{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T19:31:55Z","timestamp":1780515115377,"version":"3.54.1"},"reference-count":78,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2019,6,4]],"date-time":"2019-06-04T00:00:00Z","timestamp":1559606400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JEIM"],"published-print":{"date-parts":[[2019,6,4]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>Current business challenges force companies to exchange critical and sensitive data. The data provider pays great attention to the usage of their data and wants to control it by policies. The purpose of this paper is to develop usage control architecture options to enable data sovereignty in business ecosystems.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>The architecture options are developed following the design science research process. Based on requirements from an automotive use case, the authors develop architecture options. The different architecture options are demonstrated and evaluated based on the case study with practitioners from the automotive industry.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>This paper introduces different architecture options for implementing usage control (UC). The proposed architecture options represent solutions for UC in business ecosystems. The comparison of the architecture options shows the respective advantages and disadvantages for data provider and data consumer.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Research limitations\/implications<\/jats:title><jats:p>In this work, the authors address only one case stemming from the German automotive sector.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Practical implications<\/jats:title><jats:p>Technical enforcement of data providers policies instead of relying on trust to support collaborative data exchange between companies.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>This research is among the first to introduce architecture options that provide a technical concept for the implementation of data sovereignty in business ecosystems using UC. Consequently, it supports the decision process for the technical implementation of data sovereignty.<\/jats:p><\/jats:sec>","DOI":"10.1108\/jeim-03-2018-0058","type":"journal-article","created":{"date-parts":[[2019,5,21]],"date-time":"2019-05-21T04:31:27Z","timestamp":1558413087000},"page":"477-495","source":"Crossref","is-referenced-by-count":45,"title":["Usage control architecture options for data sovereignty in business ecosystems"],"prefix":"10.1108","volume":"32","author":[{"given":"Johannes","family":"Zrenner","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6274-701X","authenticated-orcid":false,"given":"Frederik Oliver","family":"M\u00f6ller","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Christian","family":"Jung","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andreas","family":"Eitel","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Boris","family":"Otto","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"140","reference":[{"key":"key2020092223431090400_ref001","article-title":"Smart service welt. Umsetzungsempfehlungen f\u00fcr das Zukunftsprojekt Internetbasierte Dienste f\u00fcr die Wirtschaft","year":"2014"},{"key":"key2020092223431090400_ref002","volume-title":"Strategic Enterprise Architecture Management: Challenges, Best Practices, and Future Developments, Management for Professionals","year":"2012"},{"issue":"C","key":"key2020092223431090400_ref003","first-page":"137","article-title":"A survey on data leakage prevention systems","volume":"62","year":"2016","journal-title":"Journal of Network and Computer Applications"},{"issue":"1","key":"key2020092223431090400_ref004","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1177\/0309132516662147","article-title":"Cloud geographies: computing, data, sovereignty","volume":"42","year":"2018","journal-title":"Progress in Human Geography"},{"key":"key2020092223431090400_ref005","first-page":"398","article-title":"Digital ecosystems: principles and semantics","year":"2007"},{"key":"key2020092223431090400_ref006","doi-asserted-by":"crossref","unstructured":"Briscoe, G. and Marinos, A. (2009), \u201cDigital ecosystems in the clouds: towards community cloud computing\u201d, 3rd IEEE International Conference on Digital Ecosystems and Technologies, Piscataway, IEEE, Istanbul, July 1-3, pp. 103-108.","DOI":"10.1109\/DEST.2009.5276725"},{"key":"key2020092223431090400_ref007","doi-asserted-by":"crossref","unstructured":"Bussard, L., Neven, G. and Preiss, F.-S. (2010), \u201cDownstream usage control\u201d, IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), IEEE, Piscataway, NJ, July 21-23, pp. 22-29.","DOI":"10.1109\/POLICY.2010.17"},{"issue":"1","key":"key2020092223431090400_ref008","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1007\/s10257-010-0140-6","article-title":"Socio-technical IS design science research: developing design theory for IS integration management","volume":"9","year":"2011","journal-title":"Information Systems and e-Business Management"},{"key":"key2020092223431090400_ref009","article-title":"Digital ecosystems a next generation of the collaborative environment","year":"2006"},{"issue":"1","key":"key2020092223431090400_ref010","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1109\/MCC.2014.14","article-title":"Legal issues in the cloud","volume":"1","year":"2014","journal-title":"IEEE Cloud Computing"},{"issue":"1","key":"key2020092223431090400_ref011","doi-asserted-by":"crossref","first-page":"25","DOI":"10.5465\/amj.2007.24160888","article-title":"Theory building from cases. Opportunities and challenges","volume":"50","year":"2007","journal-title":"Academy of Management Journal"},{"issue":"4","key":"key2020092223431090400_ref012","doi-asserted-by":"crossref","first-page":"951","DOI":"10.1007\/s10772-017-9462-9","article-title":"High payload multi-channel dual audio watermarking algorithm based on discrete wavelet transform and singular value decomposition","volume":"20","year":"2017","journal-title":"International Journal of Speech Technology"},{"issue":"1","key":"key2020092223431090400_ref013","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1109\/MCC.2016.18","article-title":"Encryption-based solution for data sovereignty in federated clouds","volume":"3","year":"2016","journal-title":"IEEE Cloud Computing"},{"issue":"2","key":"key2020092223431090400_ref014","doi-asserted-by":"crossref","first-page":"219","DOI":"10.1177\/1077800405284363","article-title":"Five misunderstandings about case-study research","volume":"12","year":"2006","journal-title":"Qualitative Inquiry"},{"key":"key2020092223431090400_ref015","unstructured":"Forrester (2015), \u201cData sovereignty and SaaS: understanding the challenges and regulatory requirements\u201d, available at: www.intralinks.com\/resources\/whitepapers\/data-sovereignty-and-saas (accessed May 1, 2019)."},{"key":"key2020092223431090400_ref016","first-page":"35","article-title":"Evaluation von Artefakten in der Wirtschaftsinformatik","volume-title":"Evaluation und Evaluationsforschung in der Wirtschaftsinformatik","year":"2000"},{"issue":"2","key":"key2020092223431090400_ref017","doi-asserted-by":"crossref","first-page":"671","DOI":"10.12928\/telkomnika.v15i2.5991","article-title":"A digital rights management system based on cloud","volume":"15","year":"2017","journal-title":"Telkomnika (Telecommunication Computing Electronics and Control)"},{"key":"key2020092223431090400_ref018","doi-asserted-by":"crossref","unstructured":"Gerring, J. (2004), \u201cWhat is a case study and what is it good for?\u201d, American Political Science Review, Vol. 98 No. 2, pp. 341-354.","DOI":"10.1017\/S0003055404001182"},{"key":"key2020092223431090400_ref019","volume-title":"Case Study Research: Principles and Practices","year":"2006"},{"key":"key2020092223431090400_ref020","doi-asserted-by":"crossref","unstructured":"Gheorghe, G., Mori, P., Crispo, B. and Martinelli, F. (2010), \u201cEnforcing UCON policies on the enterprise service bus\u201d, in Meersman, R., Dillon, T. and Herrero, P. (Eds), On the Move to Meaningful Internet Systems: OTM 2010: Confederated International Conferences: CoopIS, IS, DOA and ODBASE, Hersonissos, Crete, Springer, Berlin, Proceedings, Part II, October 25-29, pp. 876-894.","DOI":"10.1007\/978-3-642-16949-6_14"},{"key":"key2020092223431090400_ref021","unstructured":"Goyal, V., Pandey, O., Sahai, A. and Waters, B. (2006), \u201cAttribute-based encryption for fine-grained access control of encrypted data\u201d, in Juels, A., Wright, R. and Di Capitani Vimercati, S. de (Eds), Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, Virginia, ACM, New York, NY, p. 89."},{"issue":"2","key":"key2020092223431090400_ref022","doi-asserted-by":"crossref","first-page":"337","DOI":"10.25300\/MISQ\/2013\/37.2.01","article-title":"Positioning and presenting design science research for maximum impact","volume":"37","year":"2013","journal-title":"MIS Quarterly"},{"key":"key2020092223431090400_ref023","unstructured":"Gustafsson, J. (2017), \u201cSingle case studies vs. multiple case studies: a comparative study\u201d, available at: www.diva-portal.org\/smash\/get\/diva2:1064378\/FULLTEXT01.pdf (accessed May 1, 2019)."},{"key":"key2020092223431090400_ref024","unstructured":"Henke, M. and Kuhn, A. (Eds) (2017), Kollaboration als Schl\u00fcssel zum erfolgreichen Transfer von Innovation: Analyse von Treibern und Hemmnissen in der Automobillogistik, Herbert UTZ, M\u00fcnchen."},{"issue":"1","key":"key2020092223431090400_ref025","doi-asserted-by":"crossref","first-page":"75","DOI":"10.2307\/25148625","article-title":"Design science in information systems research","volume":"28","year":"2004","journal-title":"MIS Quarterly: Management Information Systems"},{"key":"key2020092223431090400_ref026","doi-asserted-by":"crossref","unstructured":"Hilty, M., Basin, D. and Pretschner, A. (2005), \u201cOn Obligations\u201d, in Di Capitani Vimercati, S., de, Gollmann, D. and Syverson, P. (Eds), Computer Security \u2013 ESORICS 2005: 10th European Symposium on Research in Computer Security, Milan, Proceedings, Lecture Notes in Computer Science, Springer, Berlin and Heidelberg, September 12-14, pp. 98-117.","DOI":"10.1007\/11555827_7"},{"key":"key2020092223431090400_ref027","doi-asserted-by":"crossref","unstructured":"Hippelainen, L., Oliver, I. and Lal, S. (2017), \u201cTowards dependably detecting geolocation of cloud servers\u201d, in Tally, R.T., Battista, C.M., Yan, Z., Molva, R., Mazurczyk, W. and Kantola, R. (Eds), Ecocriticism and Geocriticism\/Network and System Security: Overlapping Territories in Environmental and Spatial Literary Studies\/11th International Conference, NSS 2017, Helsinki, Proceedings, Geocriticism and Spatial Literary Studies, Palgrave Macmillan; Springer, New York, August 21-23, pp. 643-656.","DOI":"10.1007\/978-3-319-64701-2_51"},{"issue":"4","key":"key2020092223431090400_ref028","doi-asserted-by":"crossref","first-page":"795","DOI":"10.4156\/jdcta.vol7.issue4.95","article-title":"A method for trusted usage control over digital contents based on cloud computing","volume":"7","year":"2013","journal-title":"International Journal of Digital Content Technology and its Applications"},{"issue":"3-4","key":"key2020092223431090400_ref029","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1002\/poi3.10","article-title":"Government cloud computing and national data sovereignty","volume":"4","year":"2012","journal-title":"Policy & Internet"},{"issue":"3","key":"key2020092223431090400_ref030","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1108\/OHI-03-2007-B0006","article-title":"On case study methodology","volume":"32","year":"2007","journal-title":"Open House International"},{"key":"key2020092223431090400_ref031","unstructured":"Jung, C., Eitel, A. and Schwarz, R. (2014), \u201cEnhancing cloud security with context-aware usage control policies\u201d, in Pl\u00f6dereder, E., Grunske, L., Schneider, E. and Ull, D. (Eds), 44. Jahrestagung der Gesellschaft f\u00fcr Informatik: Big Data \u2013 Komplexit\u00e4t meistern, GI, Stuttgart, pp. 211-222."},{"key":"key2020092223431090400_ref032","doi-asserted-by":"crossref","unstructured":"Kalam, A.A.E., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C. and Trouessin, G. (2003), \u201cOrganization based access control\u201d, Proceedings, POLICY 2003: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, IEEE, Lake Como, June 4-6, pp. 120-131.","DOI":"10.1109\/POLICY.2003.1206966"},{"key":"key2020092223431090400_ref033","first-page":"231","article-title":"Enabling data sharing in contextual environments. Policy representation and analysis","year":"2017"},{"key":"key2020092223431090400_ref034","doi-asserted-by":"crossref","first-page":"137","DOI":"10.1016\/j.ins.2013.10.005","article-title":"CoBAn: a context based model for data leakage prevention","volume":"262","year":"2014","journal-title":"Information Sciences"},{"key":"key2020092223431090400_ref035","doi-asserted-by":"crossref","unstructured":"Kazman, R., Asundi, J. and Klein, M. (2001), \u201cQuantifying the costs and benefits of architectural decisions\u201d, Proceedings of the 23rd International Conference on Software Engineering: ICSE, IEEE Computer Society, IEEE, Toronto, May 12-19, pp. 297-306.","DOI":"10.1109\/ICSE.2001.919103"},{"key":"key2020092223431090400_ref036","doi-asserted-by":"crossref","unstructured":"Kelbert, F. and Pretschner, A. (2012), \u201cTowards a policy enforcement infrastructure for distributed usage control\u201d, in Atluri, V. (Ed.), Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, ACM, New York, NY, pp. 119-122.","DOI":"10.1145\/2295136.2295159"},{"key":"key2020092223431090400_ref037","unstructured":"Kumari, P. and Pretschner, A. (2012), \u201cDeriving implementation-level policies for usage control enforcement\u201d, in Bertino, E. (Ed.), Proceedings of the Second ACM Conference on Data and Application Security and Privacy, ACM, New York, NY, February 7-9, p. 83."},{"issue":"4","key":"key2020092223431090400_ref038","doi-asserted-by":"crossref","first-page":"346","DOI":"10.3414\/ME14-01-0137","article-title":"Exploiting distributed, heterogeneous and sensitive data stocks while maintaining the owner\u2019s data sovereignty","volume":"54","year":"2015","journal-title":"Methods of Information in Medicine"},{"key":"key2020092223431090400_ref039","doi-asserted-by":"crossref","unstructured":"Lee, J.S., Pries-Heje, J. and Baskerville, R. (2011), \u201cTheorizing in design science research\u201d, in Jain, H., Sinha, A.P. and Vitharana, P. (Eds), Service-Oriented Perspectives in Design Science Research, Springer, Berlin and Heidelberg, pp. 1-16.","DOI":"10.1007\/978-3-642-20633-7_1"},{"key":"key2020092223431090400_ref040","first-page":"1546","article-title":"Evaluation of current architecture frameworks","year":"2006"},{"issue":"1","key":"key2020092223431090400_ref041","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1109\/JPROC.2004.839623","article-title":"Advances in digital video content protection","volume":"93","year":"2005","journal-title":"Proceedings of the IEEE"},{"key":"key2020092223431090400_ref042","first-page":"49","article-title":"Digital rights management for content distribution","year":"2003"},{"issue":"6","key":"key2020092223431090400_ref043","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1109\/CC.2017.7961371","article-title":"Digital rights management. Model, technology and application","volume":"14","year":"2017","journal-title":"China Communications"},{"issue":"4","key":"key2020092223431090400_ref044","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1016\/0167-9236(94)00041-2","article-title":"Design and natural science research on information technology","volume":"15","year":"1995","journal-title":"Decision Support Systems"},{"issue":"1","key":"key2020092223431090400_ref045","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1177\/0003603X0605100103","article-title":"Business ecosystems and the view from the firm","volume":"51","year":"2006","journal-title":"The Antitrust Bulletin"},{"key":"key2020092223431090400_ref046","doi-asserted-by":"crossref","unstructured":"Naab, M., Braun, S., Lenhart, T., Hess, S., Eitel, A., Magin, D., Carbon, R. and Kiefer, F. (2015), \u201cWhy data needs more attention in architecture design \u2013 experiences from prototyping a large-scale mobile app ecosystem\u201d, in Bass, L., Lago, P. and Kruchten, P. (Eds), 12th Working IEEE\/IFIP Conference on Software Architecture, WICSA 2015: Montr\u00e9al, IEEE, Piscataway, NJ, May 4-8, pp. 75-84.","DOI":"10.1109\/WICSA.2015.13"},{"key":"key2020092223431090400_ref047","unstructured":"Nachira, F. (2002), \u201cToward a network of digital business ecosystems fostering the local development\u201d, available at: www.digital-ecosystems.org\/doc\/discussionpaper.pdf (accessed May 1, 2019)."},{"key":"key2020092223431090400_ref048","first-page":"465","article-title":"Towards data sovereignty in cyberspace","year":"2015"},{"key":"key2020092223431090400_ref049","unstructured":"OASIS (2013), \u201ceXtensible access control markup language (XACML) version 3.0\u201d, available at: http:\/\/docs.oasis-open.org\/xacml\/3.0\/xacml-3.0-core-spec-os-en.html (accessed January 16, 2018)."},{"key":"key2020092223431090400_ref050","unstructured":"Object Management Group (2016), \u201cSemantics of business vocabulary and business rules (SBVR)\u201d, available at: www.omg.org\/spec\/SBVR\/About-SBVR\/ (accessed May 1, 2019)."},{"key":"key2020092223431090400_ref051","unstructured":"Object Management Group (2017), \u201cData residency challenges and opportunities for standardization\u201d, available at: www.omg.org\/cgi-bin\/doc?mars\/17-03-22.pdf (accessed January 16, 2018)."},{"key":"key2020092223431090400_ref052","doi-asserted-by":"crossref","unstructured":"Otto, B., Hompel, M.T. and Wrobel, S. (2018), \u201cIndustrial data space\u201d, in Neugebauer, R. (Ed.), Digitalisierung: Referenzarchitektur f\u00fcr die Digitalisierung der Wirtschaft, Springer, Berlin and Heidelberg, pp. 113-133.","DOI":"10.1007\/978-3-662-55890-4_8"},{"key":"key2020092223431090400_ref053","unstructured":"Otto, B., Lohmann, S., Auer, S., Brost, G., Cirullies, J., Eitel, A., Ernst, T., Haas, C., Huber, M., Jung, C., J\u00fcrjens, J., Lange, C., Mader, C., Menz, N., Nagel, R., Pettenpohl, H., Pullmann, J., Quix, C., Schon, J., Schulz, D., Sch\u00fctte, J., Spiekermann, M. and Wenzel, S. (2017), \u201cReference architecture model for the industrial data space\u201d, International Data Space Association, Fraunhofer-Geschsllschaft, available at: www.fraunhofer.de\/content\/dam\/zv\/de\/Forschungsfelder\/industrial-data-space\/IDS_Referenz_Architecture.pdf (accessed May 1, 2019)."},{"key":"key2020092223431090400_ref054","unstructured":"Park, J. and Sandhu, R. (2002), \u201cTowards usage control models. Beyond traditional access control\u201d, in Sandhu, R. (Ed.), Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, ACM, New York, NY, June 3-4, p. 57."},{"issue":"1","key":"key2020092223431090400_ref055","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1145\/984334.984339","article-title":"The UCON ABC usage control model","volume":"7","year":"2004","journal-title":"ACM Transactions on Information and System Security"},{"issue":"9","key":"key2020092223431090400_ref056","doi-asserted-by":"crossref","first-page":"60","DOI":"10.1109\/MC.2011.225","article-title":"Sticky policies: An approach for managing privacy across multiple parties","volume":"44","year":"2011","journal-title":"Computer"},{"issue":"3","key":"key2020092223431090400_ref057","doi-asserted-by":"crossref","first-page":"45","DOI":"10.2753\/MIS0742-1222240302","article-title":"A design science research methodology for information systems research","volume":"24","year":"2007","journal-title":"Journal of Management Information Systems"},{"key":"key2020092223431090400_ref058","first-page":"267","article-title":"Business ecosystem as the new approach to complex adaptive business environments","volume-title":"Frontiers of e-Business Research-Conference Proceedings","year":"2004"},{"key":"key2020092223431090400_ref059","first-page":"9","article-title":"A position paper on data sovereignty. The importance of geolocating data in the cloud","year":"2011"},{"key":"key2020092223431090400_ref060","article-title":"An Internet with BRICS characteristics. Data sovereignty and the balkanisation of the Internet","year":"2014"},{"issue":"9","key":"key2020092223431090400_ref061","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1145\/1151030.1151053","article-title":"Distributed usage control","volume":"49","year":"2006","journal-title":"Communications of the ACM"},{"key":"key2020092223431090400_ref062","doi-asserted-by":"crossref","unstructured":"Pretschner, A., Hilty, M., Basin, D., Schaefer, C. and Walter, T. (2008), \u201cMechanisms for usage control\u201d, in Abe, M. (Ed.), Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ACM, New York, NY, pp. 240-244.","DOI":"10.1145\/1368310.1368344"},{"issue":"4","key":"key2020092223431090400_ref063","doi-asserted-by":"crossref","first-page":"655","DOI":"10.1079\/PNS2004399","article-title":"Focus-group interview and data analysis","volume":"63","year":"2004","journal-title":"Proceedings of the Nutrition Society"},{"key":"key2020092223431090400_ref064","doi-asserted-by":"crossref","unstructured":"Rudolph, M., Moucha, C. and Feth, D. (2016), \u201cA framework for generating user-and domain-tailored security policy editors\u201d, IEEE 24th International Requirements Engineering Conference workshops: Proceedings, IEEE, Piscataway, NJ, September 12-16, pp. 56-61.","DOI":"10.1109\/REW.2016.024"},{"key":"key2020092223431090400_ref065","doi-asserted-by":"crossref","unstructured":"Rudolph, M., Schwarz, R. and Jung, C. (2014), \u201cSecurity policy specification templates for critical infrastructure services in the cloud\u201d, 9th International Conference for Internet Technology and Secured Transactions, IEEE, Piscataway, NJ, December 8-10, pp. 61-66.","DOI":"10.1109\/ICITST.2014.7038776"},{"key":"key2020092223431090400_ref066","doi-asserted-by":"crossref","unstructured":"Sandhu, R. and Park, J. (2003), \u201cUsage control. A vision for next generation access control\u201d, in Gorodetsky, V., Popyack, L. and Skormin, V. (Eds), Computer Network Security: Second International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2003, St Petersburg. Proceedings, Lecture Notes in Computer Science, Vol. 2776, Springer, Berlin and Heidelberg, September 21-23, pp. 17-31.","DOI":"10.1007\/978-3-540-45215-7_2"},{"issue":"11","key":"key2020092223431090400_ref067","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1109\/2.241422","article-title":"Lattice-based access control models","volume":"26","year":"1993","journal-title":"Computer"},{"issue":"9","key":"key2020092223431090400_ref068","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/35.312842","article-title":"Access control. Principle and practice","volume":"32","year":"1994","journal-title":"IEEE Communications Magazine"},{"key":"key2020092223431090400_ref069","first-page":"271","article-title":"Insider threats in corporate environments. A case study for data leakage prevention","year":"2012"},{"issue":"3","key":"key2020092223431090400_ref070","first-page":"102","article-title":"Digital rights management. The technology behind the hype","volume":"4","year":"2003","journal-title":"Journal of Electronic Commerce Research"},{"issue":"7","key":"key2020092223431090400_ref071","doi-asserted-by":"crossref","first-page":"440","DOI":"10.1007\/s11623-016-0633-7","article-title":"Datenschutz und datenanalyse","volume":"40","year":"2016","journal-title":"Datenschutz und Datensicherheit \u2013 DuD"},{"issue":"6","key":"key2020092223431090400_ref072","doi-asserted-by":"crossref","first-page":"511","DOI":"10.1177\/1077800411409884","article-title":"A typology for the case study in social science following a review of definition, discourse, and structure","volume":"17","year":"2011","journal-title":"Qualitative Inquiry"},{"key":"key2020092223431090400_ref073","doi-asserted-by":"crossref","unstructured":"Tremblay, M.C., Hevner, A.R. and Berndt, D.J. (2010), \u201cThe use of focus groups in design science research\u201d, in Hevner, A. and Chatterjee, S. (Eds), Design Research in Information Systems: Theory and Practice, Springer, Boston, MA, pp. 121-143.","DOI":"10.1007\/978-1-4419-5653-8_10"},{"key":"key2020092223431090400_ref074","first-page":"9","article-title":"Standing on the shoulders of giants: challenges and recommendations of literature search in information systems research","volume":"37","year":"2015","journal-title":"CAIS"},{"issue":"2","key":"key2020092223431090400_ref075","first-page":"xiii","article-title":"Analyzing the past to prepare for the future: writing a literature review","volume":"26","year":"2002","journal-title":"MIS Quarterly: Management Information Systems"},{"key":"key2020092223431090400_ref076","first-page":"39","article-title":"An active data leakage prevention model for insider threat","year":"2011"},{"key":"key2020092223431090400_ref077","volume-title":"Case Study Research: Design and Methods","year":"2008","edition":"4th ed."},{"issue":"2","key":"key2020092223431090400_ref078","first-page":"454","article-title":"Framework for information systems architecture","volume":"38","year":"1999","journal-title":"IBM Systems Journal"}],"container-title":["Journal of Enterprise Information Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/JEIM-03-2018-0058\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/JEIM-03-2018-0058\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T22:31:02Z","timestamp":1753396262000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/jeim\/article\/32\/3\/477-495\/196655"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,4]]},"references-count":78,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2019,6,4]]}},"alternative-id":["10.1108\/JEIM-03-2018-0058"],"URL":"https:\/\/doi.org\/10.1108\/jeim-03-2018-0058","relation":{},"ISSN":["1741-0398"],"issn-type":[{"value":"1741-0398","type":"print"}],"subject":[],"published":{"date-parts":[[2019,6,4]]}}}