=Paper=
{{Paper
|id=Vol-2966/preface
|storemode=property
|title=None
|pdfUrl=https://ceur-ws.org/Vol-2966/preface.pdf
|volume=Vol-2966
|authors=Stephan Kühnel,Stefan Sackmann,Simon Trang
}}
==None==
https://ceur-ws.org/Vol-2966/preface.pdf
Preface
to the First International Workshop on Current
Compliance Issues in Information Systems Research
Stephan Kühnel1, Stefan Sackmann1, Simon Trang2
1 Martin Luther University Halle-Wittenberg, 06108 Halle (Saale), Germany
{stephan.kuehnel, stefan.sackmann}@wiwi.uni-halle.de
2 Universität Goettingen, 37073 Goettingen, Germany
simon.trang@wiwi.uni-goettingen.de
1 General Description of the CIISR Workshop
"Compliance" refers to rule adherence, i.e., acting in accordance with applicable rules
originating from various sources, including laws, standards, contracts, guidelines, etc.
[1, 2]. Compliance has been a relevant topic in Information Systems Research (ISR) for
several decades, whose initial focus was primarily on the (semi-)automated support in
ensuring and validating rule conformity [3–5]. Nowadays, compliance is approached
from a variety of different perspectives. As part of information security management,
for instance, it is examined which operational compliance measures result in desired
employee behavior [6, 7]. In the context of cloud computing, for instance, it is examined
how compliance with service level agreements can be ensured in hybrid cloud
architectures [8, 9]. And in the context of business process management, for instance,
it is examined how the compliance of business processes can be ensured sustainably
and economically in digitalized and electronic markets [10–12].
The first International Workshop on Current Compliance Issues in Information Systems
Research (CIISR 2021) was intended as a prelude to an exchange format that will enable
a continuous interchange of scientists and also practitioners in this field. The workshop
took place on March 9th, 2021, in conjunction with the 16th International Conference
on Wirtschaftsinformatik (WI 2021). Based on the conference's main theme–
"Innovation through Information Systems - Business & Information Systems
Engineering as a Future-Oriented Discipline"–the CIISR workshop discussed current
compliance issues with high relevance to the ISR area.
16th International Conference on Wirtschaftsinformatik,
March 2021, Essen, Germany
Copyright © 2021 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
1
�2 Submission and Paper Selection
We invited the scientific community to submit discussion papers and also research
results as contributions to the CIISR 2021 workshop. Submissions in numerous subject
areas interfacing with compliance were welcome, such as ensuring compliance with
information security policies, compliance issues in the context of clouds, ensuring
business process compliance, current IT compliance issues, and–for a given current
occasion–the impact of the COVID-19 pandemic on compliance in the ISR
environment. We called for contributions from the above-mentioned topics that can be
assigned to one of the following three submission types:
1. Completed research papers/completed practical reports
This submission type includes both advanced research with at least partial
evaluation and comprehensive practical contributions.
2. Short papers (research in progress papers/short practical reports)
Short papers represent ongoing research or ongoing practical projects. In
addition to presenting initial results, these papers should also include an
outlook on further research or project progress, including planned future work
steps.
3. Extended abstracts
Extended abstracts present and discuss high-quality results of already
published contributions (or dissertations/postdoctoral theses) relevant to the
workshop topic.
In the submission version, completed research papers and practical reports must not
exceed 12 pages, short papers must not exceed six pages, and extended abstracts must
not exceed four pages, including title, abstract, bibliography, author details, and
acknowledgments. Possible appendices are not included in the pagination.
Each paper submitted to the workshop underwent a rigorous double-blind review by at
least two reviewers and was evaluated for five criteria: 1) quality of content, 2)
significance for theory and practice, 3) originality and level of innovativeness, 4) fitting
to the workshop theme, and 5) quality of presentation. The three workshop chairs
subsequently discussed the review results of each paper, resulting in a decision of
acceptance or rejection. A total of seven papers were submitted to the workshop, of
which four were accepted as full papers and one as a short paper. Accordingly, the
acceptance rate of full papers was 57 %.
2
�3 CIISR 2021 Workshop Papers
In line with the WI 2021, the CIISR 2021 workshop was held completely online.
Despite its virtual form, we are pleased to report that it was well received by the
research community. 42 conference attendees were registered for the workshop, and
finally, more than 50 attended. The CIISR 2021 workshop and the CIISR 2021
workshop proceedings at hand contain six contributions, including one paper on the
keynote speech of the workshop chairs, the four accepted full papers, and one accepted
short paper:
1. The paper Towards a Business Process-based Economic Evaluation and
Selection of IT Security Measures accompanies the keynote and particularly
focuses on the ProBITS project, which is funded by the German Federal
Ministry of Education and Research (BMBF) since April 2021 and deals with
the economic assessment and analysis of IT security measures in business
processes.
2. The full paper Analysis of Public Cloud Service Level Agreements–An
Evaluation of Leading Software as a Service Providers by Michael Seifert
analyses compliance in the context of cloud computing. His research is
devoted to comparing service level agreements and reducing their
heterogeneity. In this context, the paper also sheds light on the management
of compliance with agreed-upon requirements.
3. The full paper Software Compliance in Different Industries: A Systematic
Literature Review by Mohammed Mubarkoot and Joern Altmann analyses
compliance of software and software services. Based on a systematic literature
review, existing frameworks of software compliance management are
identified and compared to the needs of different industries. The results show
heterogeneity in terms of approaches and industries, especially regarding
priorities, specifics, and compliance requirements, so further research seems
to be vital.
4. The full paper Reviewing the Interrelation Between Information Security
and Culture: Toward an Agenda for Future Research by Sebastian
Hengstler and Natalya Pryazhnykova is dedicated to analyzing the relevance
of culture to information security on different levels. Their results show that
cultural aspects are relevant in different areas of information security, namely
in information security governance, in awareness programs, in its influence on
compliance behavior, and when designing an organizational security culture.
They propose to further analyze the connection between culture and
information security in the light of their identified research areas to better
understand the impact of culture on security compliance.
3
� 5. The full paper Culture Matters–A Cross-Cultural Examination of
Information Security Behavior Theories by Sebastian Hengstler empirically
compares different theories for ensuring information security compliance
behavior with respect to different cultures. Protection motivation and
deterrence theory are tested in Germany, India, and the USA and compared by
invariance tests and determination of predictive power. The conclusion
suggests that taking a differentiated view on culture might improve
information security policy compliance behavior in the future.
6. The short paper MIA–A Method for Achieving Compliance in Flexible and
IT Supported Business Processes by Tobias Seyffarth presents a holistic
framework for managing business process compliance in flexible
environments. His research models relations between compliance
requirements, business process activities, and underlying IT components.
Thus, the approach allows interesting analyses of these relations, especially
when changes become necessary.
4 Organization and Acknowledgement
The main person responsible for the workshop was Dr. Stephan Kühnel (general
workshop and web chair), who was supported by Prof. Dr. Stefan Sackmann and Prof.
Dr. Simon Trang (workshop co-chairs). Stephan Kühnel and Stefan Sackmann are
researchers in the field of business process management at the Chair for Information
Systems, esp. Business Information Management at the Martin Luther University
Halle-Wittenberg. Both are actively researching in the field of economic evaluation of
business process compliance and security. Simon Trang is a researcher in the field of
information security management and holds the Chair for Information Security and
Compliance at the Georg August University of Goettingen. His research focuses on the
economic aspects of information security measures and human aspects of information
security.
Although the number of submissions to the workshop was manageable, establishing a
new workshop in the community would not have been possible without the help of
others. Thus, we are very thankful for all the support we received from the teams of the
respective chairs. Furthermore, we are very thankful for all the support we got during
the review process. We were happy to have so many researchers supporting us in the
program committee, namely (in alphabetic order of the last name):
Michael Fellmann (University of Rostock, Germany),
Barbara Gallina (Maelardalen University, Sweden),
Nadine Guhr (Leibniz University Hannover, Germany),
Simon Hacks (KTH Royal Institute of Technology Stockholm, Sweden),
4
� Martin Schultz (HAW University of Applied Sciences Hamburg, Germany),
Michael Seifert (GISA GmbH, Germany),
Tobias Seyffarth (Martin Luther University Halle-Wittenberg, Germany),
Frank Teuteberg (Osnabrueck University, Germany), and
Nils Urbach (University of Bayreuth, Germany).
In addition, we thank Peter Hofmann (University of Bayreuth, Germany) and Sebastian
Hengstler (Georg August University of Goettingen, Germany) for their work as
(sub)reviewers. Last but not least, our thanks also belong to Sebastian Lindner (Martin
Luther University Halle-Wittenberg, Germany) for his work as a web co-chair and to
the WI 2021 team for their support in organizational and technical matters.
References
1. Becker, J., Delfmann, P., Dietrich, H.-A., Steinhorst, M., Eggert, M.: Business
Process Compliance Checking – Applying and Evaluating a generic Pattern
Matching Approach for Conceptual Models in the Financial Sector. Information
Systems Frontiers 18, pp. 359–405, (2016).
2. Rinderle-Ma, S., Ly, L.T., Dadam, P.: Business Process Compliance (Aktuelles
Schlagwort). EMISA Forum, pp. 24–29, (2008).
3. Sackmann, S., Kuehnel, S., Seyffarth, T.: Using Business Process Compliance
Approaches for Compliance Management with Regard to Digitization: Evidence
from a Systematic Literature Review. In: Weske M., Montali M., Weber I., vom
Brocke J. (eds) Business Process Management. BPM 2018. Lecture Notes in
Computer Science, vol 11080. Springer, Cham, pp 409-425, (2018).
4. Fellmann, M., Zasada, A.: State-of-the-art of Business Process Compliance
Approaches: A Survey. Proceedings of the 22nd European Conference on
Information Systems (ECIS'14), pp. 1–17, (2014)
5. Schultz, M.: Towards an Empirically Grounded Conceptual Model for Business
Process Compliance. In: Ng W., Storey V.C., Trujillo J.C. (eds) Conceptual
Modeling. ER 2013. Lecture Notes in Computer Science, vol 8217. Springer,
Berlin, Heidelberg, pp 138-145, (2013).
6. Trang, S., Brendel, B.: A Meta-Analysis of Deterrence Theory in Information
Security Policy Compliance Research. Information Systems Frontiers 21, pp.
1265–1284, (2019)
7. Lembcke, T.-B., Masuch, K., Trang, S., Hengstler, S., Plics, P., Pamuk, M.:
Fostering Information Security Compliance: Comparing the Predictive Power of
Social Learning Theory and Deterrence Theory. Americas Conference on
Information Systems (AMCIS), (2019).
8. Xiaoyong, Y., Ying, L., Tong, J., Tiancheng, L., Zhonghai, W.: An Analysis on
Availability Commitment and Penalty in Cloud SLA. In: Computer Software and
Applications Conference (COMPSAC), pp. 914–919, (2015).
5
�9. Morin, J.-H., Aubert, J., Gateau, B.: Towards Cloud Computing SLA Risk
Management: Issues and Challenges. In: Sprague, R.H. (ed.) 45th Hawaii
International Conference on System Sciences. (HICSS) ; USA, 4 - 7 Jan. 2012,
pp. 5509–5514, (2012).
10. Seyffarth, T., Kuehnel, S., Sackmann, S.: Business Process Compliance Despite
Change: Towards Proposals for a Business Process Adaptation. In: Cappiello C.,
Ruiz M. (eds) Information Systems Engineering in Responsible Information
Systems. CAiSE 2019. Lecture Notes in Business Information Processing, vol
350. Springer, Cham, pp. 227-239, (2019).
11. Kuehnel, S., Trang, S., Lindner, S.: Conceptualization, Design, and
Implementation of EconBPC – A Software Artifact for the Economic Analysis of
Business Process Compliance. In: Laender A., Pernici B., Lim EP., de Oliveira J.
(eds) Conceptual Modeling. ER 2019. Lecture Notes in Computer Science, vol
11788. Springer, Cham, pp. 378-386, (2019).
12. Knuplesch, D., Reichert, M., Fdhila, W., Rinderle-Ma, S.: On Enabling
Compliance of Cross-Organizational Business Processes, In: Daniel F., Wang J.,
Weber B. (eds) Business Process Management. Lecture Notes in Computer
Science, vol 8094. Springer, Berlin, Heidelberg, pp. 146-154, (2013).
6
�