Gernot Goluch

was head of the Applied Research program at SBA Research (sbaPRIME/Trainings/Whitepapers etc.)Gernot Goluch

Research Interest

His research and work focuses mainly on the sbaPRIME program and SBA trainings as well as concepts of software security and development life cycle topics. Additionally he is still involved and working on topics and research regarding security analysis and testing as well as advanced malware protection.

Bio

He received a master’s degree in Business Informatics from the TU Wien and gained several industry certificates, such as the CISSP and CSSLP (both ISC2) or ÖNORM A7700 auditor during his security related work in the last years.

Top Publications:

  • An Empirical investigation on the Visualization of Temporal Uncertainties in Software Engineering Project Planning (2005)
    • INPROCEEDINGS--
    • Stefan Biffl and Gernot Goluch and Silvia Miksch and Bettina Thurnher and Dietmar Winkler and Wolfgang Aigner
    • Proceedings of 5th ACM-IEEE International Symposium on Empirical Software Engineering
    @INPROCEEDINGS{Biffl_EmpiricalinvestigationVisualization_2005,
       author = {Stefan Biffl and Gernot Goluch and Silvia Miksch and Bettina Thurnher and Dietmar Winkler and Wolfgang Aigner},
       title = {An Empirical investigation on the Visualization of Temporal Uncertainties in Software Engineering Project Planning},
       booktitle = {Proceedings of 5th ACM-IEEE International Symposium on Empirical Software Engineering},
       year = {2005},
       month = {1},
    }
  • Architectural approach for handling semi-structured data in a user-centered working environment (2007)
    • ARTICLE--
    • Andreas Ekelhart and Stefan Fenz and Gernot Goluch and Markus Klemen and Edgar R. Weippl
    • International Journal of Web Information Systems
    @ARTICLE{Ekelhart_Architecturalapproachhandling_2007,
       author = {Andreas Ekelhart and Stefan Fenz and Gernot Goluch and Markus Klemen and {Edgar R.} Weippl},
       title = {Architectural approach for handling semi-structured data in a user-centered working environment},
       journal = {International Journal of Web Information Systems},
       year = {2007},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2007 - Ekelhart - Architectural Approach for Handling Semi-Structured Data in a User-Centered Working Environment.pdf},
       volume = {3},
       pages = {198--211},
    }
  • Ontological Mapping of Common Criterias Security Assurance Requirements (2007)
    • INPROCEEDINGS--
    • Stefan Fenz and Edgar R. Weippl and Andreas Ekelhart and Gernot Goluch
    • New Approaches for Security, Privacy and Trust in Complex Environments, Proceedings of the IFIP TC 11 22nd International Information Security Conference, IFIPSEC2007, May 14-16
    @INPROCEEDINGS{Ekelhart_OntologicalMappingof_2007,
       author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Gernot Goluch},
       title = {Ontological Mapping of Common Criterias Security Assurance Requirements},
       booktitle = {New Approaches for Security,
       Privacy and Trust in Complex Environments,
       Proceedings of the IFIP TC 11 22nd International Information Security Conference,
       IFIPSEC2007,
       May 14-16},
       year = {2007},
       month = {5},
       abstract = {The Common Criteria (CC) for Information Technology Security Evaluation provides comprehensive guidelines for the evaluation and certification of IT security regarding data security and data privacy. Due to the very complex and time-consuming certification process a lot of companies abstain from a CC certification. We created the CC Ontology tool,
       which is based on an ontological representation of the CC catalog,
       to support the evaluator at the certification process. Tasks such as the planning of an evaluation process,
       the review of relevant documents or the creating of reports are supported by the CC Ontology tool. With the development of this tool we reduce the time and costs needed to complete a certification.},
       volume = {232_2007},
       pages = {85-95},
       publisher = {International Federation for Information Processing ,
      },
       note = {978-0-387-72366-2},
    }
    The Common Criteria (CC) for Information Technology Security Evaluation provides comprehensive guidelines for the evaluation and certification of IT security regarding data security and data privacy. Due to the very complex and time-consuming certification process a lot of companies abstain from a CC certification. We created the CC Ontology tool, which is based on an ontological representation of the CC catalog, to support the evaluator at the certification process. Tasks such as the planning of an evaluation process, the review of relevant documents or the creating of reports are supported by the CC Ontology tool. With the development of this tool we reduce the time and costs needed to complete a certification.
  • XML Security - A comparative literature review (2008)
    • ARTICLE-true
    • Stefan Fenz and Edgar R. Weippl and Andreas Ekelhart and Gernot Goluch and Markus Steinkellner
    • Journal of Systems and Software
    @ARTICLE{Ekelhart_XMLSecurity_2008,
       author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Gernot Goluch and Markus Steinkellner},
       authorhotlist = {true},
       title = {XML Security - A comparative literature review},
       journal = {Journal of Systems and Software},
       year = {2008},
       month = {1},
       volume = {81},
       pages = {1715-1724},
       note = {ISSN: 0164-1212},
    }
  • Information Security Fortification by Ontological Mapping of the ISO IEC 27001 Standard (2007)
    • INPROCEEDINGS--
    • Stefan Fenz and Edgar R. Weippl and Andreas Ekelhart and Gernot Goluch and Bernhard Riedl
    • Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing, PRDC2007
    @INPROCEEDINGS{Fenz_InformationSecurityFortification_2007,
       author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Gernot Goluch and Bernhard Riedl},
       title = {Information Security Fortification by Ontological Mapping of the ISO IEC 27001 Standard},
       booktitle = {Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing,
       PRDC2007},
       year = {2007},
       month = {12},
       pages = {381-388},
       publisher = {IEEE Computer Society},
       note = {0-7695-3054-0},
    }
  • CASSIS - Computer-based Academy for Security and Safety in Information Systems (2007)
    • INPROCEEDINGS--
    • Gernot Goluch and Andreas Ekelhart and Stefan Fenz and Stefan Jakoubi and Bernhard Riedl and Simon Tjoa
    • Proceedings of the 2nd Conference on Availability, Reliability and Security, ARES2007
    @INPROCEEDINGS{Goluch_CASSISComputerbased_2007,
       author = {Gernot Goluch and Andreas Ekelhart and Stefan Fenz and Stefan Jakoubi and Bernhard Riedl and Simon Tjoa},
       title = {CASSIS - Computer-based Academy for Security and Safety in Information Systems},
       booktitle = {Proceedings of the 2nd Conference on Availability,
       Reliability and Security,
       ARES2007},
       year = {2007},
       month = {4},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2007 - Goluch - CASSIS.pdf},
       pages = {730--740},
       publisher = {IEEE Computer Society},
    }
  • Integration of an Ontological Information Security Concept in Risk Aware Business Process Management (2008)
    • INPROCEEDINGS-true
    • Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Thomas Mueck
    • Proceedings of the 41st Hawaii International Conference on System Sciences, HICSS2008
    @INPROCEEDINGS{Goluch_IntegrationofOntological_2008,
       author = {Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Thomas Mueck},
       authorhotlist = {true},
       title = {Integration of an Ontological Information Security Concept in Risk Aware Business Process Management},
       booktitle = {Proceedings of the 41st Hawaii International Conference on System Sciences,
       HICSS2008},
       year = {2008},
       month = {1},
       pages = {377-385},
       publisher = {IEEE Computer Society},
       note = {978-0-7695-3075-8},
    }
  • Nichtabstreitbarkeit und Audits in ELearning (2006)
    • INPROCEEDINGS--
    • Edgar R. Weippl and Gernot Goluch
    • IRIS 2006
    @INPROCEEDINGS{Goluch_NichtabstreitbarkeitundAudits_2006,
       author = {{Edgar R.} Weippl and Gernot Goluch},
       title = {Nichtabstreitbarkeit und Audits in ELearning},
       booktitle = {IRIS 2006},
       year = {2006},
       month = {1},
    }
  • Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation (2008)
    • INPROCEEDINGS-true
    • Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi
    • Proceedings of the 16th European Conference on Information Systems (ECIS)
    @INPROCEEDINGS{Jakoubi_DerivingResourceRequirements_2008,
       author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi},
       authorhotlist = {true},
       title = {Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation},
       booktitle = {Proceedings of the 16th European Conference on Information Systems (ECIS)},
       year = {2008},
       month = {1},
       abstract = {Today,
       companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements,
       companies often consult business process management experts. The robustness and continuity of operations is separately considered in other domains such as business continuity management and risk management. The shortcoming of this separation is that in most cases a common reasoning and information basis is missing. With the risk-aware process modeling and simulation methodology named ROPE we fill this gap and combine the strengths of the aforementioned domains. In this paper,
       we present new ROPE simulation capabilities focusing on the determination of resource requirements considering the impact of occurring threats on business processes. Furthermore,
       we introduce an example scenario to clarify how a company can benefit from applying these extensions.},
    }
    Today, companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements, companies often consult business process management experts. The robustness and continuity of operations is separately considered in other domains such as business continuity management and risk management. The shortcoming of this separation is that in most cases a common reasoning and information basis is missing. With the risk-aware process modeling and simulation methodology named ROPE we fill this gap and combine the strengths of the aforementioned domains. In this paper, we present new ROPE simulation capabilities focusing on the determination of resource requirements considering the impact of occurring threats on business processes. Furthermore, we introduce an example scenario to clarify how a company can benefit from applying these extensions.
  • A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management (2009)
    • INPROCEEDINGS-true
    • Stefan Jakoubi and Simon Tjoa and Gernot Goluch and Gerald Quirchmayr
    • International Workshop on Database and Expert Systems Applications
    @INPROCEEDINGS{Jakoubi_SurveyofScientific_2009,
       author = {Stefan Jakoubi and Simon Tjoa and Gernot Goluch and Gerald Quirchmayr},
       authorhotlist = {true},
       title = {A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management},
       booktitle = {International Workshop on Database and Expert Systems Applications},
       year = {2009},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Jakoubi_SurveyofScientific_2009.pdf},
       pages = {127--132},
       publisher = {IEEE Computer Society},
    }
  • A Process Model for RFID based Business Process Analysis (2009)
    • INPROCEEDINGS-true
    • Gernot Goluch and Simon Tjoa and Thomas Neubauer and Stefan Jakoubi and Martin Wisser
    • APSCC
    @INPROCEEDINGS{Neubauer_ProcessModelRFID_2009,
       author = {Gernot Goluch and Simon Tjoa and Thomas Neubauer and Stefan Jakoubi and Martin Wisser},
       authorhotlist = {true},
       title = {A Process Model for RFID based Business Process Analysis},
       booktitle = {APSCC},
       year = {2009},
       month = {1},
    }
  • A Research Agenda for Autonomous Business Process Management (2007)
    • INPROCEEDINGS--
    • Gernot Goluch and Thomas Neubauer and Bernhard Riedl
    • {P}roceedings of the {S}econd {I}nternational {C}onference on {A}vailability, {R}eliability and {S}ecurity {ARES}
    @INPROCEEDINGS{Neubauer_ResearchAgendaAutonomous_2007,
       author = {Gernot Goluch and Thomas Neubauer and Bernhard Riedl},
       title = {A Research Agenda for Autonomous Business Process Management},
       booktitle = {{P}roceedings of the {S}econd {I}nternational {C}onference on {A}vailability,
       {R}eliability and {S}ecurity {ARES}},
       year = {2007},
       month = {1},
       publisher = {IEEE Computer Society},
    }
  • Comparative Literature Review on RFID Security and Privacy (2007)
    • INPROCEEDINGS--
    • Edgar R. Weippl and Gernot Goluch and Bernhard Riedl and Stefan Poechlinger
    • Proceedings of The 9th International Conference on Information Integration and Web-based Applications and Services (iiWAS2007)
    @INPROCEEDINGS{Riedl_ComparativeLiteratureReview_2007,
       author = {{Edgar R.} Weippl and Gernot Goluch and Bernhard Riedl and Stefan Poechlinger},
       title = {Comparative Literature Review on RFID Security and Privacy},
       booktitle = {Proceedings of The 9th International Conference on Information Integration and Web-based Applications and Services (iiWAS2007)},
       year = {2007},
       month = {1},
    }
  • A secure architecture for the pseudonymization of medical data (2007)
    • INPROCEEDINGS--
    • Gernot Goluch and Thomas Neubauer and Bernhard Riedl and Oswald Boehm and Gert Reinauer and Alexander Krumboeck
    • Proceedings of the Second International Conference on Availability, Reliability and Security (ARES)
    @INPROCEEDINGS{Riedl_securearchitecturepseudonymization_2007,
       author = {Gernot Goluch and Thomas Neubauer and Bernhard Riedl and Oswald Boehm and Gert Reinauer and Alexander Krumboeck},
       title = {A secure architecture for the pseudonymization of medical data},
       booktitle = {Proceedings of the Second International Conference on Availability,
       Reliability and Security (ARES)},
       year = {2007},
       month = {1},
       pages = {318-324},
    }
  • A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation (2010)
    • ARTICLE--
    • Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr
    • IEEE Transactions on Services Computing
    @ARTICLE{Tjoa2010a,
       author = {Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr},
       title = {A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation},
       journal = {IEEE Transactions on Services Computing},
       year = {2010},
       month = {4},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Tjoa_TSC2010.pdf},
    }
  • Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support (2008)
    • INPROCEEDINGS--
    • Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi
    • The 22st International Conference on Advanced Information Networking and Applications
    @INPROCEEDINGS{Tjoa_ExtensionofMethodology_2008,
       author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi},
       title = {Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support},
       booktitle = {The 22st International Conference on Advanced Information Networking and Applications},
       year = {2008},
       month = {1},
       abstract = {Increasingly,
       companies face the challenges to perform their business processes effectively as well as efficiently and to simultaneously assure the continuity of these processes. As the majority of companies rely on IT,
       it is essential to establish effective incident handling. In this paper,
       we introduce new extensions of the risk-aware business process management framework ROPE (Risk- Oriented Process Evaluation) in order to support the improvement of the management and execution of business processes. We further discuss the advantages of those extensions and how they can support the implementation of standards and best-practices such as the NIST SP800-61 (Computer Security Incident Handling Guide).},
       publisher = {IEEE Society},
    }
    Increasingly, companies face the challenges to perform their business processes effectively as well as efficiently and to simultaneously assure the continuity of these processes. As the majority of companies rely on IT, it is essential to establish effective incident handling. In this paper, we introduce new extensions of the risk-aware business process management framework ROPE (Risk- Oriented Process Evaluation) in order to support the improvement of the management and execution of business processes. We further discuss the advantages of those extensions and how they can support the implementation of standards and best-practices such as the NIST SP800-61 (Computer Security Incident Handling Guide).
  • Semantic Storage: A Report on Performance and Flexibility (2005)
    • INPROCEEDINGS--
    • Edgar R. Weippl and Markus Klemen and Manfred Linnert and Stefan Fenz and Gernot Goluch and A Min Tjoa
    • Database and Expert Systems Applications, 16th International Conference, DEXA 2005
    @INPROCEEDINGS{Weippl_SemanticStorageReport_2005,
       author = {{Edgar R.} Weippl and Markus Klemen and Manfred Linnert and Stefan Fenz and Gernot Goluch and {A Min} Tjoa},
       title = {Semantic Storage: A Report on Performance and Flexibility},
       booktitle = {Database and Expert Systems Applications,
       16th International Conference,
       DEXA 2005},
       year = {2005},
       month = {8},
       abstract = {Desktop search tools are becoming more popular. They have to deal with increasing amounts of locally stored data. Another approach is to analyze the semantic relationship between collected data in order to preprocess the data semantically. The goal is to allow searches based on relationships between various objects instead of focusing on the name of objects. We introduce a database architecture based on an existing software prototype,
       which is capable of meeting the various demands for a semantic information manager. We describe the use of an association table which stores the relationships between events. It enables adding or removing data items easily without the need for schema modifications. Existing optimization techniques of RDBMS can still be used.},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2005-Weippl.pdf},
       volume = {3588_2005},
       pages = {586-595},
       publisher = {Springer Berlin Heidelberg},
    }
    Desktop search tools are becoming more popular. They have to deal with increasing amounts of locally stored data. Another approach is to analyze the semantic relationship between collected data in order to preprocess the data semantically. The goal is to allow searches based on relationships between various objects instead of focusing on the name of objects. We introduce a database architecture based on an existing software prototype, which is capable of meeting the various demands for a semantic information manager. We describe the use of an association table which stores the relationships between events. It enables adding or removing data items easily without the need for schema modifications. Existing optimization techniques of RDBMS can still be used.
  • An Empirical Study On Integrating Analytical Quality Assurance Into Pair Programming (2006)
    • INPROCEEDINGS--
    • Stefan Biffl and Gernot Goluch and Dietmar Winkler and Ramona Varvaroi
    • Proceedings of 5th ACM-IEEE International Symposium on Empirical Software Engineering
    @INPROCEEDINGS{Winkler_EmpiricalStudyIntegrating_2006,
       author = {Stefan Biffl and Gernot Goluch and Dietmar Winkler and Ramona Varvaroi},
       title = {An Empirical Study On Integrating Analytical Quality Assurance Into Pair Programming},
       booktitle = {Proceedings of 5th ACM-IEEE International Symposium on Empirical Software Engineering},
       year = {2006},
       month = {1},
    }

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close