References
- Baskerville, R. L., Kaul, M., & Storey, V. C. (2015). Genres of inquiry in design-science research: Justification and evaluation of knowledge production. Management Information Systems Quarterly, 39(3), 541–564. https://doi.org/https://doi.org/10.25300/MISQ
- Becker, J., Knackstedt, R., & Pöppelbuß, J. (2009). Developing maturity models for IT management—A procedure model and its application. Business & Information Systems Engineering, 1(3), 213–222. https://doi.org/https://doi.org/10.1007/s12599-009-0044-5
- Bertino, E., & Takahashi, K. (2011). Identity management. concepts, technologies, and systems (1st ed.). Artech House.
- Bradford, M., Earp, J. B., & Grabski, S. (2014). Centralized end-to-end identity and access management and ERP systems: A multi-case analysis using the technology organization environment framework. International Journal of Accounting Information Systems, 15(2), 149–165. https://doi.org/https://doi.org/10.1016/j.accinf.2014.01.003
- Bundesverband deutscher Banken e.V. (2014). Zahlen, Daten, Fakten der Kreditwirtschaft. Retrieved April 28, 2015, from https://bankenverband.de/media/publikationen/zahlen-daten.pdf
- Chrissis, M. B., Konrad, M., & Shrum, S. (2003). CMMI guidlines for process integration and product improvement. Addison-Wesley Longman Publishing Co., Inc.
- De Bruin, T., Rosemann, M., Freeze, R., & Kulkarni, U. (2005). Understanding the main phases of developing a maturity assessment model. In B. Campbell, J. Underwood, & D. Bunker (Eds.), Proceedings of the 16th Australasian Conference on Information Systems.
- Drechsler, A., & Hevner, A. R. (2018). Utilizing, producing, and contributing design knowledge in DSR projects. In S. Chatterjee, K. Dutta, & R. P. Sundarraj (Eds.), Designing for a digital and globalized world (pp. 82–97). Springer International Publishing.
- Ernst & Young. (2013). Identity and access management. Beyond compliance.
- Fairchild, A., & Ribbers, P. (2011). Privacy-enhancing identity management in business. In J. Camenisch, R. Leenes, & D. Sommer (Eds.), Digital privacy. PRIME - Privacy and identity management for Europe (pp. 107–129). Springer-Verlag.
- Fraser, P., Moultrie, J., & Gregory, M. (2002). The use of maturty models/grids as a tool in assessing product development capablity. 2002 IEEE International Engineering Management Conference. Proceedings (Vol. 1, pp. 244–249). IEEE. https://doi.org/https://doi.org/10.1016/s1568-9972(02)00058-7
- Gläser, J., & Laudel, G. (2010). Experteninterviews und qualitative Inhaltsanalyse (4th ed.). VS Verlag.
- Gregor, S., & Hevner, A. R. (2013). Positioning and presenting design science research for maximum impact. Management Information Systems Quarterly, 37(2), 337–A6. https://doi.org/https://doi.org/10.25300/MISQ
- Hevner, A., March, S. T., Park, J., & Ram, S. (2004). Design science in information systems research. Management Information Systems Quarterly, 28(1), 75–105. https://doi.org/https://doi.org/10.2307/25148625
- IDW, (Ed.) (2013). IDW auditing standard: The audit of financial statements in an information technology environment (IDW AuS 330). IDW Verlag GmbH.
- Iivari, J. (2015). Distinguishing and contrasting two strategies for design science research. European Journal of Information Systems, 24(1), 107–115. https://doi.org/https://doi.org/10.1057/ejis.2013.35
- ISO/IEC. (2013). ISO/IEC 27002:2013 Information technology—Security techniques—Code of practice for information security controls.
- Kerschberg, B. (2011, July 12). Data security and identity access management. Forbes Media LLC. Retrieved April 15, 2014, from http://www.forbes.com/sites/benkerschberg/2011/12/07/data-security-and-identity-access-management/
- Kuppinger, M. (2007). Identity management roadmap and maturity levels. Retrieved February 26, 2015, from https://www.id-conf.com/files/kuppingerroadmap.pdf
- Maxim, M., Cser, A., Balaouras, S., Schiano, S., & Dostie, P. (2016). The forrester identity management and governance maturity model. Forrester Research.
- Mettler, T. (2011). Maturity assessment models: A design science research approach. International Journal of Society Systems Science, 3(1–2), 81–98. https://doi.org/https://doi.org/10.1504/IJSSS.2011.038934
- Moeller, R. (2010). IT audit, control, and security (1st ed.). John Wiley & Sons.
- Nguyen Hoang, T., Drechsler, A., & Antunes, P. (2019). Construction of design science research questions. Communications of the Association for Information Systems (CAIS), 44(1), 332–363. https://doi.org/https://doi.org/10.17705/1CAIS.04420
- Niemimaa, E., & Niemimaa, M. (2017). Information systems security policy implementation in practice: From best practices to situated practices. European Journal of Information Systems, 26(1), 1–20. https://doi.org/https://doi.org/10.1057/s41303-016-0025-y
- Peffers, K., Tuunanen, T., Rothenberger, M. A., & Chatterjee, S. (2007). A design science research methodology for information systems research. Journal of Management Information Systems, 24(3), 45–77. https://doi.org/https://doi.org/10.2753/MIS0742-1222240302
- Pöppelbuß, J., Niehaves, B., Simons, A., & Becker, J. (2011). Maturity models in information systems research: Literature search and analysis. Communications of the Association for Information Systems, 29(27), 505–532. https://doi.org/https://doi.org/10.17705/1CAIS.02927
- Pöppelbuß, J., & Röglinger, M. (2011). What makes a useful maturity model? A framework for general design principles for maturity models and its demonstration in business process management. Proceedings of the Nineteenth European Conference on Information Systems. Presented at the European Conference on Information Systems.
- PWC. (2018). The global state of information security survey 2018. PwC website. Retrieved January 11, 2019, from https://www.pwc.com/us/en/services/consulting/cybersecurity/library/information-security-survey.html
- Rohner, P. (2013). Identity management for health professionals. A method for the integration of responsibility, organization and IT. Business & Information Systems Engineering, 5(1), 17–33. https://doi.org/https://doi.org/10.1007/s12599-012-0244-2
- Sayer, P., & Wailgum, T. (2008, April 17). What you can learn about risk management from Societe Generale. CIO website Retrieved July 7, 2017, from http://www.cio.com/article/2436790/security0/what-you-can-learn-about-risk-management-from-societe-generale.html
- Singleton, T. W. (2012). What every IT auditor should know about proper segregation of incompatible IT activities. ISACA Journal, 6, 12–14. Retrieved from http://www.isacajournal-digital.org/isacajournal/2012vol6?article_id=1077887
- Steinberg, R. A., Rudd, C., Lacy, S., & Hanna, A. (2011). ITIL service operation. 2011 edition (2nd ed.). The Stationary Office.
- Venable, J., Pries-Heje, J., & Baskerville, R. (2016). FEDS: A framework for evaluation in design science research. European Journal of Information Systems, 25(1), 77–89. https://doi.org/https://doi.org/10.1057/ejis.2014.36