D. J. (2006). Expected benefits of information security investments. Computers und Security, 25(8), 579–588.
Ryan, S. D., Harrison, D. A., & Schkade, L. L. (2002). Information-technology investment decisions: When do costs and benefits in the social subsystem matter? Journal of Management Information Systems, 19, 85–127.
Satchell, C., Shanks, G., Howard, S., & Murphy, J. (2006). Knowing me, knowing you: End user perceptions of identity management systems. In J. Ljungberg & M. Andersson (Eds.), 14th European conference on information systems 2006 (ECIS 2006), Goteborg, Sweden (pp. 795–806). Association for Information Systems (AIS).
Schienmann, B. (2002). Kontinuierliches Anforderungsmanagement – Prozesse, Techniken, Werkzeuge. München et al.: Addison-Wesley.
Schmeh, K., & Uebelacker, H. (2004). Sicherheit, die sich rechnet – Return-on-Investment in der IT-Security. Available at: http://www.heise.de/tp/r4/artikel/18/18954/1.html. Accessed 2012-09-27.
Schröder, H., & Kesten, R. (2006). Ein Vorgehensmodell zur Nutzenbewertung von IT-Investitionen. Information Management & Consulting, 21(4), 63–68.
Schumann, M. (1993). Wirtschaftlichkeitsbeurteilung für IV-Systeme. Wirtschaftsinformatik (WI), 35(2), 167–178.
Schwaber, K., & Sutherland, J. (2010). SCRUM Guide. Scrum.org. Available at: http://www.scrum.org/storage/scrumguides/Scrum%20Guide.pdf. Accessed 2012-09-27.
Sharp, H., Finkelstein, A., & Galal, G. (1999). Stakeholder identification in the requirements engineering process. In DEXA ’99: Proceedings of the 10th international workshop on database expert systems applications, Washington, DC, USA (p. 387). IEEE Computer Society.
Shim, J. P., Warkentin, M., Courtney, J. F., Power, D. J., Sharda, R., & Carlsson, C. (2002). Past, present, and future of decision support technology. Decision Support Systems (DSS), 33(2), 111–126.
Simon, H. A. (1960). The new science of management decision. New York: Harper.
Simon, H. (1996). The sciences of the artificial (3rd ed.). Cambridge: MIT Press.
Siponen, M. T., & Oinas-Kukkonen, H. (2007). A review of information security issues and respective research contributions. The DATA BASE for Advances in Information Systems, 38(1), 60–80.
Siponen, M. T., & Willison, R. (2010). A critical assessment of IS security research between 1990–2004. In H. Österle, J. Schelp & R. Winter (Eds.), 15th European conference on information systems 2007 (ECIS 2007), St. Gallen, Switzerland (pp. 1551–1559). Association for Information Systems (AIS).
Small, M. (2004). Business and technical motivation for identity management. Information Security Technical Report, 9(1), 6–21.
Solheim, J. A., & Rowland, J. H. (1993). An empirical study of testing and integration strategies using artificial software systems. IEEE Transactions on Software Engineering, 19(10), 941–949.
Sommerville, I. (2006). Software engineering (8th ed.). Redwood City: Addison Wesley.
Sommerville, I., & Sawyer, P. (1997). Requirements engineering – a good practice guide. Chichester et al.: Wiley.
Sonnenreich, W., Albanese, J., & Stout, B. (2006). Return on security investment (ROSI) – a practical quantitative model. Journal of Research and Practice in Information Technology, 38(1), 45–56.
Sprague, R. H., Jr. (1980). A framework for the development of decision support systems. MIS Quarterly, 4(4), 1–26.
Stefanou, C. J. (2002). A framework for the ex-ante evaluation of ERP software. European Journal of Information Systems, 10(4), 204–215.
Tsolkas, A., & Schmidt, K. (2010). Rollen- und Berechtigungskonzepte (\(<\)kes\(>\)). Wiesbaden: Vieweg + Teubner Verlag.
Turban, E., & Aronson, J. E. (1998). Decision support and business intelligence systems (5th ed.). Upper Saddle River: Prentice-Hall, Inc.
Uwizeyemungu, S., & Raymond, L. (2009). Exploring an alternative method of evaluating the effects of ERP: A multiple case study. Journal of Information Technology (JIT), 24(3), 251–268.
V-Modell Project (2006). The V-modell XT – release 1.3. Koordinierungs- und Beratungsstelle der Bundesregierung für Informationstechnik in der Bundesverwaltung (KBSt), Berlin. Available at: http://v-modell.iabg.de/dmdocuments/V-Modell-XT-Gesamt-Englisch-V1.3.pdf. Accessed 2012-09-27.
Vaishnavi, V. K., & Kuechler, W. (2008). Design science research methods and patterns – innovating information and communication technology. Boca Raton: Auerbach Publications.
Walsham, G. (2006). Doing interpretive research. European Journal of Information Systems, 15(3), 320–330.
Walter, S. G., & Spitta, T. (2004). Approaches to the ex-ante evaluation of investments into information systems. Wirtschaftsinformatik, 46(3), 171–180.
Wan, Z., Fang, Y., & Wade, M. (2007). A ten-year Odyssey of the “IS productivity paradox” - a citation analysis (1996–2006). In Association for Information Systems (AIS) (Ed.), Proceedings of the 13th Americas conference on information systems (AMCIS), Keystone, Colorado.
Ward, J., De Hertogh, S., & Viaene, S. (2007). Managing benefits from IS/IT investments: An empirical investigation into current practice. In HICSS – 40th Hawaii international international conference on systems science (HICSS-40 2007), Waikoloa, Big Island, HI, USA, 3–6 Jan 2007 (p. 206). IEEE Computer Society.
Weber, R. (2004). The rhetoric of positivism versus interpretivism: A personal view. MIS Quarterly, 28(1), iii–xii.
Windley, P. J. (2005). Digital identity. Sebastopol et al.: O’Reilly.
Winter, R. (2008). Design science research in Europe. European Journal of Information Systems (EJIS), 17(5), 470–475.
Witty, R. J., Allan, A., Enck, J., & Wagner, R. (2003). Identity and access management defined. Research Study SPA-21-3430, Gartner.
Yayla, A. A., & Hu, Q. (2010). The impact of information security events on the stock value of firms: The effect of contingency factors. Journal of Information Technology (AOP), 25, 1–18. Available at: http://dx.doi.org/10.1057/jit.2010.4. Accessed 2012-09-27.
Yin, R. K. (2003). Case study research – design and methods (Applied social research methods series, 3rd ed., Vol. 5). Sage, Thousand Oaks, et al.,
Yue, W. T., Cakanyildirim, M., Ryu, Y. U., & Dengpan, L. (2007). Network externalities, layered protection and IT security risk management. Decision Support Systems (DSS), 44(1), 1–16.
Zangemeister, C. (1976). Nutzwertanalyse in der Systemtechnik – Methodik zur multidimensionalen Bewertung und Auswahl von Projektalternativen (4th ed.). Hamburg: Zangemeister.
Zeitler, N. (2009). Identity and access management zu teuer und komplex. Available at: http://www.cio.de/882970. Accessed 2012-09-27.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Royer, D. (2013). Empirical Evaluation of the Theoretical Model. In: Enterprise Identity Management. Progress in IS. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35040-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-35040-5_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35039-9
Online ISBN: 978-3-642-35040-5
eBook Packages: Business and EconomicsBusiness and Management (R0)