Stefan Jakoubi

is head of Professional Services.

He has been working in information security for over ten years and established himself as a “security architect” for his – often longstanding – customers. One of his favorite activities is to give security awareness talksStefan Jakoubi

  • E-Mail
  • Phone: +43 (1) 505 36 88 – 1301
  • Fax: +43 (1) 505 88 88

Research Interests

His research and work focuses mainly on security governance with special focus on the interconnection between business requirements and information security risks leading to secure business processes.

His core consulting activities comprise:

  • Secure business processes
  • Information security management systems (ISMS)
  • ISO27001 gap analysis and certification advisory
  • IT/IS audit
  • Information risk management
  • Security awareness

Bio

He received a master’s degree in Business Informatics from the University of Vienna and gained several industry certificates, such as CISA and AMBCI during his security related work in the last years.

  • CASSIS - Computer-based Academy for Security and Safety in Information Systems (2007)
    • INPROCEEDINGS--
    • Gernot Goluch and Andreas Ekelhart and Stefan Fenz and Stefan Jakoubi and Bernhard Riedl and Simon Tjoa
    • Proceedings of the 2nd Conference on Availability, Reliability and Security, ARES2007
    @INPROCEEDINGS{Goluch_CASSISComputerbased_2007,
       author = {Gernot Goluch and Andreas Ekelhart and Stefan Fenz and Stefan Jakoubi and Bernhard Riedl and Simon Tjoa},
       title = {CASSIS - Computer-based Academy for Security and Safety in Information Systems},
       booktitle = {Proceedings of the 2nd Conference on Availability,
       Reliability and Security,
       ARES2007},
       year = {2007},
       month = {4},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/2007 - Goluch - CASSIS.pdf},
       pages = {730--740},
       publisher = {IEEE Computer Society},
    }
  • Integration of an Ontological Information Security Concept in Risk Aware Business Process Management (2008)
    • INPROCEEDINGS-true
    • Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Thomas Mueck
    • Proceedings of the 41st Hawaii International Conference on System Sciences, HICSS2008
    @INPROCEEDINGS{Goluch_IntegrationofOntological_2008,
       author = {Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Thomas Mueck},
       authorhotlist = {true},
       title = {Integration of an Ontological Information Security Concept in Risk Aware Business Process Management},
       booktitle = {Proceedings of the 41st Hawaii International Conference on System Sciences,
       HICSS2008},
       year = {2008},
       month = {1},
       pages = {377-385},
       publisher = {IEEE Computer Society},
       note = {978-0-7695-3075-8},
    }
  • Risk-Aware Business Process Management: Establishing the Link Between Business and Security (2010)
    • INPROCEEDINGS--
    • Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler
    • Complex Intelligent Systems and Their Applications
    @INPROCEEDINGS{Jakoubi_CISTA_2010,
       author = {Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler},
       title = {Risk-Aware Business Process Management: Establishing the Link Between Business and Security},
       booktitle = {Complex Intelligent Systems and Their Applications},
       year = {2010},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Jakoubi_CISTA_2010.pdf},
       volume = {41},
       pages = {109-135},
       publisher = {Springer New York},
    }
  • Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation (2008)
    • INPROCEEDINGS-true
    • Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi
    • Proceedings of the 16th European Conference on Information Systems (ECIS)
    @INPROCEEDINGS{Jakoubi_DerivingResourceRequirements_2008,
       author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi},
       authorhotlist = {true},
       title = {Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation},
       booktitle = {Proceedings of the 16th European Conference on Information Systems (ECIS)},
       year = {2008},
       month = {1},
       abstract = {Today,
       companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements,
       companies often consult business process management experts. The robustness and continuity of operations is separately considered in other domains such as business continuity management and risk management. The shortcoming of this separation is that in most cases a common reasoning and information basis is missing. With the risk-aware process modeling and simulation methodology named ROPE we fill this gap and combine the strengths of the aforementioned domains. In this paper,
       we present new ROPE simulation capabilities focusing on the determination of resource requirements considering the impact of occurring threats on business processes. Furthermore,
       we introduce an example scenario to clarify how a company can benefit from applying these extensions.},
    }
    Today, companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements, companies often consult business process management experts. The robustness and continuity of operations is separately considered in other domains such as business continuity management and risk management. The shortcoming of this separation is that in most cases a common reasoning and information basis is missing. With the risk-aware process modeling and simulation methodology named ROPE we fill this gap and combine the strengths of the aforementioned domains. In this paper, we present new ROPE simulation capabilities focusing on the determination of resource requirements considering the impact of occurring threats on business processes. Furthermore, we introduce an example scenario to clarify how a company can benefit from applying these extensions.
  • Enabling the Risk-Aware Modeling and Simulation of Business Processes (2007)
    • ARTICLE--
    • Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi
    • JISSec - Journal of Information System Security
    @ARTICLE{Jakoubi_EnablingRiskAwareModeling_2007,
       author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi},
       title = {Enabling the Risk-Aware Modeling and Simulation of Business Processes},
       journal = {JISSec - Journal of Information System Security},
       year = {2007},
       month = {1},
       abstract = {Risk management is essential regarding the maintenance of a company's business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges,
       companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that,
       risk management provides the design of robust business processes to strengthen the resilience of daily business. Both domains aim at improving business performance,
       but they approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory,
       we propose one unified method which integrates both points of views to enable risk-aware business process management and optimization. In this paper,
       we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management,
       risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination is the refinement of business process activities into four atomic elements (Conditions,
       Actions,
       Resources and Environments) and a process-oriented way of modeling threats,
       preventive and reactive counter measures as well as recovery measures. In this paper we demonstrate how risk-aware business process management and simulation can be enabled through the application of the ROPE methodology.},
    }
    Risk management is essential regarding the maintenance of a company's business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges, companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that, risk management provides the design of robust business processes to strengthen the resilience of daily business. Both domains aim at improving business performance, but they approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory, we propose one unified method which integrates both points of views to enable risk-aware business process management and optimization. In this paper, we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management, risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination is the refinement of business process activities into four atomic elements (Conditions, Actions, Resources and Environments) and a process-oriented way of modeling threats, preventive and reactive counter measures as well as recovery measures. In this paper we demonstrate how risk-aware business process management and simulation can be enabled through the application of the ROPE methodology.
  • A Reference Model for Risk-Aware Business Process Management (2009)
    • INPROCEEDINGS-true
    • Stefan Jakoubi and Simon Tjoa
    • International Conference on Risks and Security of Internet and Systems
    @INPROCEEDINGS{Jakoubi_ReferenceModelRiskAware_2009,
       author = {Stefan Jakoubi and Simon Tjoa},
       authorhotlist = {true},
       title = {A Reference Model for Risk-Aware Business Process Management},
       booktitle = {International Conference on Risks and Security of Internet and Systems},
       year = {2009},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Jakoubi_ReferenceModelRiskAware_2009 (2).pdf},
       publisher = {IEEE},
    }
  • Risk-Aware Business Process Management :Establishing the Link Between Business and Security (2010)
    • INBOOK--
    • Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler
    • Springer New York
    @INBOOK{Jakoubi_Risk_Aware_Business_Process_Ma_2010,
       author = {Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler},
       title = {Risk-Aware Business Process Management :Establishing the Link Between Business and Security},
       booktitle = {Complex Intelligent Systems and Their Applications},
       year = {2010},
       month = {8},
       volume = {41},
       pages = {109-135},
       publisher = {Springer New York},
       note = {Book},
    }
  • A Roadmap to Risk-Aware Business Process Management (2009)
    • INPROCEEDINGS-true
    • Simon Tjoa and Thomas Neubauer and Stefan Jakoubi
    • APSCC
    @INPROCEEDINGS{Jakoubi_RoadmaptoRiskAware_2009,
       author = {Simon Tjoa and Thomas Neubauer and Stefan Jakoubi},
       authorhotlist = {true},
       title = {A Roadmap to Risk-Aware Business Process Management},
       booktitle = {APSCC},
       year = {2009},
       month = {1},
    }
  • ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes (2007)
    • INPROCEEDINGS-true
    • Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi
    • Proceedings of the 15th European Conference on Information Systems (ECIS 2007)
    @INPROCEEDINGS{Jakoubi_ROPEMethodologyEnabling_2007,
       author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi},
       authorhotlist = {true},
       title = {ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes},
       booktitle = {Proceedings of the 15th European Conference on Information Systems (ECIS 2007)},
       year = {2007},
       month = {1},
       abstract = {Risk management is essential regarding the maintenance of a companys business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges,
       companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that,
       risk management designs robust business processes to strengthen the resilience of daily business. Both domains try to improve business,
       but both approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory,
       we propose one unified method that unites both points of views to enable risk-aware business process management and optimization. In this paper,
       we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management,
       risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination are the refinement of business process activities into four atomic elements (Conditions,
       Actions,
       Resources and Environments) and a process-oriented way of modeling threats as well as security,
       counter and recovery measures. In this paper we demonstrate how to enable risk-aware business process management and simulation through the application of the ROPE methodology.},
    }
    Risk management is essential regarding the maintenance of a companys business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges, companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that, risk management designs robust business processes to strengthen the resilience of daily business. Both domains try to improve business, but both approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory, we propose one unified method that unites both points of views to enable risk-aware business process management and optimization. In this paper, we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management, risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination are the refinement of business process activities into four atomic elements (Conditions, Actions, Resources and Environments) and a process-oriented way of modeling threats as well as security, counter and recovery measures. In this paper we demonstrate how to enable risk-aware business process management and simulation through the application of the ROPE methodology.
  • A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management (2009)
    • INPROCEEDINGS-true
    • Stefan Jakoubi and Simon Tjoa and Gernot Goluch and Gerald Quirchmayr
    • International Workshop on Database and Expert Systems Applications
    @INPROCEEDINGS{Jakoubi_SurveyofScientific_2009,
       author = {Stefan Jakoubi and Simon Tjoa and Gernot Goluch and Gerald Quirchmayr},
       authorhotlist = {true},
       title = {A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management},
       booktitle = {International Workshop on Database and Expert Systems Applications},
       year = {2009},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Jakoubi_SurveyofScientific_2009.pdf},
       pages = {127--132},
       publisher = {IEEE Computer Society},
    }
  • A Process Model for RFID based Business Process Analysis (2009)
    • INPROCEEDINGS-true
    • Gernot Goluch and Simon Tjoa and Thomas Neubauer and Stefan Jakoubi and Martin Wisser
    • APSCC
    @INPROCEEDINGS{Neubauer_ProcessModelRFID_2009,
       author = {Gernot Goluch and Simon Tjoa and Thomas Neubauer and Stefan Jakoubi and Martin Wisser},
       authorhotlist = {true},
       title = {A Process Model for RFID based Business Process Analysis},
       booktitle = {APSCC},
       year = {2009},
       month = {1},
    }
  • A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation (2010)
    • ARTICLE--
    • Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr
    • IEEE Transactions on Services Computing
    @ARTICLE{Tjoa2010a,
       author = {Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr},
       title = {A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation},
       journal = {IEEE Transactions on Services Computing},
       year = {2010},
       month = {4},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Tjoa_TSC2010.pdf},
    }
  • ARES Conference Proceedings (2008)
    • BOOK--
    • Edgar R. Weippl and Simon Tjoa and Stefan Jakoubi
    • IEEE
    @BOOK{Tjoa_ARESConferenceProceedings_2008,
       author = {{Edgar R.} Weippl and Simon Tjoa and Stefan Jakoubi},
       title = {ARES Conference Proceedings},
       year = {2008},
       month = {1},
       publisher = {IEEE},
    }
  • A Formal Approach Towards Risk-Aware Service Level Analysis and Planning (2010)
    • INPROCEEDINGS--
    • Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler
    • 2010 International Conference on Availability, Reliability and Security
    @INPROCEEDINGS{Tjoa_A_Formal_Approach_Towards_Risk_2010,
       author = {Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler},
       title = {A Formal Approach Towards Risk-Aware Service Level Analysis and Planning},
       booktitle = {2010 International Conference on Availability,
       Reliability and Security},
       year = {2010},
       month = {2},
       pages = {180-187},
    }
  • Enhancing {B}usiness {I}mpact {A}nalysis and {R}isk {A}ssessment applying a {R}isk-{A}ware {B}usiness {P}rocess {M}odeling and {S}imulation {M}ethodology (2008)
    • INPROCEEDINGS--
    • Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi
    • Proceedings of the 3rd {I}nternational {C}onference on {A}vailability, {R}eliability and {S}ecurity
    @INPROCEEDINGS{Tjoa_EnhancingBusinessImpact_2008,
       author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi},
       title = {Enhancing {B}usiness {I}mpact {A}nalysis and {R}isk {A}ssessment applying a {R}isk-{A}ware {B}usiness {P}rocess {M}odeling and {S}imulation {M}ethodology},
       booktitle = {Proceedings of the 3rd {I}nternational {C}onference on {A}vailability,
       {R}eliability and {S}ecurity},
       year = {2008},
       month = {1},
       abstract = {Driven by the steadily growing number of natural disasters,
       the threat of terrorist and other criminal attacks as well as changed legislation and regulations,
       companies are increasingly forced to prepare against threats that endanger the survivability of crucial business activities. As a consequence,
       management has to pay more attention to business continuity issues including serious management commitment and more appropriate funding. Business impact analysis and risk assessment concepts enable adequate business continuity planning as they deliver essential information about the impact of resources' disruption on business. In this paper we present how these concepts can be enhanced through the application of the ROPE (Risk-Oriented Process Evaluation) methodology enabling risk-aware business process management and simulation. Moreover,
       we present essential extensions of the ROPE simulation capabilities leading to a more efficient and effective business continuity planning.},
    }
    Driven by the steadily growing number of natural disasters, the threat of terrorist and other criminal attacks as well as changed legislation and regulations, companies are increasingly forced to prepare against threats that endanger the survivability of crucial business activities. As a consequence, management has to pay more attention to business continuity issues including serious management commitment and more appropriate funding. Business impact analysis and risk assessment concepts enable adequate business continuity planning as they deliver essential information about the impact of resources' disruption on business. In this paper we present how these concepts can be enhanced through the application of the ROPE (Risk-Oriented Process Evaluation) methodology enabling risk-aware business process management and simulation. Moreover, we present essential extensions of the ROPE simulation capabilities leading to a more efficient and effective business continuity planning.
  • Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support (2008)
    • INPROCEEDINGS--
    • Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi
    • The 22st International Conference on Advanced Information Networking and Applications
    @INPROCEEDINGS{Tjoa_ExtensionofMethodology_2008,
       author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi},
       title = {Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support},
       booktitle = {The 22st International Conference on Advanced Information Networking and Applications},
       year = {2008},
       month = {1},
       abstract = {Increasingly,
       companies face the challenges to perform their business processes effectively as well as efficiently and to simultaneously assure the continuity of these processes. As the majority of companies rely on IT,
       it is essential to establish effective incident handling. In this paper,
       we introduce new extensions of the risk-aware business process management framework ROPE (Risk- Oriented Process Evaluation) in order to support the improvement of the management and execution of business processes. We further discuss the advantages of those extensions and how they can support the implementation of standards and best-practices such as the NIST SP800-61 (Computer Security Incident Handling Guide).},
       publisher = {IEEE Society},
    }
    Increasingly, companies face the challenges to perform their business processes effectively as well as efficiently and to simultaneously assure the continuity of these processes. As the majority of companies rely on IT, it is essential to establish effective incident handling. In this paper, we introduce new extensions of the risk-aware business process management framework ROPE (Risk- Oriented Process Evaluation) in order to support the improvement of the management and execution of business processes. We further discuss the advantages of those extensions and how they can support the implementation of standards and best-practices such as the NIST SP800-61 (Computer Security Incident Handling Guide).
  • Planning Dynamic Activity and Resource Allocations Using a Risk-Aware Business Process Management Approach (2010)
    • INPROCEEDINGS--
    • Simon Tjoa and Stefan Jakoubi and Sigrun Goluch and Gerhard Kitzler
    • 2010 International Conference on Availability, Reliability and Security
    @INPROCEEDINGS{Tjoa_Planning_Dynamic_Activity_and__2010,
       author = {Simon Tjoa and Stefan Jakoubi and Sigrun Goluch and Gerhard Kitzler},
       title = {Planning Dynamic Activity and Resource Allocations Using a Risk-Aware Business Process Management Approach},
       booktitle = {2010 International Conference on Availability,
       Reliability and Security},
       year = {2010},
       month = {2},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Tjoa_ARES2010_dynamic.pdf},
       pages = {268-274},
    }

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close