Abstract
EIdM is one of the major challenges for organisations in the coming years. This is due to the fact that more and more access control-related identity data is processed and needs to be handled in an appropriate way. At the technological level, a variety of technologies that belong to the cluster of (E)IdM technologies can be identified. Among others, these include single-sign-on solutions, directory services, public-key infrastructures (PKI), and identity and access management systems (IAM).
But if you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. – Bruce Schneier American Cryptographer ( 
1963)
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The term EIdM is used to represent any IdM technology being used in enterprise settings. For a more detailed definition, please refer to Sect. 3.2.3.
- 2.
- 3.
Roussos et al. (2003, p. 82).
- 4.
Windley (2005, p. 3).
- 5.
As an illustration: Just for the term “identity”, a Google search yields about 613 million search results (as of September 27, 2012).
- 6.
- 7.
Nabeth (2009, p. 36).
- 8.
The concept of partial identities is further elaborated in Sect. 3.1.2
- 9.
Nabeth (2009, p. 36).
- 10.
Ricoeur (1980).
- 11.
Hansen et al. (2003).
- 12.
Durand (2003).
- 13.
Ricoeur (1980).
- 14.
Nabeth (2009, pp. 24).
- 15.
Royer and Rannenberg (2006, p. 571).
- 16.
Such characteristics include, for example: a person’s name, marital status, date of birth, height, colour of skin or eyes, number of children, nationality, educational and professional qualifications, etc.
- 17.
Nabeth (2009, pp. 24).
- 18.
Nabeth and Hildebrandt (2005, p. 29).
- 19.
Nabeth (2009, p. XXX).
- 20.
Durand (2003).
- 21.
- 22.
Nabeth (2009, p. 40).
- 23.
Nabeth (2009, p. 41).
- 24.
Nabeth (2009, p. 41).
- 25.
There are various definitions being used for the term digital identity with different scopes (technical, law, etc.), e.g., the definition by Cameron: “…digital identity is a set of claims made by one digital subject about itself or another digital subject.” (Cameron 2002). In this thesis, the definition in Rannenberg et al. will be used (Rannenberg et al. 2009, p. 530) as a reference.
- 26.
Nabeth (2009, p. 36).
- 27.
- 28.
Clauß and Köhntopp (2001, p. 206).
- 29.
Rannenberg et al. (2009, p. 505).
- 30.
Clauß and Köhntopp (2001, p. 206).
- 31.
- 32.
Meints and Royer (2008, p. 201).
- 33.
The need for privacy and anonymisation or deletion of identity data depends on the relevant compliance rules to be applied. However, in certain cases it is mandatory to store certain data (identity data, logs, etc.) for later audits for an extended amount of time, even after a person left an organisation. Details are regulated in the individual compliance guidelines and rules to be followed, such as national and international data protection regimes, Sarbanes-Oxley Act (SoX), or Basel II.
- 34.
Windley (2005, p. 32).
- 35.
Meints and Royer (2008).
- 36.
Mezler-Andelberg (2008, pp. 7).
- 37.
Cf. Sect. 3.1.3.
- 38.
- 39.
- 40.
cf. Sect. 3.1.3.
- 41.
Baier (2005, p. 50).
- 42.
Adopted from Meints and Gasson (2009, pp. 130).
- 43.
Bauer et al. (2005, pp. 19).
- 44.
Hansen et al. (2004, p. 35).
- 45.
For the concept of communicational contexts, please refer to Hansen et al. (2006).
- 46.
Pfitzmann (2004, pp. 45).
- 47.
In user-centric IdM, users can manage their credentials and identities themselves. This includes free choice of roles and pseudonyms, the transfer of entitlements and credentials from one pseudonym to another pseudonym of the same person, and appropriate user interfaces.
- 48.
Bauer et al. (2005, p. 13).
- 49.
Meints and Gasson (2009, pp. 131).
- 50.
cf. Table 3.1.
- 51.
cf. Sect. 3.1.1.3.
- 52.
Meints and Zwingelberg (2009, pp. 17).
- 53.
The resulting timeline, focusing on the area of directory services, PKI, federated systems, standards, and miscellaneous aspects in the field of IdM, can be found in Meints and Zwingelberg (2009, pp. 17).
- 54.
Meints and Gasson (2009, p. 132).
- 55.
This includes classical IdM or EIdM as discussed in the context of this thesis. cf. Sect. 3.2.2.
- 56.
To this regard, Bauer et al. mention products, such as PGP or OpenSSL, belonging to this class (Bauer et al. 2005, pp. 23).
- 57.
Examples are web browsers.
- 58.
FIDIS IdMS Database (2009).
- 59.
Lopez et al. (2004, pp. 580).
- 60.
cf. Sect. 3.1.1.3.
- 61.
- 62.
cf. Table 3.1.
- 63.
- 64.
Royer and Meints (2008).
- 65.
For the technologies, see the framework of Flynn, depicted in Fig. 3.7.
- 66.
Meints and Gasson (2009, p. 133).
- 67.
Bernnat et al. (2010, pp. 68).
- 68.
Bernnat et al. (2010, pp. 65).
- 69.
Bernnat et al. (2010, p. 68).
- 70.
- 71.
Zeitler (2009) – The statements are based on a security survey conducted by the Forrester Research in Q3/2008 on 285 companies with more than 1,000 employees in the USA, France, England, and Germany.
- 72.
For further details on the methodology being used in the context of the expert interviews, please refer to Sect. 5.2. Furthermore, the interview guideline being used for conducting the interviews can be found in Annex C.2.
- 73.
- 74.
- 75.
Royer (2008a, p. 780).
- 76.
V-Modell Project (2006).
- 77.
- 78.
PRINCE2 (PRojects IN Controlled Environments) is the 2nd edition of a process-based method for effective project management, which covers the management, control and organisation of a project (PRINCE2 Project 2010).
- 79.
- 80.
A similar set of critical success criteria for IT implementations can be found in Ghasemzadeh and Archer (2000, p. 74).
- 81.
Regarding the importance of sponsorship of IT projects, Liu and Yetton give an overview on the effects from the customer’s and the effects from the vendor’s point of view (Liu and Yetton 2010, pp. 56).
- 82.
To this regard, Dong et al. discuss the effects of resource, change, and vision sharing in top management support for the implementation of enterprise IS, in order to support project implementations in organisations (Dong et al. 2009, pp. 55).
- 83.
On the introduction of cross-functional teams in EIdM projects, see Royer (2008a, p. 781).
- 84.
Groß (2007).
- 85.
Extract, transform, and load (ETL) refers to processes in database usage, involving the extraction of data from a sources, transformation of the data to fit operational needs (including quality aspects), and Loading of the data into the target database.
- 86.
Similar aspects, regarding data quality in large scale IdM infrastructure, are discussed by Hommel et al. (2008, pp. 4).
- 87.
Groß (2007).
- 88.
To this regard, maturity assessment frameworks were mentioned, such as the maturity model by Perkins and Carpenter, which can help to assess the status quo with regard to governance, organisation, processes, etc. (Perkins and Carpenter 2009).
- 89.
Tsolkas and Schmidt (2010, pp. 181).
- 90.
On the topic of of comparing various software introduction strategies, please refer to e.g., Solheim and Rowland (1993, pp 942).
- 91.
Moll et al. (2004, p. 422) – To this regard, Moll et al. recommend to minimise a software project’s size and scope, in order to succeed in executing a project.
- 92.
An overview on relevant theories regarding politics and resistance to IS are described in Markus (1983, pp. 431). Three basic types of theories are introduced: (1) theories that focus on the resistance due to internal factors of the users, (2) theories with regard to poor systems design, and finally, (3) theories that encompass the interactions between systems and the organisation itself.
- 93.
Similar effects are observed in a variety of different IS – e.g., Poon and Wagner observed resistance being a common cause for executive information systems Poon and Wagner (2001, p. 386). Their findings regarding power shifts within a company can also be transferred to EIdMS.
- 94.
The available tools for the ex-ante evaluation of security and EIdM technology are presented and further discussed in Chap. 4.
- 95.
The identification of the relevant stakeholders refers to the evaluation guidelines laid out by Klecun and Cornford, especially the integration of all “interested groups and people” in the evaluation process, in order to integrate the critical-emancipatory cognitive interests. Furthermore, by integrating all relevant stakeholders, the context of an EIdM integration can be elucidated (Klecun and Cornford 2005, p. 236).
- 96.
Quote taken from interview 6-U-2106.
- 97.
Moll et al. (2004, p. 421) – Moll et al. count management support as one of the major success factors. This insight is based on two surveys, analysing software success factors, conducted by the Standish Group in 1994 and 2000 among 365 companies.
- 98.
Quote taken from interview 4-V-0506.
- 99.
Quote taken from interview 10-I-1108
References
Akkermans, H. A., & Oorschot, K. E. (2005). A case study of balanced scorecard development using system dynamics. Journal of the Operational Research Society, 56(8), 931–941.
Akkermans, H. A., & van Oorschot, K. E. (2002). Developing a balanced scorecard with system dynamics. In Proceeding of the 2002 international system dynamics conference, Palermo, Italy.
Altmeier, J. (2006). Return on security investment am beispiel der business-applikation SAP. HMD – Praxis der Wirtschaftsinformatik, 248, 68–76.
Anthony, R. N. (1965). Planning and control systems; a framework for analysis [by] Robert N. Anthony. Boston: Division of Research, Graduate School of Business Administration, Harvard University.
Axelrod, C. W. (2008). Accounting for value and uncertainty in security metrics. Information Systems Control Journal, 2008(6), 25–29.
Bacon, C. J. (1992). The use of decision criteria in selecting information systems/technology investments. MIS Quarterly, 16(3), 335–353.
Baier, T. (2005). Persönliches digitales Identitätsmanagement. Universität Hamburg, Fachbereich Informatik, Verteilte Systeme und Informationssysteme. Available at: http://www.sub.uni-hamburg.de/opus/volltexte/2006/2746/pdf/TBaier-Diss-IDM.pdf. Accessed 2012-09-27.
Balzert, H. (2001). Lehrbuch der Software-Technik – Software-Management, Software- Qualitätssicherung, Unternehmensmodellierung (2nd ed.). Lehrbücher der Informatik. Heidelberg et al.: Spektrum Akademischer Verlag.
Bamberg, G., Coenenberg, A. G., & Krapp, M. (2008). Betriebswirtschaftliche entscheidungslehre (14th ed.). Vahlens Kurzlehrbücher. München: Vahlen.
Banker, R. D., Chang, H., & Kao, Y.-C. (2010). Evaluating cross-organizational impacts of information technology an empirical analysis. European Journal of Information Systems, 19(2), 153–167.
Baschin, A. (2001). Die Balanced Scorecard für Ihren IT-Bereich: ein Leitfaden für Aufbau und Einführung. Frankfurt/Main: Campus-Verlag.
Baschin, A., & Steffen, A. (2001). IT-controlling mit der balanced scorecard. Zeitschrift für Controlling u. Management, 45(6), 367–371.
Bauer, M., Meints, M., & Hansen, M. (Eds.) (2005). Deliverable D3.1: Structured overview on prototypes and concepts of identity management systems. FIDIS NoE. Available at: http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp3-del3.1.overview_on_IMS.final.pdf. Accessed 2012-09-27.
Becker, J. (2008). Ein Plädoyer für die gestaltungsorientierte Wirtschaftsinformatik. In R. Jung & T. Myrach (Eds.), Quo vadis Wirtschaftsinformatik? (pp. 3–21). Wiesbaden: Gabler.
Becker, J. (2010). Prozess der gestaltungsorientierten Wirtschaftsinformatik. In H. Österle, R. Winter & W. Brenner (Eds.), Gestaltungsorientierte Wirtschaftsinformatik: Ein Plädoyer für Rigor und Relevanz (pp. 13–17). Nürnberg: Infowerk ag.
Becker, J., & Niehaves, B. (2007). Epistemological perspectives on IS research: A framework for analysing and systematizing epistemological assumptions. Information Systems Journal, 17(2), 197–214.
Bedner, M., & Ackermann, T. (2010). Schutzziele der IT-sicherheit. Datenschutz und Datensicherheit (DuD), 34(5), 323–328.
Benamati, J., & Lederer, A. L. (2001). How IT organizations handle rapid IT change: Five coping mechanisms. Information Technology and Management, 2(1), 95–112.
Benamati, J., Lederer, A. L., & Singh, M. (1997). Changing information technology and information technology management. Information Management, 31(5), 275–288.
Berghel, H. (2005). The two sides of ROI: Return on investment vs. risk of incarceration. Communications of the ACM, 48(4), 15–20.
Bernnat, R., Bauer, M., Zink, W., Bieber, N., & Jost, D. (2010). Die IT-sicherheitsbranche in Deutschland – Aktuelle lage und ordnungspolitische handlungsempfehlung. Bundesministerium für Wirtschaft und Technologie (BMWI). Available at: http://www.bmwi.de/BMWi/Redaktion/PDF/Publikationen/Studien/it-sicherheitsbranche-de-aktuelle-lage,property=pdf,bereich=bmwi,sprache=de,rwb=true.pdf. Accessed 2012-09-27.
Blohm, H., & Lüder, K. (1995). Investition, schwachstellenanalyse des investitionsbereichs und investitionsrechnung (8th ed.). Munich: Vahlen.
Bortz, J., & Döring, N. (2006). Forschungsmethoden und evaluation für human- und sozialwissenschaftler (4th ed.). Springer-Lehrbuch, Springer eBook Collection, Behavioral Science [Dig. Serial], Springer-11776 [Dig. Serial]. Berlin et al.: Springer.
Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A., & Boss, R. W. (2009). If someone is watching, I’ll do what I’m asked: Mandatoriness, control and information security. European Journal of Information Systems, 18(6), 151–164.
Brocke, J. v., Strauch, G., & Buddendick, C. (2007). Return on security investments – towards a methodological foundation of measurement systems. In Proceedings of the 13th Americas conference on information systems (AMCIS), Keystone, CO, USA. Association for Information Systems (AIS).
Brugger, R. (2005). Der IT business case – Kosten erfassen und analysieren Nutzen erkennen und quantifizieren wirtschaftlichkeit nachweisen und realisieren. Xpert.press, Springer eBook Collection, Computer Science [Dig. Serial], Springer-11774 [Dig. Serial]. Berlin et al.: Springer.
Bundesamt für Sicherheit in der Informationstechnik. (Ed.) (2008a). BSI standard 100-1 information security management systems (ISMS) (1.5 ed.). Bonn: Bundesamt für Sicherheit in der Informationstechnik (BSI). Available at: https://www.bsi.bund.de/cae/servlet/contentblob/471428/publicationFile/27993/standard_100-1_e_pdf.pdf. Accessed 2012-09-27.
Bundesamt für Sicherheit in der Informationstechnik. (Ed.) (2008b). BSI-standard 100-2: IT-Grundschutz methodology (1.5 ed.). Bonn: Bundesamt für Sicherheit in der Informationstechnik (BSI). Available at: https://www.bsi.bund.de/cae/servlet/contentblob/471430/publicationFile/27994/standard_100-2_e_pdf.pdf. Accessed 2012-09-27.
Bundesamt für Sicherheit in der Informationstechnik. (Ed.) (2008c). BSI-standard 100-3: Risk analysis based on IT-Grundschutz (1.5 ed.). Bonn: Bundesamt für Sicherheit in der Informationstechnik (BSI). Available at: https://www.bsi.bund.de/cae/servlet/contentblob/471432/publicationFile/27992/standard_100-3_e_pdf.pdf. Accessed 2012-09-27.
Bundesamt für Sicherheit in der Informationstechnik. (2009). IT-Grundschutzhandbuch: Handbuch für die sichere Anwendung der Informationstechnik (11th ed.). Bonn: Bundesanzeiger. Available at: https://www.bsi.bund.de/cae/servlet/contentblob/478418/publicationFile/55550/it-grundschutz-kataloge_2009_EL11_de.pdf. Accessed 2012-09-27.
Burghardt, M. (2007). Einführung in Projektmanagement – Definition, Planung, Kontrolle, Abschluss (5th ed.). Erlangen: Publicis Corporate Publishing.
Burrell, G., & Morgan, G. (1979). Sociological paradigms and organisational analysis – elements of the sociology of corporate life. London et al: Ashgate.
Cameron, K. (2002). The laws of identity. Technical report, identityblog.com. Available at: http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf. Accessed 2012-09-27.
Carr, N. G. (2003). IT doesn’t matter. Harvard business review, 81(5), 41–49.
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). A model for evaluating IT security investments. Communications of the ACM, 47(7), 87–92.
Chan, F. K., & Thong, J. Y. (2009). Acceptance of agile methodologies: A critical review and conceptual framework. Decision Support Systems (DSS), 46(4), 803–814.
Clauß, S., & Köhntopp, M. (2001). Identity managements and its support of multilateral security. Computer Networks, 37(2), 205–219.
CMMI Product Team. (2002). Capability maturity model integration (CMMI) – version 1.1. Pitsburgh: Carnegie Mellon University. Available at: http://www.sei.cmu.edu/reports/02tr012.pdf. Accessed 2012-09-27.
Cobbold, I. C., & Lawrie, G. J. G. (2002a). Classification of balanced scorecards based on their intended use. In Proceedings of the 3rd international conference on performance measurement and management (PMA 2002). Boston, MA: Performance Measurement Association (PMA).
Cobbold, I. C., & Lawrie, G.J. G. (2002b). The development of the balanced scorecard as a strategic management tool. In Proceedings of the 3rd international conference on performance measurement and management (PMA 2002). Boston, MA: Performance Measurement Association (PMA).
Cole, M., & Avison, D. (2007). The potential of hermeneutics in information systems research. European Journal of Information Systems, 16(6), 820–833.
Cole, R., Purao, S., Rossi, M., & Sein, M. (2005). Being proactive: Where action research meets design research. In D. E. Avison & Galletta, D. F. (Eds.), ICIS – proceedings of the international conference on information systems, ICIS 2005, 11–14 Dec 2005, Las Vegas, NV, USA (pp. 325–336). Association for Information Systems.
Damianides, M. (2005). Sarbanes–Oxley and IT governance: New guidance on it control and compliance. Information Systems Management, 22(1), 77–85.
David, J. S., Schuff, D., & St. Louis, R. (2002). Managing your total IT cost of ownership. Communications of the ACM, 45(1), 101–106.
Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13, 319–339.
Davis, H. Z., Apple, S., & Cohn, G. (2008). Free lunches and ROI: A modern fable. Management Accounting Quarterly, 9(2), 16–25.
De Clercq, J. (2002). Single sign-on architectures. In InfraSec ’02: Proceedings of the international conference on infrastructure security (pp. 40–58). London: Springer.
Dhillon, G., & Backhouse, J. (2001). Current directions in IS security research: Towards socio-organizational perspectives. Information Systems Journal, 11(2), 127–153.
Dong, L., Neufeld, D. J., & Higgins, C. (2009). Top management support of enterprise systems implementations. Journal of Iinformation Technology, 24(1), 55–80.
Dörner, W. (2003). IT-investitionen – investitionstheoretische Behandlung von Unsicherheit (Schriftenreihe innovative betriebswirtschaftliche Forschung und Praxis, Vol. 145). Hamburg: Verlag Dr. Kovač.
Downe-Wamboldt, B. (1992). Content analysis: Method, applications, and issues. Health Care for Women International, 13(3), 313–321.
Durand, A. (2003). Three phases of identity infrastructure adoption. Available at: http://blog.andredurand.com/?p=146. Accessed 2012-09-27.
Easterby-Smith, M., Thorpe, R., & Löwe, A. (2002). Management research (2nd ed.). London: Sage Publications Ltd.
Economist Intelligence Unit (2006). Complying with rules for identity management. London et al: The Economist Intelligence Unit. Available at: http://www.identrust.com/pdf/EIU_IdenTrust_Compliance.pdf. Accessed 2012-09-27.
Faisst, U., Prokein, O., & Wegmann, N. (2007). Modell zur dynamischen investitionsrechnung von IT-Sicherheitsmaßnahmen. Zeitschrift für Betriebswirtschaft, 77(5), 511–538.
Farahmand, F., Navathe, S. B., Sharp, G. P., & Enslow, P. H. (2005). A management perspective on risk of security threats to information systems. Information Technology and Management, 6(2–3), 203–225.
FIDIS IdMS Database (2009). FIDIS database on identity management systems. Available at: http://www.fidis.net/interactive/ims-db/. Accessed 2012-09-27.
Flieder, K. (2008). Identity- und access-management mit EAI-Konzepten und -technologien. Datenschutz und Datensicherheit (DuD), 32(8), 532–536.
Flynn, M. J. (2007). Enterprise identity services. Available at: http://360tek.blogspot.com/2006/07/enterprise-identity-services.html. Accessed 2012-09-27.
Franklin, C. J. (2002). The ABCs of ROI. Network Computing, 93–95.
Gaedke, M., Meinecke, J., & Nussbaumer, M. (2005). A modeling approach to federated identity and access management. In WWW ’05: Special interest tracks and posters of the 14th international conference on World Wide Web (pp. 1156–1157). New York: ACM.
Georges, P. M. (2000). The management cockpit – the human interface for management software – reviewing 50 user sites over 10 years of experience. Wirtschaftsinformatik, 42(2), 131–136.
Gericke, W., Thorleuchter, D., Weck, G., Reiländer, F., & Loß, D. (2009). Vertrauliche verarbeitung staatlich eingestufter information – die informationstechnologie im Geheimschutz. Informatik Spektrum, 32(2), 102–109.
Geschka, H., & Hammer, R. (1997). Die Szenario Technik in der strategischen Unternehmensplanung. In D. Hahn & B. Taylor (Eds.), Strategische Unternehmensplanung – strategische Unternehmensführung (7th ed., pp. 464–489). Heidelberg: Physica.
Ghasemzadeh, F., & Archer, N. P. (2000). Project portfolio selection through decision support. Decision Support Systems (DSS), 29, 73–88.
Gläser, J., & Laudel, G. (2006). Experteninterviews und qualitative Inhaltsanalyse als Instrumente rekonstruierender Untersuchungen (2nd ed.). Wiesbaden: VS, Verlag für Sozialwissenschaften.
Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 5(4), 438–457.
Gorry, G. A., & Scott Morton, M. S. (1971). A framework for management information systems. Sloan Management Review, 13(1), 55–71.
Greening, D. W., Barringer, B. R., & Macy, G. (1996). A qualitative study of managerial challenges facing small business geographic expansion. Journal of Business Venturing, 11(4), 233–256.
Gregor, S. (2006). The nature of theory in information systems. MIS Quarterly, 30(3), 491–506.
Grob, H. L., Strauch, G., & Buddendick, C. (2008). Conceptual design of a method to support IS security investment decisions. In R. Kaschek, C. Kop, C. Steinberger & G. Fliedl (Eds.), Information systems and e-business technologies – 2nd international united information systems conference, UNISCON 2008, Klagenfurt, Austria, 22–25 Apr 2008 (Lecture notes in business information processing, Vol. 5, pp. 445–456). Berlin et al.: Springer
Groß, M. (2007). In zehn Schritten zum identity-management. Available at: http://www.computerwoche.de/590967. Accessed 2012-09-27.
Grover, V., Lyytinen, K., Sirnivasan, A., & Tan, N. C. (2008). Contributing to rigorous and forward thinking explanatory theory. Journal of the Association for Information Systems (JAIS), 9(2), 40–47.
Guida, R., Stahl, R., Bunt, T., Secrest, G., & Moorcones, J. (2004). Deploying and using public key technology: Lessons learned in real life. IEEE Security and Privacy, 2(4), 67–71.
Hall, J. A., & Liedtka, S. L. (2007). The Sarbanes–Oxley act: Implications for large-scale IT outsourcing. Communications of the ACM, 50(3), 95–100.
Halperin, R., & Backhouse, J. (2008). A roadmap for research on identity in the information society. Identity in the Information Society (JIDIS), 1(1), 1–12.
Hansen, M., Krasemann, H., Krause, C., Rost, M., & Genghini, R. (2003). Identity management systems (IMS): Identification and comparison. Technical report, Independent Centre for Privacy Protection (ICPP), Kiel (Germany). Study made for the Institute for Prospective Technological Studies – Joint Research Centre Seville(Spain). Available online at http://www.datenschutzzentrum.de/idmanage/study/ICPP_SNG_IMS-Study.pdf. Accessed 2012-09-27.
Hansen, M., Berlich, P., Camenisch, J., Clauß, S., Pfitzmann, A., & Waidner, M. (2004). Privacy-enhancing identity management. Information Security Technical Report, 9(1), 35–44.
Hansen, M., Meints, M., & Rost, M. (2006). Initial scenarios for mobile identity management. In D. Royer (Ed.), Collection of topics and clusters of mobility and identity – towards a taxonomy of mobility and identity, number D11.1 (pp. 20–28). FIDIS NoE. Available at: http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp11-del11.1.mobility_and_identity.pdf. Accessed 2012-09-27.
Hatch, M. J. (1997). Organization theory – modern, symbolic, and postmodern perspectives. Oxford et al.: Oxford University Press.
Helfert, M., Foley, O., Ge, M., & Cappiello, C. (2009). Analysing the effect of security on information quality dimensions. In S. Newell, E. A. Whitley, N. Pouloudi, J. Wareham & L. Mathiassen (Eds.), 17th European conference on information systems, Verona, Italy (pp. 2785–2797).
Hensen, J. (2007). Online-Wörterbuch evaluation. Available at: http://www.evoluation.de/glossary. Accessed 2012-09-27.
Hevner, A. R., March, S. T., & Park, J. (2004). Design science in information systems research. MIS Quarterly, 28(1), 75–105.
Hitt, L. M., & Brynjolfsson, E. (1996). Productivity, business profitability, and customer surplus – three different measures of technology value. MIS Quarterly, 20(2), 121–142.
Hoepman, J.-H., Joosten, R., & Siljee, J. (2009). Comparing identity management frameworks in a business context. In V. Matyas, S. Fischer-Huebner, D. Cvrcek & P. Svenda (Eds.), Proceedings of the IFIP/FIDIS summer school on “The future of identity in the information society” (pp. 184–196). Berlin et al.: Springer.
Holten, R. (2007). Deriving an IS-theory from an epistemological position. In 18th Australasian conference on information systems, Toowoomba, 5–7 Dec 2007 (pp. 1–10). Toowoomba: University of Southern Queensland.
Holten, R., Dreiling, A., & Becker, J. (2005). Ontology-driven method engineering for information systems development. In P. Green & M. Rosemann (Eds.), Business systems analysis with ontologies (pp. 174–217). Hershey: Idea Group Publishing.
Hommel, W. (2007). Architektur- und Werkzeugkonzepte für föderiertes Identitäts-Management. Ph.D. thesis, Fakultät für Mathematik, Informatik und Statistik der Ludwig-Maximilians-Universität München. Available at: http://edoc.ub.uni-muenchen.de/7300/1/Hommel_Wolfgang.pdf. Accessed 2012-09-27.
Hommel, W., & Reiser, H. (2005). Federated identity management in business-to-business outsourcing. In B. Marques, T. Nebe & R. Oliveira (Eds.), Proocedings of the 12th annual workshop of HP OpenView University Association (HPOVUA 2005), Porto, Portugal (pp. 81–93).
Hommel, W., Knittl, S., & Pluta, D. (2008). Strategy and tools for identity management and its process integration in the Munich scientific network. In 14th international conference of European University Information Systems (EUNIS 2008), Arhus, Denmark. Available at: http://eunis.dk/papers/p1.pdf. Accessed 2012-09-27.
Horváth, P. (2006). Controlling (Vahlens Handücher der Wirtschafts- und Sozialwissenschaften, 10th ed.). München: Vahlen.
Hsieh, H.-F., & Shannon, S. E. (2005). Three approaches to qualitative content analysis. Qualitative Health Research, 15(9), 1277–1288.
Huberman, A. M., & Miles, M. B. (1983). Drawing valid meaning from qualitative data: Some techniques of data reduction and display. Quafity and Quantity, 17(4), 281–339.
Hühnlein, D. (2008). Identitätsmanagement – Eine visualisierte Begriffsbestimmung. Datenschutz und Datensicherheit (DuD), 32(3), 161–163.
Jacobson, R. (1987). The validity of ROI as a measure of business performance. The American Economic Review, 77, 470–478.
Jonen, A., & Lingnau, V. (2007). Bewertung von IT-Investitionen – Einbezug von Werttreibern und Risiken. Controlling & Management (ZfCM), 51(4), 246–250.
Jonen, A., Lingnau, V., Müller, J., & Müller, P. (2004). Balanced IT-Decision-Card, Ein Instrument für das Investitionscontrolling von IT-Projekten. Wirtschaftsinformatik, 46(3), 196–203.
Kaplan, R. S., & Norton, D. P. (1996). The balanced scorecard: Translating strategy into action. Boston: Random House.
Kaplan, R. S., & Norton, D. P. (2004). Strategy maps – converting intangible assets into tangible outcomes. Boston: Harvard Business School Press.
Keil, M., Lyytinen, K., Cule, P. E., & Schmidt, R. C. (1998). A framework identifying software project risks. Communications of the ACM, 41(11), 76–83.
Klecun, E., & Cornford, T. (2005). A critical approach to evaluation. European Journal of Information Systems (EJIS), 14(3), 229–243.
Klinger, K. (2008). Identitätsmanagement – Steuerung von Provisionierungsprozessen auf Basis personalwirtschaftlicher Ereignisse. dissertation.de.
Kohm, M., & Morawski, J. (2009). Koma-Script: Eine Sammlung von Klassen und Paketen für LaTeX2ε (3rd ed.). Berlin: Edition dante by Lehmanns Media.
Koschinat, S., & Royer, D. (2010). Bewertung und Einordnung von Ansätzen zur ex-anten Evaluation von IT Sicherheitsinvestitionen. Working Report No. 1, Professur für M-Business, Uni Franfurt, Frankfurt. Available at: http://www.m-chair.net. Accessed 2012-09-27.
KPMG (2008). KPMG’s 2008 European identity and access management survey. KPMG Netherlands. Available at: http://www.kpmg.cz/czech/images/but/0805_Identity-Access-Management-Survey.pdf. Accessed 2012-09-27.
KPMG (2009). KPMG’s 2009 European identity and access management survey. KPMG Netherlands. Available at: http://www.kpmg.fi/Binary.aspx?Section=174&Item=5738. Accessed 2012-09-27.
Krcmar, H. (1990). Informationsverarbeitungs-Controlling – Zielsetzung und Erfolgsfaktoren. IM Information Management, 5(3), 6–15.
Kütz, M. (Ed.) (2003). Kennzahlen in der IT – Werkzeuge für Controlling und Management. Heidelberg: dpunkt.verlag.
Laux, H. (2007). Entscheidungstheorie – und 12 Tabellen (Springer-Lehrbuch, 7th ed.). Berlin et al.: Springer.
Lee, A. S. (1989). A scientific methodology for MIS case studies. MIS Quarterly, 13(1), 33–50.
Lee, A. S. (1991). Integrating positivist and interpretive approaches to organizational research. Organisational Science, 4(2), 342–365.
Lee, A. S. (1999). Rigor and relevance in MIS research: Beyond the approach of positivism alone. MIS Quarterly, 23(1), 29–33.
Liu, L., & Yetton, P. (2010). Sponsorship and IT vendor management of projects. Journal of Information Technology, 25, 56–64.
Locher, C. (2005). Methodologies for evaluating information security investments – what basel II can change in the financial industry. In Proceedings of the 13th European conference on information systems, information systems in a rapidly changing economy, ECIS 2005, Regensburg, Germany, 26–28 May 2005.
Lopez, J., Oppliger, R., & Pernul, G. (2004). Authentication and authorization infrastructures (AAIs) – a comparative survey. Computers Security, 23, 578–590.
Lopez, J., Oppliger, R., & Pernul, G. (2005). Why have public key infrastructures failed so far? Internet Research, 15(5), 544–556.
Lorenz, J. (2005). Der RoI sagt nur die halbe Wahrheit. COMPUTERWOCHE. Available at: http://www.computerwoche.de/569697. Accessed 2012-09-27.
Magnusson, C., Molvidsson, J., & Zetterqvist, S. (2007). Value creation and return on security investmensts (ROSI). In H. Venter, L. Labuschagne, J. Eloff & R. von Solms (Eds.), IFIP SEC 2007: New approaches for security, privacy and trust in complex environments (Vol. 232, pp. 25–35). Berlin et al.: Springer.
Mann, C. C. (2002). Homeland insecurity. The Atlantic Monthly. Available at: http://www.theatlantic.com/past/docs/issues/2002/09/mann.htm. Accessed 2012-09-27.
March, S. T., & Smith, G. F. (1995). Design and natural science research on information technology. Decision Support Systems (DSS), 15(4), 251–266.
Markus, M. L. (1983). Power, politics, and MIS implementation. Communications of the ACM, 26(6), 430–444.
Martin, L. (2007). Security is free. DMReview, 17(12), 16–17.
Martinsons, M., Davidson, R., & Tse, D. (1999). The balanced scorecard: A foundation for the strategic management of information systems. Decision Support Systems (DSS), 25(1), 71–88.
Martucci, L. A. (2009). Identity and anonymity in Ad Hoc networks. Ph.D. thesis, Karlstad University.
Mauterer, H., & Gemünden, H. G. (2002). Der Nutzen von ERP-Systemen – eine Analyse am Beispiel von SAP R/3 (DUV, Wirtschaftsinformatik, 1st ed.). Wiesbaden: Dt. Univ.-Verl.
Mayring, P. (2008). Qualitative Inhaltsanalyse – Grundlagen und Techniken (Beltz Pädagogik, 10th ed.). Weinheim et al.: Beltz.
Mayring, P., & Brunner, E. (2007). Qualitative inhaltsanalys. In R. Buber & H. H. Holzmüller (Eds.), Qualitative Marktforschung: Konzepte – Methoden – Analysen (pp. 669–680). Wiesbaden: Betriebswirtschaftlicher Verlag Dr. Th. Gabler/GWV Fachverlage GmbH.
Mayring, P., & Gläser-Zikuda, M. (2005). Die Praxis der qualitativen Inhaltsanalyse (UTB, Pädagogik, Psychologie, Vol. 8269). Weinheim et al.: Beltz.
Meints, M., & Gasson, M. N. (2009). High-tech ID and emerging technologies. In K. Rannenberg, D. Royer & A. Deuker (Eds.), The future of identity in the information society – challenges and opportunities (pp. 129–189). Berlin et al.: Springer.
Meints, M., & Royer, D. (2008). Der Lebenszyklus von Identitäten. Datenschutz und Datensicherheit (DuD), 32(3), 201.
Meints, M., & Zwingelberg, H. (Eds.) (2009). Deliverable D3.17: Identity management systems – recent developments. Frankfurt et al.: FIDIS NoE. Available at: http://www.fidis.net/fileadmin/fidis/deliverables/new_deliverables3/fidis-wp3-del3.17_Identity_Management_Systems-recent_developments-final.pdf. Accessed 2012-09-27.
Mercuri, R. T. (2003). Analyzing security costs. Communications of the ACM, 46(6), 15–18.
Meyer, M., Zarnekow, R., & Kolbe, L. M. (2003). IT-Governance: Begriff, Status quo und Bedeutung. Wirtschaftsinformatik, 45(4), 445–448.
Mezler-Andelberg, C. (2008). Identity Management - eine Einführung - Grundlagen, Technik, wirtschaftlicher Nutzen. Heidelberg: Dpunkt.verlag.
Miles, M. B., & Huberman, A. M. (1994). Qualitative data analysis – an expanded sourcebook (2nd ed.). Thousand Oaks et al.: Sage.
Milis, K., & Mercken, R. (2004). The use of the balanced scorecard for the evaluation of information and communication technology projects. International Journal of Project Management, 22(2), 87–97.
Moll, K.-R., Broy, M., Pizka, M., Seifert, T., Bergner, K., & Rausch, A. (2004). Erfolgreiches Management von Software-Projekten. Informatik Spektrum, 27(5), 419–432.
Mooraj, S., Oyon, D., & Hostettler, D. (1999). The balanced scorecard: A necessary good or an unnecessary evil? European Management Journal, 17(5), 481–491.
Mott, J. D., & Granata, G. (2006). The value of teaching and learning technology: Beyond ROI. EDUCAUSE Quarterly, 29(2), 48–54.
Muntermann, J. (2007). Event-driven mobile financial information services. Germany: Deutscher Universitätsverlag.
Myers, M. D. (1997). Qualitative research in information systems. MIS Quarterly, 21(2), 241–242. Available at: http://www.misq.org/discovery/MISQD_isworld/. Accessed 2012-09-27.
Nabeth, T. (2009). Identity of identity. In K. Rannenberg, D. Royer & A. Deuker (Eds.), The future of identity in the information society – challenges and opportunities (pp. 19–69). Berlin et al.: Springer.
Nabeth, T., & Hildebrandt, M. (Eds.) (2005). Deliverable D2.1: Inventory of topics and clusters. Frankfurt et al.: FIDIS NoE. Available at: http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp2-del2.1_Inventory_of_topics_and_clusters.pdf. Accessed 2012-09-27.
Nabeth, T., Benoist, E., Anrig, B., Meints, M., Hansen, M., Gasson, M., & Warwick, K. (Eds.) (2005). Deliverable D2.3: Models. Frankfurt et al.: FIDIS NoE. Available at: http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp2-del2.3.models.pdf. Accessed 2012-09-27.
Neubauer, T., Klemen, M., & Biffl, S. (2005). Business process-based valuation of IT-security. In K. Sullivan (Ed.), Proceedings of the seventh international workshop on economics-driven software engineering research (pp. 1–5). St. Louis: ACM Press.
Nowey, T., Federrath, H., Klein, C., & Plößl, K. (2005). Ansätze zur Evaluierung von Sicherheitsinvestitionen. In H. Federrath (Ed.), Sicherheit 2005: Sicherheit – Schutz und Zuverlässigkeit, Beiträge der 2. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.v. (GI), Regensburg, 5–8 Apr 2005 (Lecture notes on informatics (LNI), Vol. 62, pp. 15–26). Gesellschaft für Informatik (GI).
Nunamaker, J. F. J., Chen, M., & Purdin, T. D. (1991). Systems development in information systems research. Journal of Management Information Systems, 7(3), 89–106.
Okujava, S., & Remus, U. (2006). Wirtschaftlichkeit von Unternehmensportalen. IT – Information Technology, 48(2), 99–111.
Olivier, M. S. (2009). Information technology research – a practical guide for computer science and informatics (2nd ed.). Pretoria: Van Schaik.
Österle, H., Becker, J., Frank, U., Hess, T., Karagiannis, D., Krcmar, H., Loos, P., Mertens, P., Oberweis, A., & Sinz, E. J. (2010). Memorandum zur gestaltungsorientierten Wirtschaftsinformatik. In H. Österle, R. Winter & W. Brenner (Eds.), Gestaltungsorientierte Wirtschaftsinformatik: Ein Plädoyer für Rigor und Relevanz (pp. 1–6). Nürnberg: Infowerk ag. Also available at: http://www.wirtschaftsinformatik.or.at/fileadmin/DKEHP/Repository/Memorandum__GWI_2010-03-08.pdf. Accessed 2012-09-27.
Pashalidis, A., & Mitchell, C. J. (2003). A taxonomy of single sign-on systems. In R. Safavi-Naini & J. Seberry (Eds.), Information security and privacy, 8th Australasian conference, ACISP 2003, Proceedings, Wollongong, Australia, 9–11 July 2003 (Lecture notes in computer science, Vol. 2727, pp. 249–264). Berlin/New York: Springer.
Peffers, K., Tuunanen, T., Rothenberger, M., & Chatterjee, S. (2008). A design science research methodology for information systems research. Journal of Management Information Systems (JMIS), 24(3), 45–77. Available at: http://www.sirel.fi/ttt/Downloads/Design%20Science%20Research%20Methodology%202008.pdf. Accessed 2012-09-27.
Perkins, E. L., & Allan, A. (2005). Consider identity and access management as a process, not a technology. Technical report G00129998, Gartner research.
Perkins, E., & Carpenter, P. (2009). The Gartner IAM program maturity model. Available at: http://www.slideshare.net/smooregartner/the-gartner-iam-program-maturity-model. Accessed 2012-09-27.
Pfadenhauer, M. (2005). Auf gleicher Augenhöhe reden: Das Experteninterview – ein Gespräch zwischen Experten und Quasi-Experten. In A. Bogner, B. Littig & W. Menz (Eds.), Das Experteninterview – Theorie, Methode, Anwendung (2nd ed., pp. 113–130). Wiesbaden: Verlag für Sozialwissenschaften.
Pfitzinger, E. (2009). Projekt DIN EN ISO 9001:2008 (2nd ed.). Berlin et al.: DIN Deutsches Institut für Normierung e.V. Beuth Verlag GmbH.
Pfitzmann, B. (2004). Privacy in enterprise identity federation – policies for liberty 2 single sign on. Information Security Technical Report, 9(1), 45–58.
Pisello, T. (2001). Return on investment for information technology providers. New Canaan: Information Economics Press.
Pohlmann, N. (2006). Wie wirtschaftlich sind IT-Sicherheitsmaßnahmen? HMD - Praxis Wirtschaftsinformatik, 248, 26–34.
Poon, P., & Wagner, C. (2001). Critical success factors revisited: Success and failure cases of information systems for senior executives. Decision Support Systems (DSS), 30, 393–418.
Potthof, I. (1998). Kosten und Nutzen der Informationsverarbeitung: Analyse und Beurteilung von Investitionsentscheidungen. Wiesbaden: DUV/Gabler.
Power, D. J. (2001). Supporting decision-makers: An expanded framework. Available at: http://dssresources.com/papers/supportingdm/PowerEBKSupp.pdf. Accessed 2012-09-27.
Power, D. J. (2004). Specifying an expanded framework for classifying and describing decision support systems. Communications of the Association for Information Systems (CAIS), 13(13), 158–166.
Power, D. J. (2009). A brief history of decision support systems. Available at: http://dssresources.com/history/dsshistory.html. Accessed 2012-09-27.
PRINCE2 Project (2010). PRINCE2 – PRojects IN Controlled Environments (2nd ed.). Available at: http://www.prince2.com. Accessed 2012-09-27.
Purser, S. A. (2004). Improving the ROI of the security management process. Computers & Security, 23(6), 542–546.
Rannenberg, K. (2000). Mehrseitige Sicherheit – Schutz für Unternehmen und ihre Partner im Internet. Wirtschaftsinformatik, 42(6), 489–498.
Rannenberg, K., Royer, D., & Deuker, A. (2009). The future of identity in the information society: Challenges and opportunities. Heidelberg et al.: Springer.
Ricoeur, P. (1980). Oneself as another. Chicago, IL: The University of Chicago Press.
Riepl, L. (1998). TCO versus ROI. Information Management, 13(2), 7–12.
Rosenquist, M. (2007). Measuring the return on IT security investments (Intel Whitepaper). Technical report, Intel Corporation.
Rossnagel, H., & Royer, D. (2005). Investing in security solutions – can qualified electronic signatures be profitable for mobile operators. In Association for Information Systems (AIS) (Ed.), Proceedings of the 11th Americas conference on information systems (AMCIS), Omaha, Nebraska (pp. 3248–3257).
Roussos, G., Peterson, D., & Patel, U. (2003). Mobile identity management: An enacted view. International Journal of Electronic Commerce, 8(1), 81–100.
Royer, D. (2008a). Assessing the value of enterprise identity management (EIdM) – towards a generic evaluation approach. In E. R. Weippl, G. Quirchmyr & J. Slya (Eds.), Proceedings of the 3rd international conference on availability, reliability and security (ARES 2008 – the international dependability conference) (pp. 779–786). Barcelona: IEEE Press.
Royer, D. (2008b). Enterprise identity management – What’s in it for organisations? In S. Fischer-Huebner, P. Duquenoy, A. Zuccato & L. Martucci (Eds.), Proceedings of the IFIP/FIDIS summer school on “The future of identity in the information society” (Lecture notes on informatics (LNI), pp. 403–416). Berlin et al: Springer.
Royer, D. (2008c). Ganzheitliche Bewertung von Enterprise Identity Management Systemen – Der Ansatz der Balanced Scorecard als taktisches Entscheidungsunterstützungsinstrument. In A. Alkassar & J. Siekmann (Eds.), Sicherheit 2008 – 4. Jahrestagung Fachbereich Sicherheit der Gesellschaft für Informatik, Saarbrücken, Germany (pp. 449–460). Gesellschaft für Informatik (GI).
Royer, D. (2010). Supporting decision making for enterprise identity management – an explanatory model for describing the relevant impacts. In P. M. Alexander, M. Turpin & J. P. van Deventer (Eds.), 18th European conference on information systems 2010 (ECIS 2010), Pretoria, Republic of South Africa. Association for Information Systems (AIS).
Royer, D., & Meints, M. (2008). Planung und Bewertung von Enterprise Identity Managementsystemen. Datenschutz und Datensicherheit (DuD), 32(3), 189–193.
Royer, D., & Meints, M. (2009). Enterprise identity management – towards a decision support framework based on the balanced scorecard approach. Business & Information Systems Engineering (BISE), 1(3), 245–253. Also available in German in: Wirtschaftsinformatik (WI), 51(3), 284–294.
Royer, D., & Rannenberg, K. (2006). Mobilität, mobile Technologie und Identität. Datenschutz und Datensicherheit (DuD), 30(9), 571–575.
Roztocki, N., & Weistroffer, H. R. (2007). Identifying success factors for information technology investments: contribution of activity based costing. In H. Österle, J. Schelp & R. Winter (Eds.), 15th European conference on information systems 2007 (ECIS 2007), St. Gallen, Switzerland (pp. 1031–1040). AIS.
Ryan, J. J. C. H., & Ryan, D. J. (2006). Expected benefits of information security investments. Computers und Security, 25(8), 579–588.
Ryan, S. D., Harrison, D. A., & Schkade, L. L. (2002). Information-technology investment decisions: When do costs and benefits in the social subsystem matter? Journal of Management Information Systems, 19, 85–127.
Satchell, C., Shanks, G., Howard, S., & Murphy, J. (2006). Knowing me, knowing you: End user perceptions of identity management systems. In J. Ljungberg & M. Andersson (Eds.), 14th European conference on information systems 2006 (ECIS 2006), Goteborg, Sweden (pp. 795–806). Association for Information Systems (AIS).
Schienmann, B. (2002). Kontinuierliches Anforderungsmanagement – Prozesse, Techniken, Werkzeuge. München et al.: Addison-Wesley.
Schmeh, K., & Uebelacker, H. (2004). Sicherheit, die sich rechnet – Return-on-Investment in der IT-Security. Available at: http://www.heise.de/tp/r4/artikel/18/18954/1.html. Accessed 2012-09-27.
Schröder, H., & Kesten, R. (2006). Ein Vorgehensmodell zur Nutzenbewertung von IT-Investitionen. Information Management & Consulting, 21(4), 63–68.
Schumann, M. (1993). Wirtschaftlichkeitsbeurteilung für IV-Systeme. Wirtschaftsinformatik (WI), 35(2), 167–178.
Schwaber, K., & Sutherland, J. (2010). SCRUM Guide. Scrum.org. Available at: http://www.scrum.org/storage/scrumguides/Scrum%20Guide.pdf. Accessed 2012-09-27.
Sharp, H., Finkelstein, A., & Galal, G. (1999). Stakeholder identification in the requirements engineering process. In DEXA ’99: Proceedings of the 10th international workshop on database expert systems applications, Washington, DC, USA (p. 387). IEEE Computer Society.
Shim, J. P., Warkentin, M., Courtney, J. F., Power, D. J., Sharda, R., & Carlsson, C. (2002). Past, present, and future of decision support technology. Decision Support Systems (DSS), 33(2), 111–126.
Simon, H. A. (1960). The new science of management decision. New York: Harper.
Simon, H. (1996). The sciences of the artificial (3rd ed.). Cambridge: MIT Press.
Siponen, M. T., & Oinas-Kukkonen, H. (2007). A review of information security issues and respective research contributions. The DATA BASE for Advances in Information Systems, 38(1), 60–80.
Siponen, M. T., & Willison, R. (2010). A critical assessment of IS security research between 1990–2004. In H. Österle, J. Schelp & R. Winter (Eds.), 15th European conference on information systems 2007 (ECIS 2007), St. Gallen, Switzerland (pp. 1551–1559). Association for Information Systems (AIS).
Small, M. (2004). Business and technical motivation for identity management. Information Security Technical Report, 9(1), 6–21.
Solheim, J. A., & Rowland, J. H. (1993). An empirical study of testing and integration strategies using artificial software systems. IEEE Transactions on Software Engineering, 19(10), 941–949.
Sommerville, I. (2006). Software engineering (8th ed.). Redwood City: Addison Wesley.
Sommerville, I., & Sawyer, P. (1997). Requirements engineering – a good practice guide. Chichester et al.: Wiley.
Sonnenreich, W., Albanese, J., & Stout, B. (2006). Return on security investment (ROSI) – a practical quantitative model. Journal of Research and Practice in Information Technology, 38(1), 45–56.
Sprague, R. H., Jr. (1980). A framework for the development of decision support systems. MIS Quarterly, 4(4), 1–26.
Stefanou, C. J. (2002). A framework for the ex-ante evaluation of ERP software. European Journal of Information Systems, 10(4), 204–215.
Tsolkas, A., & Schmidt, K. (2010). Rollen- und Berechtigungskonzepte (\(<\)kes\(>\)). Wiesbaden: Vieweg + Teubner Verlag.
Turban, E., & Aronson, J. E. (1998). Decision support and business intelligence systems (5th ed.). Upper Saddle River: Prentice-Hall, Inc.
Uwizeyemungu, S., & Raymond, L. (2009). Exploring an alternative method of evaluating the effects of ERP: A multiple case study. Journal of Information Technology (JIT), 24(3), 251–268.
V-Modell Project (2006). The V-modell XT – release 1.3. Koordinierungs- und Beratungsstelle der Bundesregierung für Informationstechnik in der Bundesverwaltung (KBSt), Berlin. Available at: http://v-modell.iabg.de/dmdocuments/V-Modell-XT-Gesamt-Englisch-V1.3.pdf. Accessed 2012-09-27.
Vaishnavi, V. K., & Kuechler, W. (2008). Design science research methods and patterns – innovating information and communication technology. Boca Raton: Auerbach Publications.
Walsham, G. (2006). Doing interpretive research. European Journal of Information Systems, 15(3), 320–330.
Walter, S. G., & Spitta, T. (2004). Approaches to the ex-ante evaluation of investments into information systems. Wirtschaftsinformatik, 46(3), 171–180.
Wan, Z., Fang, Y., & Wade, M. (2007). A ten-year Odyssey of the “IS productivity paradox” - a citation analysis (1996–2006). In Association for Information Systems (AIS) (Ed.), Proceedings of the 13th Americas conference on information systems (AMCIS), Keystone, Colorado.
Ward, J., De Hertogh, S., & Viaene, S. (2007). Managing benefits from IS/IT investments: An empirical investigation into current practice. In HICSS – 40th Hawaii international international conference on systems science (HICSS-40 2007), Waikoloa, Big Island, HI, USA, 3–6 Jan 2007 (p. 206). IEEE Computer Society.
Weber, R. (2004). The rhetoric of positivism versus interpretivism: A personal view. MIS Quarterly, 28(1), iii–xii.
Windley, P. J. (2005). Digital identity. Sebastopol et al.: O’Reilly.
Winter, R. (2008). Design science research in Europe. European Journal of Information Systems (EJIS), 17(5), 470–475.
Witty, R. J., Allan, A., Enck, J., & Wagner, R. (2003). Identity and access management defined. Research Study SPA-21-3430, Gartner.
Yayla, A. A., & Hu, Q. (2010). The impact of information security events on the stock value of firms: The effect of contingency factors. Journal of Information Technology (AOP), 25, 1–18. Available at: http://dx.doi.org/10.1057/jit.2010.4. Accessed 2012-09-27.
Yin, R. K. (2003). Case study research – design and methods (Applied social research methods series, 3rd ed., Vol. 5). Sage, Thousand Oaks, et al.,
Yue, W. T., Cakanyildirim, M., Ryu, Y. U., & Dengpan, L. (2007). Network externalities, layered protection and IT security risk management. Decision Support Systems (DSS), 44(1), 1–16.
Zangemeister, C. (1976). Nutzwertanalyse in der Systemtechnik – Methodik zur multidimensionalen Bewertung und Auswahl von Projektalternativen (4th ed.). Hamburg: Zangemeister.
Zeitler, N. (2009). Identity and access management zu teuer und komplex. Available at: http://www.cio.de/882970. Accessed 2012-09-27.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Royer, D. (2013). EIdM: Concepts, Technologies, and Application Fields. In: Enterprise Identity Management. Progress in IS. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35040-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-35040-5_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35039-9
Online ISBN: 978-3-642-35040-5
eBook Packages: Business and EconomicsBusiness and Management (R0)