Skip to main content
Publication records
Subject(s)
Economics, politics and business environment; Information technology and systems; Technology, R&D management
Keyword(s)
Cybersecurity, information security, government, Germany
Since its foundation 30 years ago, the Federal Office for Information Security (BSI) has developed into an internationally and nationally recognized center of competence for IT security. With a steady increase in tasks, the discussion about the governance of the office has become stronger - many voices are calling for greater independence of the BSI. The article examines the reasons for and options for greater independence of the agency. As a result, it argues for a further development of the agency's governance that represents a balance between independence and political responsibility.

[Seit seiner Gründung vor 30 Jahren hat sich das BSI zu einem international und national anerkannten Kompetenzträger für IT-Sicherheit entwickelt. Mit stetigem Aufgabenzuwachs ist die Diskussion über die Steuerung des Amtes stärker geworden – viele Stimmen fordern eine größere Unabhängigkeit des BSI.]
Volume
45
Journal Pages
229–233
ISSN (Online)
1862-2607
ISSN (Print)
1614-0702
Online article
Forbes India
Bianca Schmitz, Aparajith Raman (2021)
Subject(s)
Economics, politics and business environment; Strategy and general management; Technology, R&D management
Keyword(s)
SME, hidden champions, family business, customer centricity, innovation, R&D
How these companies embraced innovation to take the lead in their markets provides lessons for small and medium enterprises (SMEs) everywhere.
Subject(s)
Human resources management/organizational behavior
Keyword(s)
Corporate culture, remote work, leadership

ISSN (Print)
0015-6914
Working Paper
SSRN Working Paper
Daniel Grodzicki, Alexei Alexandrov, Özlem Bedre-Defolie, Sergei Koulayev (2021)
Subject(s)
Economics, politics and business environment; Finance, accounting and corporate governance
Keyword(s)
Credit card demand reactions to fees, late fee regulation, limited attention
JEL Code(s)
D12, D90, G50
We introduce a model of a rational credit card user's rather complex usage choices and develop an empirical framework to test its predictions. Employing a large national database of U.S. card accounts, we estimate how prices impact card usage and find that price effects are mostly well explained within our model. An exception is less borrowing in response to declining late-fees among low credit-score (subprime) users. Extension of our model based on "focusing theory" predicts this behavior. It also implies substantial indirect benefits of the CARD Act's late-fee cap due to subprime users re-focusing toward reducing their debt.
Pages
46
Subject(s)
Information technology and systems; Strategy and general management
Keyword(s)
public-private partnerships, cybersecurity governance, germany, united states, united kingdom, israel, trust
The article survey the current situation concerning the operative cybersecurity cooperation of public and private-sector entities in Germany and compares it with solutions implemented in the United States, Israel, and the United Kingdom. Subsequent to the analysis, the establishment of trust between the different involved actors is identified as the principal challenge for efficient cooperation in this subject area.

[Der vorliegende Artikel stellt die bisherige Situation der operativen Zusammenarbeit zwischen Staat und Wirtschaft in der Cybersicherheit in Deutschland dar und vergleicht sie mit den Lösungen, die in den USA, Israel und Großbritannien für das gleichlautende Problem gefunden worden sind. Im Anschluss wird die Herstellung von Vertrauen zwischen den beteiligten Akteuren als größte Herausforderung für eine effiziente Zusammenarbeit näher beleuchtet.]
Volume
45
Journal Pages
239–243
ISSN (Online)
1862-2607
ISSN (Print)
1614-0702
Journal Article
The European Business Review
Mandy Hübener, Bianca Schmitz, Bethan Williams (2021)
Subject(s)
Economics, politics and business environment
Keyword(s)
Leadership, MBA, executive education
To guarantee maximum ROI for its clients, executive education needs to fulfil some key criteria. The content must be tailored to individuals’ profoundly personal career paths, knowledge gaps, and blind spots, and the format must also suit the learning style and working context of each participant (podcasts, TED talks, print – no learning method is invalid). Self-paced online modules are a good step in this direction, allowing a decoupling from the rigid corporate calendar or the availability of teaching faculty. But individualization must also mean creating regular opportunities to reflect on and assimilate new skills and knowledge. Furthermore, executive participants should feel they have the toolkit and the support network they need to continue their learning journey long after they leave campus.
Subject(s)
Ethics and social responsibility; Information technology and systems
Keyword(s)
disinformation, information operations, hybrid warfare, international humanitarian law, law of armed conflict
The legal implications of digital information warfare in the context of armed conflict have so far received only scarce attention. This paper aims at filling this gap by exposing some of the legal issues arising in relation to mis- and disinformation tactics during armed conflict in order to serve as a starting point for further debate in this respect:

What, if any, limits exist concerning (digital) information operations in armed conflict? Does the humanitarian legal framework adequately capture the humanitarian protection needs that arise from these types of (military) conduct? Where and how to draw the line between effects and side-effects of digitalised information warfare that should remain either within or without the protective ambit of international humanitarian law (IHL)? What are, or what should be, the limits of disinformation campaigns, “fake news”, deep fakes and the systematic manipulation of a given information space in times of armed conflict?
Journal Article
International Law Studies 97: 556–572
Robin Geiss, Henning Christian Lahmann (2021)
Subject(s)
Information technology and systems; Technology, R&D management
Keyword(s)
data protection, cyber warfare, international humanitarian law, law of armed conflict, objects, hybrid warfare, cyber attacks
This article presents a novel way to conceptualize the protection of data in situations of armed conflict. Although the question of the targeting of data through adversarial military cyber operations and its implications for the qualification of such conduct under International Humanitarian Law has been on scholars’ and states’ radar for the last few years, there remain a number of misunderstandings as to how to think about the notion of “data.” Based on a number of fictional scenarios, the article clarifies the pertinent terminology and makes some expedient distinctions between various types of data. It then analyzes how existing international humanitarian and international human rights law applies to cyber operations whose effects have an impact on data. The authors argue that given the persisting ambiguities of traditional concepts such as “object” and “attack” under international humanitarian law, the targeting of content data continues to fall into a legal grey zone, which potentially has wide-ranging ramifications both for the rights of individual civilians and the functioning of civilian societies during situations of conflict. At the same time, much legal uncertainty surrounds the application of human rights law to these contexts, and existing data protection frameworks explicitly exclude taking effect in relation to issues of security. Acknowledging these gaps, the article attempts to advance the debate by proposing a paradigm shift: Instead of taking existing rules on armed conflict and applying them to “data,” we should contemplate applying the principles of data protection, data security, and privacy frameworks to military cyber operations in armed conflict.
Volume
97
Journal Pages
556–572
Subject(s)
Ethics and social responsibility; Information technology and systems
Keyword(s)
international humanitarian law, law of armed conflict, society protection, cyber operations, cyber attacks, cybersecurity
Adversarial military cyber operations carried out during armed conflict can affect the functioning of civilian societies in unprecedented ways, challenging the protected reach of international humanitarian law (IHL). In light of this, the article argues for the recognition of new protection needs to shield critical societal processes from cyber threats in conflict situations. Although experts and states generally agree that cyber operations are subject to IHL, the digital transformation has added novel vulnerabilities that do not easily map onto the law’s traditional rationale of providing baseline protection against the ramifications of kinetic warfare, such as to minimise death, injury, and destruction among the civilian population. Today’s military cyber capabilities have the potential to severely impact essential societal processes across economic, financial, scientific, cultural, and healthcare domains as well as public information spaces. While such consequences may be more diffuse and intangible, in an interconnected world they can affect entire societies and cause systemic disruption on a major scale. Recognising this paradigm shift, the article calls for a more comprehensive understanding of what protection of the civilian population in twenty-first century warfare entails. It submits that certain societal processes and functions must be considered assets so essential as to require legal protection under IHL irrespective of possible physical aspects. In order to meaningfully expand IHL’s traditionally narrow focus on objects, kinetic warfare, and physical destruction, the article intends to initiate a discussion about adding the protection of essential societal processes as a new protection dimension to the law of armed conflict.
Subject(s)
Information technology and systems; Strategy and general management; Technology, R&D management
Keyword(s)
Cybersecurity, cyberattack, cyber defence
Cyberattacks have become part of every company’s daily routine. Every business leader must therefore prepare for a situation in which their company is successfully attacked. Defending against a cyberattack requires many parallel activities – assessing the impact, implementing technical defense measures, collecting evidence, rebuilding reliable IT systems and business processes, and communicating with customers and partners. The article describes five lessons that will help business leaders on Day X to successfully manage a serious and complex cyberattack.
ISSN (Print)
0015-6914