IT-Security and Data privacy

The research area IT Security and Data Protection pursues the goal of designing and economically evaluating mitigation and control measures for information and communication systems in and between companies. Prior to this goal, IT security investments have to be analyzed by combining quantitative methods of financial risk management with monetary and qualitative approaches in order to enable a multidimensional evaluation to improve IT security. On this basis, we support the evaluation of cost- and benefit-efficient portfolios of proactive and reactive IT security mitigation measures and pursue economically sensible IT security strategies despite limited budgets and resources. Based on the value of data, we develop decision support tools, which enable semi-automated evaluation of IT security measures to mitigate cybercrime in complex and interdependent value creation networks. Further, the research area focuses on IT security risks in critical infrastructures as well as the protection against systemic risks. Generally, these risk events occur extremely seldom, but have an immense loss potential, since often multiple companies are affected. When managing these risks, particular attention must be paid to the numerous and obscure dependency structures that result from the increasing integration of companies in global and increasingly virtualized value creation networks.

The second major area of research is data protection. In an increasingly interconnected world, data protection is a key success factor, especially in the face of increasing legal requirements (e.g., GDPR). In spite of existing data protection concerns, mobile users communicate freely and simply (mobile) and thus, enable today constant passive data collection. The so-called “return on privacy investments” from a “protection viewpoint”, emphasizes that data protection investments should be in an optimal relationship to privacy risks (e.g., a revenue collapses through reputational damages or fines). In addition, privacy enables business opportunities and is a driver for new business models through increased customer trust and reputation. With the technological innovations of the recent years, the volume of customer data that companies collect and possess has increased. At the same time, the potential to generate business-relevant insights from data analyses is constantly increasing. Current research results show, however, that customers often have great concerns regarding data protection and the use of their data. Therefore, we discuss customer needs based on the three dimensions “legal requirements”, “technical feasibility” and “monetizability of data”.

Kompetenz fim fraunhofer fit


As Fraunhofer Project Group for Information Systems, we identified the far-reaching need for action in the area of data protection as a lever for business success.

Further detailed information on this topic can be found in the following data protection brochure.

Öffentlich geförderte Forschungsprojekte:

  •  SIS 4.0(2018-2022):
    The aim of the research project “Safe Industry 4.0 in Swabia” (SIS 4.0) is the development of innovative security solutions for the transformation to Industry 4.0. With special consideration of security requirements we currently develop suitable solutions for the planning, implementation and optimization of digitalized development, production and logistic processes as well as for the design of digital and data-based services and business models based on IoT technologies.
    (funded by Bavarian State Ministry of Economic Affairs, Regional Development and Energy)
  • Oberfranken 4.0 (2016-2020):
    The aim of the research project Oberfranken 4.0 is to support small and medium-sized enterprises, especially in the North Bavarian region, with a broad spectrum of services to become familiar with trend-setting developments in the area of “Industry 4.0” and to use them for innovative solutions in their own production and logistics. Furthermore, an exemplary user factory with ultra-modern industry 4.0 demonstrators and applications on the campus of the University of Bayreuth aims to promote the transfer of knowledge and technology between research and practice. Thereby, one of the main goals is the development of new approaches for the improvement of IT security management in the industry 4.0 context. These approaches should enable companies to ensure IT security for new production processes, products and services in the area of industry 4.0.
    (funded by European Union and Oberfrankenstiftung)
  • GESINE (2012-2015):
    The focus of the GESINE project is to develop a practical security concept that provides companies with reliable information on compliance with laws and guidelines and the security of their electronic business processes.
    (funded by the Federal Ministry of Economics and Energy (BMWi))
  • eRep (2006-2009):
    The aim of this project is first to find out what can be counted as relevant information about reputation. How can this information be represented, generated and distributed? And how do agents deal with this information? In addition, the requirements for a supporting reputation system will be analyzed from a technical point of view and the question will be investigated to what extent existing systems fulfill these requirements. An assessment of the achievable degree of automation and the implementation and simulation in a distributed system round off this interdisciplinary project.
    (funded by the European Commission)

Based on the results of the research projects, the Research center FIM regularly publishes in international journals and conferences. Selected publications are:

No published publications available
Further Information you can find here.


    • Prof. Dr. Henner Gimpel, Professor of Management Engineering, University Augsburg
    • Dr. Christoph Buck, Post-doc researcher at the Chair of Information Systems Management, University  of Bayreuth
    • Dr. Robert Keller, Post-doc researcher at the Chair of Information Systems and Sustainable IT Management, University of Bayreuth