Gerald Quirchmayr

is member of the scientific board of SBA Research and Professor at the University of Vienna.Gerald2

Research Intesest

His major research focus is on information systems in business and government with a special interest in security, applications, formal representations of decision making and legal issues.

Bio

Gerald Quirchmayr holds doctors degrees in computer science and law from Johannes Kepler University in Linz (Austria) and currently is Professor in the  Multimedia Systems Research Group of the Faculty of Computer Science at the University of Vienna.

In 2001/2002 he held a Chair in Computer and Information Systems at the University of South Australia. He first joined the University of Vienna in 1993 from the Institute of Computer Science at Johannes Kepler University in Linz (Austria) where he had previously been teaching. In 1989/1990 he taught at the University of Hamburg (Germany). His wide international experience ranges from the participation in international teaching and research projects, very often UN- and EU-based, several research stays at universities and research centres in the US, Asia and EU Member States to extensive teaching in EU staff exchange programs in the United Kingdom, Sweden, Finland, Germany, Spain, and Greece, as well as teaching stays in the Czech Republic and Poland. International teaching and specialist missions include UN-coordinated activities in Egypt, Russia and the Republic of Korea.

He has served as a member of program committees of many international conferences, chaired several of them, has contributed as reviewer to scientific journals and has also served on editorial boards. He is a member of the Austrian and German computer societies and a member of IFIP working groups. For his contributions to the international IT community he was received the IFIP Silver Core Award in 1995. His major research focus is on information systems in business and government with a special interest in security, applications, formal representations of decision making and legal issues. His publication record comprises approximately 150 peer reviewed papers plus several edited books and conference proceedings as well as nationally and internationally published project reports.

In July 2002 he was appointed as Adjunct Professor at the School of Computer and Information Science of the University of South Australia. From January 2005 until January December 2010 he headed the Department of Distributed and Multimedia Systems, Faculty of Computer Science, at the University of Vienna and served as Vice Dean of the Faculty of Computer Science from October 2008 until October 2010. Since January 2011 he serves as deputy head of the Multimedia Systems Research Group group. In 2011 he was appointed as Deputy Director of the Doctoral Studies Programme Natural and Technical Sciences and serves as the programs as Director from October 2014.

For more information please see: http://cs.univie.ac.at/mis-team/infpers/Gerald_Quirchmayr/

Publications

See: http://cs.univie.ac.at/mis-team/infpers/Gerald_Quirchmayr/

Top Publications:

  • Cloud-Sicherheit. Leitfaden für Behörden und Klein- und Mittelbetriebe (2014)
    • INBOOK--
    • Stefan Fenz and Johannes Heurix and Thomas Neubauer and A Min Tjoa and Gerald Quirchmayr and Alexander Schatten and E. Neuhold and J. Goellner and C. Meurers and W. Hitz
    • -
    @INBOOK{Fenz2014CloudSicherheit,
       author = {Stefan Fenz and Johannes Heurix and Thomas Neubauer and {A Min} Tjoa and Gerald Quirchmayr and Alexander Schatten and E. Neuhold and J. Goellner and C. Meurers and W. Hitz},
       title = {Cloud-Sicherheit. Leitfaden für Behörden und Klein- und Mittelbetriebe},
       booktitle = {Schriftenreihe der Landesverteidigungsakademie,
       Landesverteidigungsakademie},
       year = {2014},
       month = {0},
       pdf = {http://www.bundesheer.at/pdf_pool/publikationen/08_cs.pdf},
    }
  • Evaluation criteria for cloud computing based on the upcoming European data protection regulation (2014)
    • INPROCEEDINGS--
    • Manfred Halper and Stefan Fenz and J. Goellner and Gerald Quirchmayr
    • 2014 Civilisation at the Crossroads Response and Responsibility of the Systems Sciences
    @INPROCEEDINGS{Halper2014Evaluation,
       author = {Manfred Halper and Stefan Fenz and J. Goellner and Gerald Quirchmayr},
       title = {Evaluation criteria for cloud computing based on the upcoming European data protection regulation},
       booktitle = {2014 Civilisation at the Crossroads Response and Responsibility of the Systems Sciences},
       year = {2014},
       month = {4},
    }
  • Wissensmanagement bei CERTs – eine europäische Herausforderung, in Risiken kennen, Herausforderungen annehmen, Lösungen gestalten (2015)
    • INPROCEEDINGS--
    • Edith Huber and Gerald Quirchmayr and Otto Hellwig
    • 14. Deutscher IT-Sicherheitskongress des BSI
    @INPROCEEDINGS{Huber2015Wissensmanagement,
       author = {Edith Huber and Gerald Quirchmayr and Otto Hellwig},
       title = {Wissensmanagement bei CERTs – eine europäische Herausforderung,
       in Risiken kennen,
       Herausforderungen annehmen,
       Lösungen gestalten},
       booktitle = {14. Deutscher IT-Sicherheitskongress des BSI},
       year = {2015},
       month = {5},
    }
  • Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation (2008)
    • INPROCEEDINGS-true
    • Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi
    • Proceedings of the 16th European Conference on Information Systems (ECIS)
    @INPROCEEDINGS{Jakoubi_DerivingResourceRequirements_2008,
       author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi},
       authorhotlist = {true},
       title = {Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation},
       booktitle = {Proceedings of the 16th European Conference on Information Systems (ECIS)},
       year = {2008},
       month = {1},
       abstract = {Today,
       companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements,
       companies often consult business process management experts. The robustness and continuity of operations is separately considered in other domains such as business continuity management and risk management. The shortcoming of this separation is that in most cases a common reasoning and information basis is missing. With the risk-aware process modeling and simulation methodology named ROPE we fill this gap and combine the strengths of the aforementioned domains. In this paper,
       we present new ROPE simulation capabilities focusing on the determination of resource requirements considering the impact of occurring threats on business processes. Furthermore,
       we introduce an example scenario to clarify how a company can benefit from applying these extensions.},
    }
    Today, companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements, companies often consult business process management experts. The robustness and continuity of operations is separately considered in other domains such as business continuity management and risk management. The shortcoming of this separation is that in most cases a common reasoning and information basis is missing. With the risk-aware process modeling and simulation methodology named ROPE we fill this gap and combine the strengths of the aforementioned domains. In this paper, we present new ROPE simulation capabilities focusing on the determination of resource requirements considering the impact of occurring threats on business processes. Furthermore, we introduce an example scenario to clarify how a company can benefit from applying these extensions.
  • Enabling the Risk-Aware Modeling and Simulation of Business Processes (2007)
    • ARTICLE-true
    • Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi
    • JISSec - Journal of Information System Security
    @ARTICLE{Jakoubi_EnablingRiskAwareModeling_2007,
       author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi},
       authorhotlist = {true},
       title = {Enabling the Risk-Aware Modeling and Simulation of Business Processes},
       journal = {JISSec - Journal of Information System Security},
       year = {2007},
       month = {1},
       abstract = {Risk management is essential regarding the maintenance of a company's business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges,
       companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that,
       risk management provides the design of robust business processes to strengthen the resilience of daily business. Both domains aim at improving business performance,
       but they approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory,
       we propose one unified method which integrates both points of views to enable risk-aware business process management and optimization. In this paper,
       we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management,
       risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination is the refinement of business process activities into four atomic elements (Conditions,
       Actions,
       Resources and Environments) and a process-oriented way of modeling threats,
       preventive and reactive counter measures as well as recovery measures. In this paper we demonstrate how risk-aware business process management and simulation can be enabled through the application of the ROPE methodology.},
    }
    Risk management is essential regarding the maintenance of a company's business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges, companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that, risk management provides the design of robust business processes to strengthen the resilience of daily business. Both domains aim at improving business performance, but they approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory, we propose one unified method which integrates both points of views to enable risk-aware business process management and optimization. In this paper, we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management, risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination is the refinement of business process activities into four atomic elements (Conditions, Actions, Resources and Environments) and a process-oriented way of modeling threats, preventive and reactive counter measures as well as recovery measures. In this paper we demonstrate how risk-aware business process management and simulation can be enabled through the application of the ROPE methodology.
  • ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes (2007)
    • INPROCEEDINGS-true
    • Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi
    • Proceedings of the 15th European Conference on Information Systems (ECIS 2007)
    @INPROCEEDINGS{Jakoubi_ROPEMethodologyEnabling_2007,
       author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi},
       authorhotlist = {true},
       title = {ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes},
       booktitle = {Proceedings of the 15th European Conference on Information Systems (ECIS 2007)},
       year = {2007},
       month = {1},
       abstract = {Risk management is essential regarding the maintenance of a companys business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges,
       companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that,
       risk management designs robust business processes to strengthen the resilience of daily business. Both domains try to improve business,
       but both approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory,
       we propose one unified method that unites both points of views to enable risk-aware business process management and optimization. In this paper,
       we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management,
       risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination are the refinement of business process activities into four atomic elements (Conditions,
       Actions,
       Resources and Environments) and a process-oriented way of modeling threats as well as security,
       counter and recovery measures. In this paper we demonstrate how to enable risk-aware business process management and simulation through the application of the ROPE methodology.},
    }
    Risk management is essential regarding the maintenance of a companys business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges, companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that, risk management designs robust business processes to strengthen the resilience of daily business. Both domains try to improve business, but both approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory, we propose one unified method that unites both points of views to enable risk-aware business process management and optimization. In this paper, we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management, risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination are the refinement of business process activities into four atomic elements (Conditions, Actions, Resources and Environments) and a process-oriented way of modeling threats as well as security, counter and recovery measures. In this paper we demonstrate how to enable risk-aware business process management and simulation through the application of the ROPE methodology.
  • A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management (2009)
    • INPROCEEDINGS-true
    • Stefan Jakoubi and Simon Tjoa and Gernot Goluch and Gerald Quirchmayr
    • International Workshop on Database and Expert Systems Applications
    @INPROCEEDINGS{Jakoubi_SurveyofScientific_2009,
       author = {Stefan Jakoubi and Simon Tjoa and Gernot Goluch and Gerald Quirchmayr},
       authorhotlist = {true},
       title = {A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management},
       booktitle = {International Workshop on Database and Expert Systems Applications},
       year = {2009},
       month = {1},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Jakoubi_SurveyofScientific_2009.pdf},
       pages = {127--132},
       publisher = {IEEE Computer Society},
    }
  • Towards a CERT-Communication Model as Basis to Software Assurance (2015)
    • INPROCEEDINGS--
    • Gerald Quirchmayr and Otto Hellwig and Edith Huber and Markus Huber and Timo Mischitz
    • 10th International Conference on Availability, Reliability and Security (ARES), 2015
    @INPROCEEDINGS{Quirchmayr2015Towards,
       author = {Gerald Quirchmayr and Otto Hellwig and Edith Huber and Markus Huber and Timo Mischitz},
       title = {Towards a CERT-Communication Model as Basis to Software Assurance},
       booktitle = {10th International Conference on Availability,
       Reliability and Security (ARES),
       2015},
       year = {2015},
       month = {8},
       pdf = {https://www.researchgate.net/profile/Edith_Huber2/publication/280232144_Towards_a_CERT-Communication_Model_as_Basis_to_Software_Assurance/links/55dec1fd08ae79830bb59139.pdf},
    }
  • A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation (2010)
    • ARTICLE--
    • Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr
    • IEEE Transactions on Services Computing
    @ARTICLE{Tjoa2010a,
       author = {Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr},
       title = {A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation},
       journal = {IEEE Transactions on Services Computing},
       year = {2010},
       month = {4},
       pdf = {https://www.sba-research.org/wp-content/uploads/publications/Tjoa_TSC2010.pdf},
    }
  • Enhancing {B}usiness {I}mpact {A}nalysis and {R}isk {A}ssessment applying a {R}isk-{A}ware {B}usiness {P}rocess {M}odeling and {S}imulation {M}ethodology (2008)
    • INPROCEEDINGS-true
    • Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi
    • Proceedings of the 3rd {I}nternational {C}onference on {A}vailability, {R}eliability and {S}ecurity
    @INPROCEEDINGS{Tjoa_EnhancingBusinessImpact_2008,
       author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi},
       authorhotlist = {true},
       title = {Enhancing {B}usiness {I}mpact {A}nalysis and {R}isk {A}ssessment applying a {R}isk-{A}ware {B}usiness {P}rocess {M}odeling and {S}imulation {M}ethodology},
       booktitle = {Proceedings of the 3rd {I}nternational {C}onference on {A}vailability,
       {R}eliability and {S}ecurity},
       year = {2008},
       month = {1},
       abstract = {Driven by the steadily growing number of natural disasters,
       the threat of terrorist and other criminal attacks as well as changed legislation and regulations,
       companies are increasingly forced to prepare against threats that endanger the survivability of crucial business activities. As a consequence,
       management has to pay more attention to business continuity issues including serious management commitment and more appropriate funding. Business impact analysis and risk assessment concepts enable adequate business continuity planning as they deliver essential information about the impact of resources' disruption on business. In this paper we present how these concepts can be enhanced through the application of the ROPE (Risk-Oriented Process Evaluation) methodology enabling risk-aware business process management and simulation. Moreover,
       we present essential extensions of the ROPE simulation capabilities leading to a more efficient and effective business continuity planning.},
    }
    Driven by the steadily growing number of natural disasters, the threat of terrorist and other criminal attacks as well as changed legislation and regulations, companies are increasingly forced to prepare against threats that endanger the survivability of crucial business activities. As a consequence, management has to pay more attention to business continuity issues including serious management commitment and more appropriate funding. Business impact analysis and risk assessment concepts enable adequate business continuity planning as they deliver essential information about the impact of resources' disruption on business. In this paper we present how these concepts can be enhanced through the application of the ROPE (Risk-Oriented Process Evaluation) methodology enabling risk-aware business process management and simulation. Moreover, we present essential extensions of the ROPE simulation capabilities leading to a more efficient and effective business continuity planning.
  • Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support (2008)
    • INPROCEEDINGS-true
    • Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi
    • The 22st International Conference on Advanced Information Networking and Applications
    @INPROCEEDINGS{Tjoa_ExtensionofMethodology_2008,
       author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi},
       authorhotlist = {true},
       title = {Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support},
       booktitle = {The 22st International Conference on Advanced Information Networking and Applications},
       year = {2008},
       month = {1},
       abstract = {Increasingly,
       companies face the challenges to perform their business processes effectively as well as efficiently and to simultaneously assure the continuity of these processes. As the majority of companies rely on IT,
       it is essential to establish effective incident handling. In this paper,
       we introduce new extensions of the risk-aware business process management framework ROPE (Risk- Oriented Process Evaluation) in order to support the improvement of the management and execution of business processes. We further discuss the advantages of those extensions and how they can support the implementation of standards and best-practices such as the NIST SP800-61 (Computer Security Incident Handling Guide).},
       publisher = {IEEE Society},
    }
    Increasingly, companies face the challenges to perform their business processes effectively as well as efficiently and to simultaneously assure the continuity of these processes. As the majority of companies rely on IT, it is essential to establish effective incident handling. In this paper, we introduce new extensions of the risk-aware business process management framework ROPE (Risk- Oriented Process Evaluation) in order to support the improvement of the management and execution of business processes. We further discuss the advantages of those extensions and how they can support the implementation of standards and best-practices such as the NIST SP800-61 (Computer Security Incident Handling Guide).
  • Die NIS-Richtlinie und der rechtliche Rahmen von CERTS (2017)
    • INPROCEEDINGS--
    • Christof Tschohl and Walter Hötzendorfer and Gerald Quirchmayr and Edith Huber and Otto Hellwig
    • IRIS 2017
    @INPROCEEDINGS{Tschohl2017NISRichtlinie,
       author = {Christof Tschohl and Walter Hötzendorfer and Gerald Quirchmayr and Edith Huber and Otto Hellwig},
       title = {Die NIS-Richtlinie und der rechtliche Rahmen von CERTS},
       booktitle = {IRIS 2017},
       year = {2017},
       month = {2},
       pdf = {https://www.researchgate.net/publication/314984411_DIE_NIS-RICHTLINIE_UND_DER_RECHTLICHE_RAHMEN_VON_CERTS},
    }

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close