Digital application marketplaces are increasingly relevant for digital platform owners seeking to reap the benefits of distributing, brokering, and operating applications by third-party developers. Owners of such marketplaces have two vital goals: address the needs of heterogeneous end-users and attract third-party developers. A key element in simultaneously accommodating these goals is value c...

At eSmart 2003, Kekicheff and Brewer [1] reported on the development of the GlobalPlatform Card Security Requirements Specification (CSRS) [2]. They pointed out not only that the CSRS presents a semi-formal security specification for the entire card platform, but also that it proposes a method for selecting the most appropriate card configuration based on risk analysis. Particular attention was...

This paper addresses the concept of model uncertainty within the context of risk analysis. Though model uncertainty is a topic widely discussed in the risk analysis literature, no consensus seems to exist on its meaning, how it should be measured, or its impact on the application of analysis results in decision processes. The purpose of this paper is to contribute to clarification. The first pa...

While security professionals have long talked about risk, moving an organization from a “security” mindset to one that thoughtfully considers information risk is a challenge. Managing information risk means building risk analysis into every business decision. In this panel, we will discuss how CISOs are working to move the conversation from security towards information risk. In particular, we w...

In order to explain how DIYbio knowledge and expertise is developed and shared the use of Practice Theory will help us gain a useful understanding of how working practices are sustained, reproduced and potentially changed. In addition, the development and sharing of thick, evocative, rich descriptions of these practices might contribute to the motivational knowledge of DIYbio practitioners.

Employees and/or functional managers increasingly adopt and use IT systems and services that the IS management of the organization does neither provide nor approve. To effectively counteract such shadow IT in organizations, the understanding of employees’ motivations and drivers is necessary. However, the scant literature on this topic primarily focused on various governance approaches at firm ...