Options
2020
Journal Article
Title
Value of data meets IT security - assessing IT security risks in data-driven value chains
Abstract
Digitalization forces manufacturing companies to shift towards customer-oriented, highly data-driven forms of value creation. This results in a changing IT security risk landscape as data becomes an attractive target for adversaries leading to an increasing number of attacks. In order to successfully protect data, it is essential that it is assessed in an integrated manner. Although IT security and data-based value creation have been studied by large research bodies, the existing literature fails to provide guidance on IT security risk analysis in data-based value chains. To contribute to the closure of this research gap, we propose a modeling approach which allocates different data types to value activities and analyses the data types in relation to the properties of relevant IT security risks. The evaluation, conducted with industry experts, reveals that it is not only a company's primary assets that are of concern but also less important data types subject to significant levels of exposure that bear considerable IT security risks.