Gerald Quirchmayr

E-Mail
Phone: +43 (1) 4277 39631
Fax: +43 (1) 4277 39649

Bio
Gerald Quirchmayr holds doctors degrees in computer science and law from Johannes Kepler University in Linz (Austria) and currently is Professor at the Department of Distributed and Multimedia Systems at the University of Vienna. In 2001/2002 he held a Chair in Computer and Information Systems at the University of South Australia. He first joined the University of Vienna in 1993 from the Institute of Computer Science at Johannes Kepler University in Linz (Austria) where he had previously been teaching. In 1989/1990 he taught at the University of Hamburg (Germany). His wide international experience ranges from the participation in international teaching and research projects, very often UN- and EU-based, several research stays at universities and research centres in the US and EU Member States to extensive teaching in EU staff exchange programs in the United Kingdom, Sweden, Finland, Germany, Spain, and Greece, as well as teaching stays in the Czech Republic and Poland. International teaching and specialist missions include UN-coordinated activities in Egypt, Russia and the Republic of Korea. He has served as a member of program committees of many international conferences, chaired several of them, has contributed as reviewer to scientific journals and has also served on editorial boards. He is a member of the Austrian and German computer societies and a member of IFIP working groups. For his contributions to the international IT community he was received the IFIP Silver Core Award in 1995. His major research focus is on information systems in business and government with a special interest in security, applications, formal representations of decision making and legal issues. His publication record comprises over 100 peer reviewed papers plus several edited books and conference proceedings as well as nationally and internationally published project reports. In July 2002 he was appointed as Adjunct Professor at the School of Computer and Information Science of the University of South Australia. Since January 2005 he heads the Department of Distributed and Multimedia Systems, Faculty of Computer Science, at the University of Vienna.

For more information please see http://www.cs.univie.ac.at/employee.php?eid=6.

Publications

Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi, "A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management," in International Workshop on Database and Expert Systems Applications, 2009, pp. 127-132. BibTeX | PDF

@INPROCEEDINGS{Jakoubi_SurveyofScientific_2009, Author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi}, title = {A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management}, booktitle = {International Workshop on Database and Expert Systems Applications}, year = {2009}, month = {1}, pdf = {Jakoubi_SurveyofScientific_2009.pdf}, pages = {127-132}, publisher = {IEEE Computer Society}, }
Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi, "Enhancing Business Impact Analysis and Risk Assessment applying a Risk-Aware Business Process Modeling and Simulation Methodology," in Proceedings of the 3rd International Conference on Availability, Reliability and Security, 2008. BibTeX

@INPROCEEDINGS{Tjoa_EnhancingBusinessImpact_2008, Author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi}, title = {Enhancing {B}usiness {I}mpact {A}nalysis and {R}isk {A}ssessment applying a {R}isk-{A}ware {B}usiness {P}rocess {M}odeling and {S}imulation {M}ethodology}, booktitle = {Proceedings of the 3rd {I}nternational {C}onference on {A}vailability, {R}eliability and {S}ecurity}, year = {2008}, month = {1}, abstract = {Driven by the steadily growing number of natural disasters, the threat of terrorist and other criminal attacks as well as changed legislation and regulations, companies are increasingly forced to prepare against threats that endanger the survivability of crucial business activities. As a consequence, management has to pay more attention to business continuity issues including serious management commitment and more appropriate funding. Business impact analysis and risk assessment concepts enable adequate business continuity planning as they deliver essential information about the impact of resources' disruption on business. In this paper we present how these concepts can be enhanced through the application of the ROPE (Risk-Oriented Process Evaluation) methodology enabling risk-aware business process management and simulation. Moreover, we present essential extensions of the ROPE simulation capabilities leading to a more efficient and effective business continuity planning.}, }
Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi, "Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation," in Proceedings of the 16th European Conference on Information Systems (ECIS), 2008. BibTeX

@INPROCEEDINGS{Jakoubi_DerivingResourceRequirements_2008, Author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi}, sbahotlist = {true}, title = {Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation}, booktitle = {Proceedings of the 16th European Conference on Information Systems (ECIS)}, year = {2008}, month = {1}, abstract = {Today, companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements, companies often consult business process management experts. The robustness and continuity of operations is separately considered in other domains such as business continuity management and risk management. The shortcoming of this separation is that in most cases a common reasoning and information basis is missing. With the risk-aware process modeling and simulation methodology named ROPE we fill this gap and combine the strengths of the aforementioned domains. In this paper, we present new ROPE simulation capabilities focusing on the determination of resource requirements considering the impact of occurring threats on business processes. Furthermore, we introduce an example scenario to clarify how a company can benefit from applying these extensions.}, }
Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi, "Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support," in The 22st International Conference on Advanced Information Networking and Applications, 2008. BibTeX

@INPROCEEDINGS{Tjoa_ExtensionofMethodology_2008, Author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi}, title = {Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support}, booktitle = {The 22st International Conference on Advanced Information Networking and Applications}, year = {2008}, month = {1}, abstract = {Increasingly, companies face the challenges to perform their business processes effectively as well as efficiently and to simultaneously assure the continuity of these processes. As the majority of companies rely on IT, it is essential to establish effective incident handling. In this paper, we introduce new extensions of the risk-aware business process management framework ROPE (Risk- Oriented Process Evaluation) in order to support the improvement of the management and execution of business processes. We further discuss the advantages of those extensions and how they can support the implementation of standards and best-practices such as the NIST SP800-61 (Computer Security Incident Handling Guide).}, publisher = {IEEE Society}, }
Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi, "Enabling the Risk-Aware Modeling and Simulation of Business Processes," JISSec – Journal of Information System Security, 2007. BibTeX

@ARTICLE{Jakoubi_EnablingRiskAwareModeling_2007, Author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi}, title = {Enabling the Risk-Aware Modeling and Simulation of Business Processes}, journal = {JISSec - Journal of Information System Security}, year = {2007}, month = {1}, abstract = {Risk management is essential regarding the maintenance of a company's business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges, companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that, risk management provides the design of robust business processes to strengthen the resilience of daily business. Both domains aim at improving business performance, but they approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory, we propose one unified method which integrates both points of views to enable risk-aware business process management and optimization. In this paper, we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management, risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination is the refinement of business process activities into four atomic elements (Conditions, Actions, Resources and Environments) and a process-oriented way of modeling threats, preventive and reactive counter measures as well as recovery measures. In this paper we demonstrate how risk-aware business process management and simulation can be enabled through the application of the ROPE methodology.}, }
Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi, "ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes," in Proceedings of the 15th European Conference on Information Systems (ECIS 2007), 2007. BibTeX

@INPROCEEDINGS{Jakoubi_ROPEMethodologyEnabling_2007, Author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi}, sbahotlist = {true}, title = {ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes}, booktitle = {Proceedings of the 15th European Conference on Information Systems (ECIS 2007)}, year = {2007}, month = {1}, abstract = {Risk management is essential regarding the maintenance of a companys business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges, companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that, risk management designs robust business processes to strengthen the resilience of daily business. Both domains try to improve business, but both approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory, we propose one unified method that unites both points of views to enable risk-aware business process management and optimization. In this paper, we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management, risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination are the refinement of business process activities into four atomic elements (Conditions, Actions, Resources and Environments) and a process-oriented way of modeling threats as well as security, counter and recovery measures. In this paper we demonstrate how to enable risk-aware business process management and simulation through the application of the ROPE methodology.}, }

View all publications

Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr, "A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation," IEEE Transactions on Services Computing, 2010. BibTeX | PDF

@ARTICLE{Tjoa2010a, Author = {Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr}, title = {A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation}, journal = {IEEE Transactions on Services Computing}, year = {2010}, month = {4}, pdf = {Tjoa_TSC2010.pdf}, }
Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi, "A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management," in International Workshop on Database and Expert Systems Applications, 2009, pp. 127-132. BibTeX | PDF

@INPROCEEDINGS{Jakoubi_SurveyofScientific_2009, Author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi}, title = {A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management}, booktitle = {International Workshop on Database and Expert Systems Applications}, year = {2009}, month = {1}, pdf = {Jakoubi_SurveyofScientific_2009.pdf}, pages = {127-132}, publisher = {IEEE Computer Society}, }
Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi, "Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation," in Proceedings of the 16th European Conference on Information Systems (ECIS), 2008. BibTeX

@INPROCEEDINGS{Jakoubi_DerivingResourceRequirements_2008, Author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi}, sbahotlist = {true}, title = {Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation}, booktitle = {Proceedings of the 16th European Conference on Information Systems (ECIS)}, year = {2008}, month = {1}, abstract = {Today, companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements, companies often consult business process management experts. The robustness and continuity of operations is separately considered in other domains such as business continuity management and risk management. The shortcoming of this separation is that in most cases a common reasoning and information basis is missing. With the risk-aware process modeling and simulation methodology named ROPE we fill this gap and combine the strengths of the aforementioned domains. In this paper, we present new ROPE simulation capabilities focusing on the determination of resource requirements considering the impact of occurring threats on business processes. Furthermore, we introduce an example scenario to clarify how a company can benefit from applying these extensions.}, }
Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi, "Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support," in The 22st International Conference on Advanced Information Networking and Applications, 2008. BibTeX

@INPROCEEDINGS{Tjoa_ExtensionofMethodology_2008, Author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi}, title = {Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support}, booktitle = {The 22st International Conference on Advanced Information Networking and Applications}, year = {2008}, month = {1}, abstract = {Increasingly, companies face the challenges to perform their business processes effectively as well as efficiently and to simultaneously assure the continuity of these processes. As the majority of companies rely on IT, it is essential to establish effective incident handling. In this paper, we introduce new extensions of the risk-aware business process management framework ROPE (Risk- Oriented Process Evaluation) in order to support the improvement of the management and execution of business processes. We further discuss the advantages of those extensions and how they can support the implementation of standards and best-practices such as the NIST SP800-61 (Computer Security Incident Handling Guide).}, publisher = {IEEE Society}, }
Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi, "Enhancing Business Impact Analysis and Risk Assessment applying a Risk-Aware Business Process Modeling and Simulation Methodology," in Proceedings of the 3rd International Conference on Availability, Reliability and Security, 2008. BibTeX

@INPROCEEDINGS{Tjoa_EnhancingBusinessImpact_2008, Author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi}, title = {Enhancing {B}usiness {I}mpact {A}nalysis and {R}isk {A}ssessment applying a {R}isk-{A}ware {B}usiness {P}rocess {M}odeling and {S}imulation {M}ethodology}, booktitle = {Proceedings of the 3rd {I}nternational {C}onference on {A}vailability, {R}eliability and {S}ecurity}, year = {2008}, month = {1}, abstract = {Driven by the steadily growing number of natural disasters, the threat of terrorist and other criminal attacks as well as changed legislation and regulations, companies are increasingly forced to prepare against threats that endanger the survivability of crucial business activities. As a consequence, management has to pay more attention to business continuity issues including serious management commitment and more appropriate funding. Business impact analysis and risk assessment concepts enable adequate business continuity planning as they deliver essential information about the impact of resources' disruption on business. In this paper we present how these concepts can be enhanced through the application of the ROPE (Risk-Oriented Process Evaluation) methodology enabling risk-aware business process management and simulation. Moreover, we present essential extensions of the ROPE simulation capabilities leading to a more efficient and effective business continuity planning.}, }
Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi, "ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes," in Proceedings of the 15th European Conference on Information Systems (ECIS 2007), 2007. BibTeX

@INPROCEEDINGS{Jakoubi_ROPEMethodologyEnabling_2007, Author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi}, sbahotlist = {true}, title = {ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes}, booktitle = {Proceedings of the 15th European Conference on Information Systems (ECIS 2007)}, year = {2007}, month = {1}, abstract = {Risk management is essential regarding the maintenance of a companys business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges, companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that, risk management designs robust business processes to strengthen the resilience of daily business. Both domains try to improve business, but both approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory, we propose one unified method that unites both points of views to enable risk-aware business process management and optimization. In this paper, we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management, risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination are the refinement of business process activities into four atomic elements (Conditions, Actions, Resources and Environments) and a process-oriented way of modeling threats as well as security, counter and recovery measures. In this paper we demonstrate how to enable risk-aware business process management and simulation through the application of the ROPE methodology.}, }
Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi, "Enabling the Risk-Aware Modeling and Simulation of Business Processes," JISSec – Journal of Information System Security, 2007. BibTeX

@ARTICLE{Jakoubi_EnablingRiskAwareModeling_2007, Author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi}, title = {Enabling the Risk-Aware Modeling and Simulation of Business Processes}, journal = {JISSec - Journal of Information System Security}, year = {2007}, month = {1}, abstract = {Risk management is essential regarding the maintenance of a company's business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges, companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that, risk management provides the design of robust business processes to strengthen the resilience of daily business. Both domains aim at improving business performance, but they approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory, we propose one unified method which integrates both points of views to enable risk-aware business process management and optimization. In this paper, we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management, risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination is the refinement of business process activities into four atomic elements (Conditions, Actions, Resources and Environments) and a process-oriented way of modeling threats, preventive and reactive counter measures as well as recovery measures. In this paper we demonstrate how risk-aware business process management and simulation can be enabled through the application of the ROPE methodology.}, }