Thomas Neubauer

E-Mail
Phone: +43 (1) 505 36 88
Fax: +43 (1) 505 88 88

Bio

Dr. Thomas Neubauer is senior researcher at Secure Business Austria and the Institute of Software Technology and Interactive Systems (IFS) at the Vienna University of Technology. He received a Master in Business Informatics from the University of Vienna and a Master in Computer Science from the Vienna University of Technology. He wrote his PhD thesis at the Institute of Software Technology and Interactive Systems at the Vienna University of Technology. He has published numerous papers in refereed journals and at international conferences. He worked for two years in the financial sector and was consultant for the Austrian Federal Chancellery (CIO Office) and Austrian Social Security Institutions. His research focuses on the integration of security concepts into business process management (e.g., Survey Status Quo BPM), support for management decision makers in formulating a reasonable risk versus cost trade-off when investing in IT security solutions and measuring the actual level of security (z.B., Atana, Aurum). Another research focus is on the improvement of privacy enhancing technologies such as pseudonymization, especially in the field of e-health. He was granted a patent titled ‘Data Processing System for the Processing of Object Data’ in September 2007.

Publications

Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Information Security Risk Management: In which security solutions is it worth investing?," Communications of the Association for Information Systems, 2011. BibTeX

@ARTICLE{Fenz_Information_Security_Risk_Mana_2011, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, sbahotlist = {true}, title = {Information Security Risk Management: In which security solutions is it worth investing?}, journal = {Communications of the Association for Information Systems}, year = {2011}, month = {NA}, note = {not published yet}, }
Daniel Abouakil and Johannes Heurix and Thomas Neubauer, "Data Models for the Pseudonymization of DICOM Data," in Proceedings of the 44nd Hawaii International Conference on System Sciences, 2011, p. 157. BibTeX

@INPROCEEDINGS{Abouakil_Data_Models_for_the_Pseudonymi_2011, Author = {Daniel Abouakil and Johannes Heurix and Thomas Neubauer}, sbahotlist = {true}, title = {Data Models for the Pseudonymization of DICOM Data}, booktitle = {Proceedings of the 44nd Hawaii International Conference on System Sciences}, year = {2011}, month = {1}, pages = {157}, }
Kresimir Kasal and Johannes Heurix and Thomas Neubauer, "Model-driven Development Meets Security: An Evaluation of Current Approaches," in Proceedings of the 44nd Hawaii International Conference on System Sciences, 2011, p. 268. BibTeX

@INPROCEEDINGS{Kasal_Model_driven_Development_Meets_2011, Author = {Kresimir Kasal and Johannes Heurix and Thomas Neubauer}, sbahotlist = {true}, title = {Model-driven Development Meets Security: An Evaluation of Current Approaches}, booktitle = {Proceedings of the 44nd Hawaii International Conference on System Sciences}, year = {2011}, month = {1}, pages = {268}, }
Johannes Heurix and Michael Karlinger and Michael Schrefl and Thomas Neubauer, "A Hybrid Approach integrating Encryption and Pseudonymization for Protecting Electronic Health Records," in Proceedings of the Eighth IASTED International Conference on Biomedical Engineering, 2011. BibTeX | PDF

@INPROCEEDINGS{Heurix_A_Hybrid_Approach_integrating__2011, Author = {Johannes Heurix and Michael Karlinger and Michael Schrefl and Thomas Neubauer}, sbahotlist = {true}, title = {A Hybrid Approach integrating Encryption and Pseudonymization for Protecting Electronic Health Records}, booktitle = {Proceedings of the Eighth IASTED International Conference on Biomedical Engineering}, year = {2011}, month = {2}, pdf = {2011_BioMed_A HYBRID APPROACH INTEGRATING ENCRYPTION AND.pdf}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Information Security Risk Management: In which security solutions is it worth investing?," Communications of the Association for Information Systems, vol. 28, iss. 1, pp. 329-356, 2011. BibTeX | PDF

@ARTICLE{Fenz2011a, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, sbahotlist = {true}, title = {Information Security Risk Management: In which security solutions is it worth investing?}, journal = {Communications of the Association for Information Systems}, year = {2011}, month = {5}, pdf = {2011 - Fenz - Information Security Risk Management In Which Security Solutions Is It Worth Investing.pdf}, volume = {28}, number = {1}, pages = {329-356}, }
Johannes Heurix and Thomas Neubauer, "A methodology for the pseudonymization of medical data," International Journal of Medical Informatics, vol. 80, iss. 3, pp. 190-204, 2010. BibTeX

@ARTICLE{Neubauer_A_methodology_for_the_pseudony_2010, Author = {Johannes Heurix and Thomas Neubauer}, sbahotlist = {true}, title = {A methodology for the pseudonymization of medical data}, journal = {International Journal of Medical Informatics}, year = {2010}, month = {10}, volume = {80}, number = {3}, pages = {190-204}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Ontologiebasiertes IT Risikomanagement," in D.A.CH Security 2009, 2009, pp. 14-24. BibTeX | PDF

@INPROCEEDINGS{Ekelhart_OntologiebasiertesITRisikomanagement_2009, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, title = {Ontologiebasiertes IT Risikomanagement}, booktitle = {D.A.CH Security 2009}, year = {2009}, month = {1}, abstract = {Informationssicherheitsrisikomanagement (Information Security Risk Management, ISRM) stellt einen effizienten Zugang zur Bewertung, Verringerung und Evaluierung von Informationssicherheitsrisiken dar. Bereits bestehende ISRM-Ans{\"a}tze sind weitgehend akzeptiert, setzen jedoch sehr detailliertes Informationssicherheitswissen und genaue Kenntnisse des tats{\"a}chlichen Unternehmensumfeldes voraus. Die inad{\"a}quate Umsetzung von ISRM gef{\"a}hrdet die planm{\"a}{\ss}ige Umsetzung der Unternehmensstrategie und kann zu einer Minderung des Unternehmenswertes f{\"u}hren. Der vorliegende Beitrag pr{\"a}sentiert das AURUM Tool, welches die Schwachstellen bestehender Ans{\"a}tze adressiert und Entscheidungstr{\"a}ger bei der Auswahl eines effizienten IT-Sicherheitsportfolios unter Ber{\"u}cksichtigung organisationsspezifischer, technischer und wirtschaftlicher Anforderungen unterst{\"u}tzt.}, pdf = {2009 - Ekelhart - Ontologiebasiertes IT Risikomanagement.pdf}, pages = {14-24}, publisher = {Syssec}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "AURUM: A Framework for Supporting Information Security Risk Management," in Proceedings of the 42nd Hawaii International Conference on System Sciences, HICSS2009, 2009, pp. 1-10. BibTeX | PDF

@INPROCEEDINGS{Ekelhart_AURUMFrameworkSupporting_2009, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, sbahotlist = {true}, title = {AURUM: A Framework for Supporting Information Security Risk Management}, booktitle = {Proceedings of the 42nd Hawaii International Conference on System Sciences, HICSS2009}, year = {2009}, month = {1}, abstract = {As companies are increasingly exposed to a variety of information security threats, they are permanently forced to pay attention to security issues. Risk management provides an effective approach for measuring the security through risk assessment, risk mitigation and evaluation. Existing risk management approaches are highly accepted but demand very detailed knowledge about the IT security domain and the actual company environment. This paper presents AURUM - a new methodology for supporting the NIST SP 800-30 risk management standard - and provides a comparison with the GSTool and CRISAM in order to highlight the benefits decision makers may expect when using AURUM.}, pdf = {2009 - Ekelhart - AURUM A Framework for Information Security Risk Management.pdf}, pages = {1-10}, publisher = {IEEE Computer Society}, note = {978-0-7695-3450-3}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Business Process-based Resource Importance Determination," in Proceedings of the 7th International Conference on Business Process Management (BPM 2009), 2009, pp. 113-127. BibTeX | PDF

@INPROCEEDINGS{Fenz_BusinessProcessbasedResource_2009, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, sbahotlist = {true}, title = {Business Process-based Resource Importance Determination}, booktitle = {Proceedings of the 7th International Conference on Business Process Management (BPM 2009)}, year = {2009}, month = {1}, abstract = {Information security risk management (ISRM) heavily depends on realistic impact values representing the resources importance in the overall organizational context. Although a variety of ISRM approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can business processes be used to determine resources importance in the overall organizational context? We answer this question by measuring the actual importance level of resources based on business processes. Therefore, this paper presents our novel business process-based resource importance determination method which provides ISRM with an efficient and powerful tool for deriving realistic resource importance figures solely from existing business processes. The conducted evaluation has shown that the calculation results of the developed method comply to the results gained in traditional workshop-based assessments.}, pdf = {2009 - Fenz - Business Process-based Resource Importance Determination.pdf}, pages = {113-127}, publisher = {Springer}, note = {accepted for publication}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Ontology-based Decision Support for Information Security Risk Management," in International Conference on Systems, 2009. ICONS 2009., 2009, pp. 80-85. BibTeX | PDF

@INPROCEEDINGS{Ekelhart_OntologybasedDecisionSupport_2009, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, title = {Ontology-based Decision Support for Information Security Risk Management}, booktitle = {International Conference on Systems, 2009. ICONS 2009.}, year = {2009}, month = {3}, abstract = {As e-Business and e-Commerce applications are increasingly exposed to a variety of information security threats, corporate decision makers are increasingly forced to pay attention to security issues. Risk management provides an effective approach for measuring the security but existing risk management approaches come with major shortcomings such as the demand for very detailed knowledge about the IT security domain and the actual company environment. This paper presents the implementation of the AURUM methodology into a software solution which addresses the identified shortcomings of existing information security risk management software solutions. Thereby, the presented approach supports decision makers in risk assessment, risk mitigation, and safeguard evaluation.}, pdf = {2009 - Ekelhart - Ontology-based Decision Support for Information Security Risk Management.pdf}, pages = {80-85}, publisher = {IEEE Computer Society}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Automated Risk and Utility Management," in 2009 Sixth International Conference on Information Technology: New Generations, 2009, pp. 393-398. BibTeX | PDF

@INPROCEEDINGS{Ekelhart_AutomatedRiskand_2009, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, title = {Automated Risk and Utility Management}, booktitle = {2009 Sixth International Conference on Information Technology: New Generations}, year = {2009}, month = {1}, abstract = {Information security breaches pose major threats to the reliable execution of corporate strategies and may have negative effects on business value. Information security risk management (ISRM) provides an effective approach for assessing, mitigating, and evaluating information security risks. Existing ISRM approaches are highly accepted but demand very detailed knowledge about the IT security domain and the actual company environment. This paper presents the AURUM prototype that supports decision makers in selecting security measures according to organization-specific technical and economical requirements.}, pdf = {2009 - Ekelhart - Automated Risk and Utility Management.pdf}, pages = {393-398}, publisher = {IEEE Computer Society}, }
Stefan Fenz and Thomas Neubauer and Bernhard Riedl and Veronika Grascher, "Pseudonymization for improving the privacy in e-Health applications," in Proceedings of the 41st Hawaii International Conference on System Sciences, HICSS2008, 2008, pp. 255-264. BibTeX | PDF

@INPROCEEDINGS{Riedl_Pseudonymizationimprovingprivacy_2008, Author = {Stefan Fenz and Thomas Neubauer and Bernhard Riedl and Veronika Grascher}, sbahotlist = {true}, title = {Pseudonymization for improving the privacy in e-Health applications}, booktitle = {Proceedings of the 41st Hawaii International Conference on System Sciences, HICSS2008}, year = {2008}, month = {1}, pdf = {2008 - Riedl - Pseudonymization for Improving the Privacy in e-Health Applications.pdf}, pages = {255-264}, publisher = {IEEE Computer Society}, note = {978-0-7695-3075-8}, }
Thomas Neubauer and Christian Stummer, "Interactive Decision Support for multiobjective COTS Selection," in Proceedings of the 40th Hawaii International Conference on System Sciences, HICSS2007, 2007. BibTeX

@INPROCEEDINGS{Neubauer_InteractiveDecisionSupport_2007, Author = {Thomas Neubauer and Christian Stummer}, sbahotlist = {true}, title = {{Interactive Decision Support for multiobjective COTS Selection}}, booktitle = {Proceedings of the 40th Hawaii International Conference on System Sciences, HICSS2007}, year = {2007}, month = {1}, }

View all publications

Thomas Neubauer and Markus Pehn, "Workshop-based Security Safeguard Selection with AURUM," International Journal On Advances in Security, vol. 3, 2011. BibTeX

@ARTICLE{Neubauer_Workshop_based_Security_Safegu_2011, Author = {Thomas Neubauer and Markus Pehn}, title = {Workshop-based Security Safeguard Selection with AURUM}, journal = {International Journal On Advances in Security}, year = {2011}, month = {3}, volume = {3}, note = {According to BIB should be B rated but Journal not found}, }
Kresimir Kasal and Johannes Heurix and Thomas Neubauer, "Model-driven Development Meets Security: An Evaluation of Current Approaches," in Proceedings of the 44nd Hawaii International Conference on System Sciences, 2011, p. 268. BibTeX

@INPROCEEDINGS{Kasal_Model_driven_Development_Meets_2011, Author = {Kresimir Kasal and Johannes Heurix and Thomas Neubauer}, sbahotlist = {true}, title = {Model-driven Development Meets Security: An Evaluation of Current Approaches}, booktitle = {Proceedings of the 44nd Hawaii International Conference on System Sciences}, year = {2011}, month = {1}, pages = {268}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Information Security Risk Management: In which security solutions is it worth investing?," Communications of the Association for Information Systems, 2011. BibTeX

@ARTICLE{Fenz_Information_Security_Risk_Mana_2011, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, sbahotlist = {true}, title = {Information Security Risk Management: In which security solutions is it worth investing?}, journal = {Communications of the Association for Information Systems}, year = {2011}, month = {NA}, note = {not published yet}, }
Daniel Abouakil and Johannes Heurix and Thomas Neubauer, "Data Models for the Pseudonymization of DICOM Data," in Proceedings of the 44nd Hawaii International Conference on System Sciences, 2011, p. 157. BibTeX

@INPROCEEDINGS{Abouakil_Data_Models_for_the_Pseudonymi_2011, Author = {Daniel Abouakil and Johannes Heurix and Thomas Neubauer}, sbahotlist = {true}, title = {Data Models for the Pseudonymization of DICOM Data}, booktitle = {Proceedings of the 44nd Hawaii International Conference on System Sciences}, year = {2011}, month = {1}, pages = {157}, }
Johannes Heurix and Thomas Neubauer, "Privacy-Preserving Storage and Access of Medical Data through Pseudonymization and Encryption," Communications of the Association for Information Systems, vol. 6863, iss. 1, pp. 186-197, 2011. BibTeX | PDF

@ARTICLE{Neubauer_MultiobjectiveDecisionSupport_2008_full, Author = {Johannes Heurix and Thomas Neubauer}, title = {{Multiobjective Decision Support for defining Secure Business Processes: A Case Study}, journal = {International Journal of Business Intelligence and Data Mining}, year = {2008}, month = {1}, volume = {3}, number = {2}, pages = {177-195}, publisher = {OCG}, } @INPROCEEDINGS{Neubauer_ExtendingBusinessProcess_2007, Author = {Thomas Neubauer and Christian Stummer}, title = {Extending Business Process Management to Determine Efficient IT Investments}, booktitle = {Proceedings of the 2007 ACM Symposium on Applied Computing}, year = {2007}, month = {1}, } @ARTICLE{Fenz2011a, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, sbahotlist = {true}, title = {Information Security Risk Management: In which security solutions is it worth investing?}, journal = {Communications of the Association for Information Systems}, year = {2011}, month = {5}, pdf = {2011 - Fenz - Information Security Risk Management In Which Security Solutions Is It Worth Investing.pdf}, volume = {28}, number = {1}, pages = {329-356}, } @INPROCEEDINGS{_Privacy_Preserving_Storage_and_2011, Author = {Johannes Heurix and Thomas Neubauer}, title = {Privacy-Preserving Storage and Access of Medical Data through Pseudonymization and Encryption}, booktitle = {Trust, Privacy and Security in Digital Business - 8th International}, year = {2011}, month = {8}, pdf = {Heurix_trustbus_2011.pdf}, volume = {6863}, pages = {186-197}, publisher = {Springer}, }
Johannes Heurix and Michael Karlinger and Michael Schrefl and Thomas Neubauer, "A Hybrid Approach integrating Encryption and Pseudonymization for Protecting Electronic Health Records," in Proceedings of the Eighth IASTED International Conference on Biomedical Engineering, 2011. BibTeX | PDF

@INPROCEEDINGS{Heurix_A_Hybrid_Approach_integrating__2011, Author = {Johannes Heurix and Michael Karlinger and Michael Schrefl and Thomas Neubauer}, sbahotlist = {true}, title = {A Hybrid Approach integrating Encryption and Pseudonymization for Protecting Electronic Health Records}, booktitle = {Proceedings of the Eighth IASTED International Conference on Biomedical Engineering}, year = {2011}, month = {2}, pdf = {2011_BioMed_A HYBRID APPROACH INTEGRATING ENCRYPTION AND.pdf}, }
Thomas Neubauer and Markus Pehn, "Workshop-based Risk Assessment for the Definition of Secure Business Processes (best paper award)," in Second International Conference on Information, Process, and Knowledge Management, 2010, pp. 74-79. BibTeX

@INPROCEEDINGS{Neubauer_Workshop_based_Risk_Assessment_2010, Author = {Thomas Neubauer and Markus Pehn}, title = {Workshop-based Risk Assessment for the Definition of Secure Business Processes (best paper award)}, booktitle = {Second International Conference on Information, Process, and Knowledge Management}, year = {2010}, month = {2}, pages = {74-79}, note = {BIB says rated as B but no such event found in list}, }
Johannes Heurix and Thomas Neubauer, "A Roadmap for personal identity management," in Fifth International Conference on Systems, 2010, pp. 134-139. BibTeX

@INPROCEEDINGS{Neubauer_A_Roadmap_for_personal_identit_2010, Author = {Johannes Heurix and Thomas Neubauer}, title = {A Roadmap for personal identity management}, booktitle = {Fifth International Conference on Systems}, year = {2010}, month = {4}, pages = {134-139}, }
Thomas Neubauer and Johannes Heurix and A Min Tjoa and Edgar R. Weippl, "Pseudonymisierung für die datenschutzkonforme Speicherung medizinischer Daten," Elektrotechnik und Informationstechnik, vol. 127, iss. 5, pp. 135-142, 2010. BibTeX

@ARTICLE{Neubauer_Pseudonymisierung_f_r_die_date_2010, Author = {Thomas Neubauer and Johannes Heurix and {A Min} Tjoa and {Edgar R.} Weippl}, title = {Pseudonymisierung für die datenschutzkonforme Speicherung medizinischer Daten}, journal = {Elektrotechnik und Informationstechnik}, year = {2010}, month = {5}, volume = {127}, number = {5}, pages = {135-142}, }
Johannes Heurix and Thomas Neubauer, "A methodology for the pseudonymization of medical data," International Journal of Medical Informatics, vol. 80, iss. 3, pp. 190-204, 2010. BibTeX

@ARTICLE{Neubauer_A_methodology_for_the_pseudony_2010, Author = {Johannes Heurix and Thomas Neubauer}, sbahotlist = {true}, title = {A methodology for the pseudonymization of medical data}, journal = {International Journal of Medical Informatics}, year = {2010}, month = {10}, volume = {80}, number = {3}, pages = {190-204}, }
Thomas Neubauer, "Pseudonymisierung fuer die datenschutzkonforme Speicherung medizinischer Daten," Elektrotechnik und Informationstechnik, 2010. BibTeX

@ARTICLE{Neubauer_Pseudonymisierungfuerdie_2010, Author = {Thomas Neubauer}, title = {Pseudonymisierung fuer die datenschutzkonforme Speicherung medizinischer Daten}, journal = {Elektrotechnik und Informationstechnik}, year = {2010}, month = {1}, }
Johannes Heurix and Thomas Neubauer, "On the Security of Outsourced and Untrusted Databases," in IEEE ACIS International Conference on Computer and Information Science, 2010, pp. 125-132. BibTeX

@INPROCEEDINGS{Heurix_On_the_Security_of_Outsourced__2010, Author = {Johannes Heurix and Thomas Neubauer}, title = {On the Security of Outsourced and Untrusted Databases}, booktitle = {IEEE ACIS International Conference on Computer and Information Science}, year = {2010}, month = {9}, abstract = {The outsourcing of databases to third parties has become a viable alternative to traditional in-house data management. Database management by third parties including the storage and maintenance allows companies to reduce their expenses and profit from the expertise of data storage specialists. However, the price is the transfer of confidential data to third parties. The data owners need to trust the third party that data is stored (i) confidentially, such that the service providers cannot profit from passing the data to unauthorized parties, and (ii) in a correct and untampered state. This work identifies security issues that data owners have to face when it comes to database outsourcing. We provide an overview of existing techniques for solving the confidentiality and integrity problem and point out the limitations of these approaches. Thereby, this work aims to support decision makers who are confronted with the outsourcing question.}, pages = {125-132}, }
Thomas Neubauer, "Technologies for the Pseudonymization of Medical Data: A Legal Evaluation," in International Conference on Systems, 2009. BibTeX

@INPROCEEDINGS{Neubauer_TechnologiesPseudonymizationof_2009, Author = {Thomas Neubauer}, title = {Technologies for the Pseudonymization of Medical Data: A Legal Evaluation}, booktitle = {International Conference on Systems}, year = {2009}, month = {1}, publisher = {IEEE Computer Society}, note = {Best Paper Award}, }
Gernot Goluch and Simon Tjoa and Thomas Neubauer and Stefan Jakoubi and Martin Wisser, "A Process Model for RFID based Business Process Analysis," in APSCC, 2009. BibTeX

@INPROCEEDINGS{Neubauer_ProcessModelRFID_2009, Author = {Gernot Goluch and Simon Tjoa and Thomas Neubauer and Stefan Jakoubi and Martin Wisser}, title = {A Process Model for RFID based Business Process Analysis}, booktitle = {APSCC}, year = {2009}, month = {1}, }
Simon Tjoa and Thomas Neubauer and Stefan Jakoubi, "A Roadmap to Risk-Aware Business Process Management," in APSCC, 2009. BibTeX

@INPROCEEDINGS{Jakoubi_RoadmaptoRiskAware_2009, Author = {Simon Tjoa and Thomas Neubauer and Stefan Jakoubi}, title = {A Roadmap to Risk-Aware Business Process Management}, booktitle = {APSCC}, year = {2009}, month = {1}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Ontology-based Decision Support for Information Security Risk Management," in International Conference on Systems, 2009. ICONS 2009., 2009, pp. 80-85. BibTeX | PDF

@INPROCEEDINGS{Ekelhart_OntologybasedDecisionSupport_2009, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, title = {Ontology-based Decision Support for Information Security Risk Management}, booktitle = {International Conference on Systems, 2009. ICONS 2009.}, year = {2009}, month = {3}, abstract = {As e-Business and e-Commerce applications are increasingly exposed to a variety of information security threats, corporate decision makers are increasingly forced to pay attention to security issues. Risk management provides an effective approach for measuring the security but existing risk management approaches come with major shortcomings such as the demand for very detailed knowledge about the IT security domain and the actual company environment. This paper presents the implementation of the AURUM methodology into a software solution which addresses the identified shortcomings of existing information security risk management software solutions. Thereby, the presented approach supports decision makers in risk assessment, risk mitigation, and safeguard evaluation.}, pdf = {2009 - Ekelhart - Ontology-based Decision Support for Information Security Risk Management.pdf}, pages = {80-85}, publisher = {IEEE Computer Society}, }
Johannes Heurix and Thomas Neubauer, "Massenpseudonymisierung von persönlichen medizinischen Daten," in DACH Security, 2009. BibTeX

@INPROCEEDINGS{Heurix_Massenpseudonymisierungvonpersoenlichen_2009, Author = {Johannes Heurix and Thomas Neubauer}, title = {Massenpseudonymisierung von pers{\"o}nlichen medizinischen Daten}, booktitle = {DACH Security}, year = {2009}, month = {1}, }
Thomas Neubauer, "An Empirical Study about the Status of Business Process Management," Business Process Management Journal, vol. 15, iss. 2, pp. 166-183, 2009. BibTeX

@ARTICLE{Neubauer_EmpiricalStudyabout_2009, Author = {Thomas Neubauer}, title = {An Empirical Study about the Status of Business Process Management}, journal = {Business Process Management Journal}, year = {2009}, month = {1}, volume = {15}, number = {2}, pages = {166-183}, }
Stefan Fenz and Thomas Neubauer, "How to Determine Threat Probabilities Using Ontologies and Bayesian Networks," in CSIIRW ’09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research, 2009. BibTeX | PDF

@INPROCEEDINGS{Fenz_HowtoDetermine_2009, Author = {Stefan Fenz and Thomas Neubauer}, title = {How to Determine Threat Probabilities Using Ontologies and Bayesian Networks}, booktitle = {CSIIRW '09: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research}, year = {2009}, month = {1}, abstract = {The subjective threat probability determination is one of the main reasons for an inadequate information security strategy endangering the organization in performing its mission. To address the problem this research project proposes an ontology- and Bayesian-based approach for determining asset-specific and comprehensible threat probabilities. The elaborated concepts enable risk managers to comprehensibly quantify the current security status of their organization.}, pdf = {2009 - Fenz - How to Determine Threat Probabilities Using Ontologies and Bayesian Networks.pdf}, publisher = {ACM}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Business Process-based Resource Importance Determination," in Proceedings of the 7th International Conference on Business Process Management (BPM 2009), 2009, pp. 113-127. BibTeX | PDF

@INPROCEEDINGS{Fenz_BusinessProcessbasedResource_2009, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, sbahotlist = {true}, title = {Business Process-based Resource Importance Determination}, booktitle = {Proceedings of the 7th International Conference on Business Process Management (BPM 2009)}, year = {2009}, month = {1}, abstract = {Information security risk management (ISRM) heavily depends on realistic impact values representing the resources importance in the overall organizational context. Although a variety of ISRM approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can business processes be used to determine resources importance in the overall organizational context? We answer this question by measuring the actual importance level of resources based on business processes. Therefore, this paper presents our novel business process-based resource importance determination method which provides ISRM with an efficient and powerful tool for deriving realistic resource importance figures solely from existing business processes. The conducted evaluation has shown that the calculation results of the developed method comply to the results gained in traditional workshop-based assessments.}, pdf = {2009 - Fenz - Business Process-based Resource Importance Determination.pdf}, pages = {113-127}, publisher = {Springer}, note = {accepted for publication}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Automated Risk and Utility Management," in 2009 Sixth International Conference on Information Technology: New Generations, 2009, pp. 393-398. BibTeX | PDF

@INPROCEEDINGS{Ekelhart_AutomatedRiskand_2009, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, title = {Automated Risk and Utility Management}, booktitle = {2009 Sixth International Conference on Information Technology: New Generations}, year = {2009}, month = {1}, abstract = {Information security breaches pose major threats to the reliable execution of corporate strategies and may have negative effects on business value. Information security risk management (ISRM) provides an effective approach for assessing, mitigating, and evaluating information security risks. Existing ISRM approaches are highly accepted but demand very detailed knowledge about the IT security domain and the actual company environment. This paper presents the AURUM prototype that supports decision makers in selecting security measures according to organization-specific technical and economical requirements.}, pdf = {2009 - Ekelhart - Automated Risk and Utility Management.pdf}, pages = {393-398}, publisher = {IEEE Computer Society}, }
Thomas Neubauer and Christian Stummer, "Interactive selection of Web services under multiple objectives," Information Technology and Management, 2009. BibTeX

@ARTICLE{Neubauer_Interactiveselectionof_2009, Author = {Thomas Neubauer and Christian Stummer}, title = {Interactive selection of Web services under multiple objectives}, journal = {Information Technology and Management}, year = {2009}, month = {1}, abstract = {Abstract\ \ The manual composition of efficient combinations of Web services becomes almost impossible as the number of services increases dramatically. When determining an appropriate set of services, managers must take into consideration given business processes, business strategy and multiple Quality of Service (QoS) objectives while ensuring the cost-efficient usage of limited resources. Because the agility with which new business requirements are adapted has a major influence on business success and poor investment decisions may thus entail corporate failure, decision makers are experiencing growing pressure to prove the value of IT investments---but they often lack appropriate multicriteria decision support tools. This paper introduces a new decision support approach that more properly addresses these challenges. We implemented this approach into a tool and evaluated the performance of two popular methods (i.e., the Analytic Hierarchy Process and the Weighted Scoring Method) by means of a real-life case study in the social security sector. It turns out that the decision support system assists decision makers in identifying investments that more precisely target their company's business needs by allowing them to interactively determine and continually optimize service allocation according to the corporate business processes and multiple (strategic) objectives.}, }
Thomas Neubauer and Christian Stummer, "Interaktive Portfolioauswahl im IT-Servicemanagement," HMD – Praxis der Wirtschaftsinformatik, vol. 256, pp. 48-55, 2009. BibTeX

@ARTICLE{Neubauer_InteraktivePortfolioauswahlim_2009, Author = {Thomas Neubauer and Christian Stummer}, title = {Interaktive Portfolioauswahl im IT-Servicemanagement}, journal = {HMD - Praxis der Wirtschaftsinformatik}, year = {2009}, month = {1}, volume = {256}, pages = {48-55}, }
Thomas Neubauer, "A Comparison of Security Safeguard Selection Methods," in Proceedings of the 11th International Conference on Enterprise Information Systems, 2009, pp. 320-323. BibTeX

@INPROCEEDINGS{Neubauer_ComparisonofSecurity_2009, Author = {Thomas Neubauer}, title = {A Comparison of Security Safeguard Selection Methods}, booktitle = {Proceedings of the 11th International Conference on Enterprise Information Systems}, year = {2009}, month = {1}, pages = {320-323}, }
Thomas Neubauer and Christian Hartl, "On the singularity of valuating IT security investments," in IEEE/ACIS International Conference on Computer and Information Science, 2009, pp. 549-556. BibTeX

@INPROCEEDINGS{Neubauer_singularityofvaluating_2009, Author = {Thomas Neubauer and Christian Hartl}, title = {On the singularity of valuating IT security investments}, booktitle = {IEEE/ACIS International Conference on Computer and Information Science}, year = {2009}, month = {1}, pages = {549 - 556}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Ontologiebasiertes IT Risikomanagement," in D.A.CH Security 2009, 2009, pp. 14-24. BibTeX | PDF

@INPROCEEDINGS{Ekelhart_OntologiebasiertesITRisikomanagement_2009, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, title = {Ontologiebasiertes IT Risikomanagement}, booktitle = {D.A.CH Security 2009}, year = {2009}, month = {1}, abstract = {Informationssicherheitsrisikomanagement (Information Security Risk Management, ISRM) stellt einen effizienten Zugang zur Bewertung, Verringerung und Evaluierung von Informationssicherheitsrisiken dar. Bereits bestehende ISRM-Ans{\"a}tze sind weitgehend akzeptiert, setzen jedoch sehr detailliertes Informationssicherheitswissen und genaue Kenntnisse des tats{\"a}chlichen Unternehmensumfeldes voraus. Die inad{\"a}quate Umsetzung von ISRM gef{\"a}hrdet die planm{\"a}{\ss}ige Umsetzung der Unternehmensstrategie und kann zu einer Minderung des Unternehmenswertes f{\"u}hren. Der vorliegende Beitrag pr{\"a}sentiert das AURUM Tool, welches die Schwachstellen bestehender Ans{\"a}tze adressiert und Entscheidungstr{\"a}ger bei der Auswahl eines effizienten IT-Sicherheitsportfolios unter Ber{\"u}cksichtigung organisationsspezifischer, technischer und wirtschaftlicher Anforderungen unterst{\"u}tzt.}, pdf = {2009 - Ekelhart - Ontologiebasiertes IT Risikomanagement.pdf}, pages = {14-24}, publisher = {Syssec}, }
Johannes Heurix and Thomas Neubauer and Thomas Mueck, "Zentralisierte Pseudonymisierung von medizinischen Patientendaten," in Tagungsband e-Health 2009, 2009. BibTeX

@INPROCEEDINGS{Heurix_ZentralisiertePseudonymisierungvon_2009, Author = {Johannes Heurix and Thomas Neubauer and Thomas Mueck}, title = {Zentralisierte Pseudonymisierung von medizinischen Patientendaten}, booktitle = {Tagungsband e-Health 2009}, year = {2009}, month = {1}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "AURUM: A Framework for Supporting Information Security Risk Management," in Proceedings of the 42nd Hawaii International Conference on System Sciences, HICSS2009, 2009, pp. 1-10. BibTeX | PDF

@INPROCEEDINGS{Ekelhart_AURUMFrameworkSupporting_2009, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, sbahotlist = {true}, title = {AURUM: A Framework for Supporting Information Security Risk Management}, booktitle = {Proceedings of the 42nd Hawaii International Conference on System Sciences, HICSS2009}, year = {2009}, month = {1}, abstract = {As companies are increasingly exposed to a variety of information security threats, they are permanently forced to pay attention to security issues. Risk management provides an effective approach for measuring the security through risk assessment, risk mitigation and evaluation. Existing risk management approaches are highly accepted but demand very detailed knowledge about the IT security domain and the actual company environment. This paper presents AURUM - a new methodology for supporting the NIST SP 800-30 risk management standard - and provides a comparison with the GSTool and CRISAM in order to highlight the benefits decision makers may expect when using AURUM.}, pdf = {2009 - Ekelhart - AURUM A Framework for Information Security Risk Management.pdf}, pages = {1-10}, publisher = {IEEE Computer Society}, note = {978-0-7695-3450-3}, }
Thomas Neubauer and Thomas Mueck, "PIPE: Ein System zur Pseudonymisierung von Gesundheitsdaten," in Proceedings of e-Health 2008, 2008. BibTeX

@INPROCEEDINGS{Neubauer_PIPEEinSystem_2008, Author = {Thomas Neubauer and Thomas Mueck}, title = {{PIPE:} Ein System zur Pseudonymisierung von Gesundheitsdaten}, booktitle = {Proceedings of e-Health 2008}, year = {2008}, month = {1}, }
Thomas Neubauer and Bernhard Riedl and Veronika Grascher and Mathias Kolb, "Economic and Security Aspects of the Appliance of a Threshold Scheme in e-Health," in Proceedings of the Third International Conference on Availability, Reliability and Security ARES, 2008. BibTeX

@INPROCEEDINGS{Riedl_EconomicandSecurity_2008, Author = {Thomas Neubauer and Bernhard Riedl and Veronika Grascher and Mathias Kolb}, title = {Economic and Security Aspects of the Appliance of a Threshold Scheme in e-Health}, booktitle = {{P}roceedings of the {T}hird {I}nternational {C}onference on {A}vailability, {R}eliability and {S}ecurity {ARES}}, year = {2008}, month = {1}, }
Thomas Neubauer and Bernhard Riedl and Veronika Grascher, "A Secure e-Health Architecture based on the Appliance of Pseudonymization," Journal of Software, 2008. BibTeX

@ARTICLE{Riedl_SecureeHealthArchitecture_2008, Author = {Thomas Neubauer and Bernhard Riedl and Veronika Grascher}, title = {A Secure e-Health Architecture based on the Appliance of Pseudonymization}, journal = {Journal of Software}, year = {2008}, month = {1}, }
Thomas Neubauer and Christian Stummer and Jan Pichler, "Multiobjective Selection of Software Components: A Case Study," in Proceedings of the IEEE Asia-Pacific Services Computing Conference, 2008. BibTeX

@INPROCEEDINGS{Neubauer_MultiobjectiveSelectionof_2008, Author = {Thomas Neubauer and Christian Stummer and Jan Pichler}, title = {Multiobjective Selection of Software Components: A Case Study}, booktitle = {Proceedings of the IEEE Asia-Pacific Services Computing Conference}, year = {2008}, month = {1}, }
Johannes Heurix and Thomas Neubauer, "Multiobjective Decision Support for defining Secure Business Processes: A Case Study," in Proceedings of the Ninth International Conference on Information Integration and Web-based Applications Services, 2008. BibTeX

@INPROCEEDINGS{Neubauer_MultiobjectiveDecisionSupport_2008, Author = {Johannes Heurix and Thomas Neubauer}, title = {Multiobjective Decision Support for defining Secure Business Processes: A Case Study}, booktitle = {Proceedings of the Ninth International Conference on Information Integration and Web-based Applications Services}, year = {2008}, month = {1}, publisher = {OCG}, }
Stefan Fenz and Thomas Neubauer and Bernhard Riedl and Veronika Grascher, "Pseudonymization for improving the privacy in e-Health applications," in Proceedings of the 41st Hawaii International Conference on System Sciences, HICSS2008, 2008, pp. 255-264. BibTeX | PDF

@INPROCEEDINGS{Riedl_Pseudonymizationimprovingprivacy_2008, Author = {Stefan Fenz and Thomas Neubauer and Bernhard Riedl and Veronika Grascher}, sbahotlist = {true}, title = {Pseudonymization for improving the privacy in e-Health applications}, booktitle = {Proceedings of the 41st Hawaii International Conference on System Sciences, HICSS2008}, year = {2008}, month = {1}, pdf = {2008 - Riedl - Pseudonymization for Improving the Privacy in e-Health Applications.pdf}, pages = {255-264}, publisher = {IEEE Computer Society}, note = {978-0-7695-3075-8}, }
Stefan Fenz and Andreas Ekelhart and Thomas Neubauer, "Interactive Selection of ISO 27001 Controls under Multiple Objectives," in Proceedings of the Ifip Tc 11 23rd International Information Security Conference, IFIPSec 2008, 2008, pp. 477-492. BibTeX | PDF

@INPROCEEDINGS{Neubauer_InteractiveSelectionof_2008, Author = {Stefan Fenz and Andreas Ekelhart and Thomas Neubauer}, title = {Interactive Selection of ISO 27001 Controls under Multiple Objectives}, booktitle = {Proceedings of the Ifip Tc 11 23rd International Information Security Conference, IFIPSec 2008}, year = {2008}, month = {7}, pdf = {2008 - Neubauer - Interactive Selection of ISO 27001 Controls under Multiple Objectives.pdf}, volume = {278_2008}, pages = {477-492}, publisher = {Springer}, }
Johannes Heurix and Thomas Neubauer, "Objective Types for the Valuation of Secure Business Processes," in Proceedings of the 7th IEEE/ACIS International Conference on Computer and Information Science, 2008. BibTeX

@INPROCEEDINGS{Neubauer_ObjectiveTypesValuation_2008, Author = {Johannes Heurix and Thomas Neubauer}, title = {Objective Types for the Valuation of Secure Business Processes}, booktitle = {Proceedings of the 7th IEEE/ACIS International Conference on Computer and Information Science}, year = {2008}, month = {1}, publisher = {IEEE Computer Society}, }
Johannes Heurix and Thomas Neubauer, "Defining Secure Business Processes with Respect to Multiple Objectives," in Proceedings of the Third International Conference on Availability, Reliability and Security ARES, 2008. BibTeX

@INPROCEEDINGS{Neubauer_DefiningSecureBusiness_2008, Author = {Johannes Heurix and Thomas Neubauer}, title = {Defining Secure Business Processes with Respect to Multiple Objectives}, booktitle = {{P}roceedings of the {T}hird {I}nternational {C}onference on {A}vailability, {R}eliability and {S}ecurity {ARES}}, year = {2008}, month = {1}, publisher = {IEEE Computer Society}, }
Thomas Neubauer and Bernhard Riedl, "Improving Patients Privacy with Pseudonymization," in Proceedings of the International Congress of the European Federation for Medical Informatics, 2008. BibTeX

@INPROCEEDINGS{Neubauer_ImprovingPatientsPrivacy_2008, Author = {Thomas Neubauer and Bernhard Riedl}, title = {Improving Patients Privacy with Pseudonymization}, booktitle = {Proceedings of the International Congress of the European Federation for Medical Informatics}, year = {2008}, month = {1}, }
Stefan Fenz and Edgar R. Weippl and Andreas Ekelhart and Thomas Neubauer, "Formal threat descriptions for enhancing governmental risk assessment," in Proceedings of the First International Conference on Theory and Practice of Electronic Governance, 2007, pp. 40-43. BibTeX | PDF

@INPROCEEDINGS{Ekelhart_Formalthreatdescriptions_2007, Author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Thomas Neubauer}, title = {Formal threat descriptions for enhancing governmental risk assessment}, booktitle = {Proceedings of the First International Conference on Theory and Practice of Electronic Governance}, year = {2007}, month = {1}, abstract = {Compared to the last decades, we have recently seen more and more governmental applications which are provided via the Internet directly to the citizens. Due to the long history of IT systems in the governmental sector and the connection of these legacy systems to newer technologies, most governmental institutions are faced with a heterogeneous IT environment. More and more governmental duties and responsibilities rely solely on IT systems which have to be highly dependable to ensure the proper operation of these governmental services. An increasing amount of software vulnerabilities and the generally heightened physical threat level due to terror attacks and natural disasters demand for a holistic IT security approach which captures, manages, and secures the entire governmental IT infrastructure. Our contribution is (1) a novel inventory solution, (2) a mechanism to embed the virtual IT infrastructure data into a physical model provided by our security ontology, and (3) a methodology to automatically identify threatened assets and to reason on the current security status based on formal threat definitions taking software configurations and physical locations into account. A prototypical implementation of the aforementioned concepts shows how these concepts help governmental institutions to secure their IT infrastructure in a holistic and systematic way to fortify their IT systems in an appropriate way against current and future threats.}, pdf = {2007 - Ekelhart - Formal Threat Descriptions for Enhancing Governmental Risk Assessment.pdf}, volume = {232}, pages = {40-43}, publisher = {ACM}, note = {978-1-59593-822-0}, }
Gernot Goluch and Thomas Neubauer and Bernhard Riedl, "A Research Agenda for Autonomous Business Process Management," in Proceedings of the Second International Conference on Availability, Reliability and Security ARES, 2007. BibTeX

@INPROCEEDINGS{Neubauer_ResearchAgendaAutonomous_2007, Author = {Gernot Goluch and Thomas Neubauer and Bernhard Riedl}, title = {A Research Agenda for Autonomous Business Process Management}, booktitle = {{P}roceedings of the {S}econd {I}nternational {C}onference on {A}vailability, {R}eliability and {S}ecurity {ARES}}, year = {2007}, month = {1}, publisher = {IEEE Computer Society}, }
Thomas Neubauer and Bernhard Riedl and Veronika Grascher, "Applying a Threshold Scheme to the Pseudonymization of Health Data," in Proceedings of the 13th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC’07), 2007. BibTeX

@INPROCEEDINGS{Riedl_ApplyingThresholdScheme_2007, Author = {Thomas Neubauer and Bernhard Riedl and Veronika Grascher}, title = {Applying a Threshold Scheme to the Pseudonymization of Health Data}, booktitle = {Proceedings of the 13th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC'07)}, year = {2007}, month = {1}, }
Thomas Neubauer and Bernhard Riedl and Oswald Boehm, Data processing system for processing of object data, 2007. BibTeX

@PATENT{Riedl_Dataprocessingsystem_2007a, Author = {Thomas Neubauer and Bernhard Riedl and Oswald Boehm}, title = {Data processing system for processing of object data}, booktitle = {US-Provisional-Application}, year = {2007}, month = {1}, }
Thomas Neubauer and Christian Stummer, "Interactive Decision Support for multiobjective COTS Selection," in Proceedings of the 40th Hawaii International Conference on System Sciences, HICSS2007, 2007. BibTeX

@INPROCEEDINGS{Neubauer_InteractiveDecisionSupport_2007, Author = {Thomas Neubauer and Christian Stummer}, sbahotlist = {true}, title = {{Interactive Decision Support for multiobjective COTS Selection}}, booktitle = {Proceedings of the 40th Hawaii International Conference on System Sciences, HICSS2007}, year = {2007}, month = {1}, }
Edgar R. Weippl and Markus Klemen and Thomas Neubauer, "The Handbook of Computer Networks." Wiley, 2007. BibTeX

@INBOOK{Klemen_BusinessRequirementsofBackupSystems_2007, Author = {{Edgar R.} Weippl and Markus Klemen and Thomas Neubauer}, title = {The Handbook of Computer Networks}, year = {2007}, month = {1}, chapter = {Business Requirements of Backup Systems}, publisher = {Wiley}, }
Thomas Neubauer and Bernhard Riedl and Oswald Boehm, Data processing system for processing of object data, 2007. BibTeX

@PATENT{Riedl_Dataprocessingsystem_2007, Author = {Thomas Neubauer and Bernhard Riedl and Oswald Boehm}, title = {Data processing system for processing of object data}, booktitle = {PCT-Provisional-Application}, year = {2007}, month = {1}, }
Thomas Neubauer and Christian Stummer, "Entscheidungsunterstützung für die Auswahl von Softwarekomponenten bei mehrfachen Zielsetzungen," in Tagungsband Wirtschaftsinformatik, 2007. BibTeX

@INPROCEEDINGS{Neubauer_Entscheidungsunterstuetzungfuerdie_2007, Author = {Thomas Neubauer and Christian Stummer}, title = {{E}ntscheidungsunterst{\"u}tzung f{\"u}r die {A}uswahl von {S}oftwarekomponenten bei mehrfachen {Z}ielsetzungen}, booktitle = {Tagungsband Wirtschaftsinformatik}, year = {2007}, month = {1}, }
Thomas Neubauer, "Business Process Based Valuation and Selection of IT Investments, Development and Implementation of a Method for the Interactive Selection of IT Investments under Multiple Objectives." 2007. BibTeX

@INPROCEEDINGS{Neubauer_BusinessProcessBased_2007, Author = {Thomas Neubauer}, title = {Business Process Based Valuation and Selection of IT Investments, Development and Implementation of a Method for the Interactive Selection of IT Investments under Multiple Objectives}, year = {2007}, month = {10}, }
Thomas Neubauer and Bernhard Riedl and Thomas Mueck, "Pseudonymisierung zur sicheren Umsetzung des elektronischen Gesundheitsakts," OCG Journal, vol. 4, 2007. BibTeX

@ARTICLE{Neubauer_Pseudonymisierungzursicheren_2007, Author = {Thomas Neubauer and Bernhard Riedl and Thomas Mueck}, title = {Pseudonymisierung zur sicheren Umsetzung des elektronischen Gesundheitsakts}, journal = {OCG Journal}, year = {2007}, month = {1}, volume = {4}, }
Gernot Goluch and Thomas Neubauer and Bernhard Riedl and Oswald Boehm and Gert Reinauer and Alexander Krumboeck, "A secure architecture for the pseudonymization of medical data," in Proceedings of the Second International Conference on Availability, Reliability and Security (ARES), 2007, pp. 318-324. BibTeX

@INPROCEEDINGS{Riedl_securearchitecturepseudonymization_2007, Author = {Gernot Goluch and Thomas Neubauer and Bernhard Riedl and Oswald Boehm and Gert Reinauer and Alexander Krumboeck}, title = {A secure architecture for the pseudonymization of medical data}, booktitle = {Proceedings of the Second International Conference on Availability, Reliability and Security (ARES)}, year = {2007}, month = {1}, pages = {318-324}, }
Johannes Heurix and Thomas Neubauer, "Multiobjective Decision Support for defining Secure Business Processes," in Proceedings of the Ninth International Conference on Information Integration and Web-based Applications Services, 2007. BibTeX

@INPROCEEDINGS{Neubauer_MultiobjectiveDecisionSupport_2007, Author = {Johannes Heurix and Thomas Neubauer}, title = {Multiobjective Decision Support for defining Secure Business Processes}, booktitle = {Proceedings of the Ninth International Conference on Information Integration and Web-based Applications Services}, year = {2007}, month = {1}, publisher = {OCG}, }
Thomas Neubauer and Bernhard Riedl and Oswald Boehm, Datenverarbeitungssystem zur Verarbeitung von Objektdaten, 2007. BibTeX

@PATENT{Riedl_DatenverarbeitungssystemzurVerarbeitung_2007, Author = {Thomas Neubauer and Bernhard Riedl and Oswald Boehm}, title = {Datenverarbeitungssystem zur {V}erarbeitung von {O}bjektdaten}, booktitle = {Austrian Patent, Nr. 503291, September}, year = {2007}, month = {1}, }
Markus Klemen and Stefan Biffl and Thomas Neubauer, "Secure Business Process Management: A Roadmap," in Proceedings of the First International Conference on Availability, Reliability and Security (ARES), 2006, pp. 457-464. BibTeX

@INPROCEEDINGS{Neubauer_SecureBusinessProcess_2006, Author = {Markus Klemen and Stefan Biffl and Thomas Neubauer}, title = {Secure Business Process Management: A Roadmap}, booktitle = {Proceedings of the First International Conference on Availability, Reliability and Security (ARES)}, year = {2006}, month = {1}, pages = {457--464}, publisher = {IEEE Computer Society}, }
Edgar R. Weippl and Stefan Biffl and Thomas Neubauer, "Digital Signatures with Familiar Appearance for e-Government Documents: Authentic PDF," in Proceedings of the International Conference on Availability, Reliability and Security (ARES’06), 2006, pp. 723-731. BibTeX

@INPROCEEDINGS{Neubauer_DigitalSignatureswith_2006, Author = {{Edgar R.} Weippl and Stefan Biffl and Thomas Neubauer}, title = {Digital Signatures with Familiar Appearance for e-Government Documents: Authentic PDF}, booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (ARES'06)}, year = {2006}, month = {1}, pages = {723-731}, }
Edgar R. Weippl and Thomas Neubauer and Arno Hollosi, "Digitale PDF-Signaturen mit der Bürgerkarte," in Proceedings of D-A-CH Security 2006, 2006. BibTeX

@INPROCEEDINGS{Neubauer_DigitalePDFSignaturenmit_2006, Author = {{Edgar R.} Weippl and Thomas Neubauer and Arno Hollosi}, title = {Digitale {P}{D}{F}-{S}ignaturen mit der {B}\"urgerkarte}, booktitle = {Proceedings of D-A-CH Security 2006}, year = {2006}, month = {1}, }
Edgar R. Weippl and Thomas Neubauer and Christian Stummer, "Workshop-based Multiobjective Security Safeguard Selection," in Proceedings of the irst International Conference on Availability, Reliability and Security (ARES), 2006, pp. 366-373. BibTeX

@INPROCEEDINGS{Neubauer_WorkshopbasedMultiobjectiveSecurity_2006, Author = {{Edgar R.} Weippl and Thomas Neubauer and Christian Stummer}, title = {Workshop-based Multiobjective {S}ecurity Safeguard Selection}, booktitle = {Proceedings of the irst International Conference on Availability, Reliability and Security (ARES)}, year = {2006}, month = {1}, pages = {366--373}, publisher = {IEEE Computer Society}, }
Stefan Biffl and Thomas Neubauer, "Geschäftsprozessmanagement -Eine empirische Studie zum Status quo in Österreich, der Schweiz und Deutschland," OCG Journal, vol. 5, 2005. BibTeX

@ARTICLE{Neubauer_GeschaftsprozessmanagementEineempirische_2005, Author = {Stefan Biffl and Thomas Neubauer}, title = {Gesch\"aftsprozessmanagement -{E}ine empirische {S}tudie zum {S}tatus quo in \"Osterreich, der {S}chweiz und {D}eutschland}, journal = {O{CG} {J}ournal}, year = {2005}, month = {1}, volume = {5}, }
Markus Klemen and Stefan Biffl and Thomas Neubauer, "Business Process-based Valuation of IT-Security," in International ACM Conference on Software Engineering, Proceedings of the seventh international workshop on economics-driven software engineering research (EDSER’05), 2005. BibTeX

@INPROCEEDINGS{Neubauer_BusinessProcessbasedValuation_2005, Author = {Markus Klemen and Stefan Biffl and Thomas Neubauer}, title = {Business {P}rocess-based {V}aluation of {IT}-{S}ecurity}, booktitle = {International {ACM} {C}onference on {S}oftware {E}ngineering, {P}roceedings of the seventh international workshop on economics-driven software engineering research ({EDSER}'05)}, year = {2005}, month = {1}, }
Thomas Neubauer, "Value-Based Decision Support in Software Engineering," in Proceedings of the Alpine Software Engineering Workshop 2004, 2004. BibTeX

@INPROCEEDINGS{Neubauer_ValueBasedDecisionSupport_2004, Author = {Thomas Neubauer}, title = {Value-{B}ased {D}ecision {S}upport in {S}oftware {E}ngineering}, booktitle = {Proceedings of the Alpine {S}oftware {E}ngineering {W}orkshop 2004}, year = {2004}, month = {1}, }