Abschlussarbeiten

In the digital age, organizations heavily rely on information technology (IT) systems to store and process sensitive data, making them prime targets for cyberattacks. While extensive research has been conducted on the technical aspects of cybersecurity incidents, there is a growing need to understand the psychological impact on IT employees who play a pivotal role in detecting, mitigating, and recovering from such incidents. This master's thesis aims to investigate the psychological reactions of IT employees when confronted with significant cybersecurity incidents and provide insights that can enhance employee well-being and organizational resilience.

Possible Research Objectives:

1. To explore the emotional and cognitive responses of IT employees during and after significant cybersecurity incidents.
2. To identify the factors that influence the psychological reactions of IT employees to cybersecurity incidents, including the severity of the incident, organizational support, and individual characteristics.
3. To examine the long-term effects of cybersecurity incidents on IT employees, such as post-traumatic stress, job satisfaction, and performance.

Methodology:

1. Literature Review: Conduct an extensive review of the existing literature on cybersecurity incidents, their psychological impact on employees, and relevant psychological theories (e.g., stress theory, coping mechanisms, and resilience).
2. Interviews: Conduct expert interviews with IT employees who have experienced significant cybersecurity incidents. Explore their emotional responses, coping strategies, and perceptions of organizational support.
3. Data Analysis: Analyze interview data using qualitative methods to identify patterns and factors influencing psychological reactions.
4. Longitudinal Study: If possible, follow a subset of IT employees over time to assess the long-term effects of cybersecurity incidents on their psychological well-being.

Expected Contributions:

1. Enhanced Understanding: This research will contribute to a better understanding of the psychological reactions of IT employees to significant cybersecurity incidents, shedding light on the emotional and cognitive aspects of incident response.
2. Organizational Insights: Findings will provide organizations with insights into how to better support IT employees during and after cybersecurity incidents, potentially reducing the long-term negative impact.
3. Academic Contribution: The thesis will contribute to the academic literature on the intersection of cybersecurity and psychology, filling a gap in the current research landscape.

Contact: Prof. Dr. Arne Buchwald

In September 2020, an ransomware attack disrupted IT systems at the University Hospital of Düsseldorf, halting operations and forcing patient diversions. Tragically, a critically ill patient died due to delayed care, marking the first known fatality linked to a cyberattack on a healthcare institution (O'Neill 2020).

• High Stakes: Hospitals rely heavily on interconnected systems for patient care. Even minor disruptions can lead to life-threatening consequences (Coventry and Branley 2018).
• Financial and Operational Impact: Besides patient safety risks, ransomware attacks impose significant recovery costs and disrupt hospital workflows (Neprash et al. 2022).
• Increased Targeting: Cybercriminals use the sensitivity of healthcare services, knowing providers are more likely to pay to restore access (Neprash et al. 2022; O'Neill 2020).

➥ What are the key components of a ransomware readiness framework for hospitals? How do hospitals train staff to recognize and respond to ransomware threats? What gaps in cyber hygiene practices are most common among healthcare staff?

Literature

Coventry, L., and Branley, D. 2018. "Cybersecurity in Healthcare: A Narrative Review of Trends, Threats and Ways Forward," Maturitas (113), pp. 48-52.

Neprash, H. T., McGlave, C. C., Cross, D. A., Virnig, B. A., Puskarich, M. A., Huling, J. D., Rozenshtein, A. Z., and Nikpay, S. S. 2022. "Trends in Ransomware Attacks on Us Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016-2021," JAMA Health Forum (3:12), pp. e224873-e224873.

O'Neill, P. H. 2020. "A Paitent Has Died after Ransomware Hackers Hit a German Hospital." 2024, from https://www.technologyreview.com/2020/09/18/1008582/a-patient-has-died-after-ransomware-hackers-hit-a-german-hospital/

Contact: Deinera Jechle (öffnet neues Fenster)

In the plant and engineering industry, the utilization of data-driven approaches has the potential to revolutionize service delivery. Companies in this sector are increasingly exploring innovative data-driven service models to enhance operational efficiency and customer satisfaction. This master's thesis aims to investigate the prerequisites necessary for the successful implementation of innovative data-driven service models in the plant and engineering industry, considering the perspectives of both service providers and service recipients.

Possible Research Objectives:

1. To identify the key prerequisites for companies in the plant and engineering industry to develop and implement data-driven service models effectively.
2. To examine the expectations and requirements of clients and customers (service recipients) within the industry regarding data-driven services and their perceived value.
3. To analyze the alignment between the prerequisites identified on the service provider side and the expectations of clients and customers, with a focus on potential gaps and areas of convergence.
4. To explore case studies of organizations within the plant and engineering industry that have successfully implemented data-driven service models to understand best practices and lessons learned.

Methodology:

1. Literature Review: Conduct an extensive review of the literature on data-driven service models (e.g., pay-per-x), literature in the plant and engineering industry, innovation, and client/customer expectations in the digital age.
2. Expert Interviews: Conduct expert interviews with clients and customers (service recipients) on their respective perspectives, prerequisites, and expectations regarding data-driven services.
3. Case Studies: Select and analyze case studies of organizations within the plant and engineering industry that have successfully implemented data-driven service models, investigating the strategies they employed and the challenges they overcame.

Expected Contributions:

1. Industry-Specific Insights: This research will provide industry-specific insights into the prerequisites necessary for the successful implementation of data-driven service models in the plant and engineering sector.
2. Alignment Insights: Findings will offer insights into the alignment (or misalignment) between service providers' efforts and the expectations of clients and customers, helping organizations bridge potential gaps and deliver more valuable data-driven services.
3. Practical Guidance: The thesis will provide practical recommendations for companies in the plant and engineering industry aiming to innovate their service models through data-driven approaches, based on empirical data and real-world case studies.

Contact: Prof. Dr. Arne Buchwald

Disruptive Unternehmen wie z.B. FinTechs, RegTechs, LegalTechs oder HealthTechs haben sich zum Ziel gesetzt, die Wertschöpfungsketten tradierter Unternehmen aufzubrechen. 

•    Welchen Unternehmen ist das gelungen und warum?
•    Was sind die kritischen Erfolgsfaktoren?
•    Was sind die Implikationen für die weitere Entwicklung dieser Unternehmen?
•    etc.
 

Ansprechpartner:  Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Das Institut für Dienstleistungsmanagement führt regelmäßig eine quantitative Erhebung mit den Sourcing-Verantwortlichen in den größten deutschen Unternehmen durch. Uns interessiert, welche Herausforderungen die Manager im Thema Sourcing heute und für die nahe Zukunft sehen.

Frühere Studien wurden jeweils mit großem Erfolg publiziert, z.B.:
Gewald, Heiko and Schäfer, Leonie (2017) Quo vadis outsourcing? A view from practice. Journal of Global Operations and Strategic Sourcing, 10 (1). pp. 2-17. ISSN 2398-5364

Die konkrete Ausgestaltung des empirischen Vorgehens wird in enger Abstimmung mit dem Betreuer festgelegt.

Ansprechpartner: Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Viele Unternehmen beschäftigen Unternehmensberater, um große und komplexe Projekte zu bewältigen. Die Arbeitsbeziehung zwischen BeraterInnen und ihren KundInnen sind vielfach noch unerforscht.

Spannende Fragestellungen sind beispielsweise:

•    Wie findet Know-how Transfer zwischen Berater und Kunde statt?
•    Welche Rolle spielt persönliche „Nähe“ zwischen Berater und Kunde (z.B. gleiches Studium) in der Projektarbeit?
•    Welche kritischen Erfolgsfaktoren (in der Beziehung zwischen Kunde und Berater) erhöhen die Chancen erfolgreicher Projektarbeit?

Ansprechpartner:  Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Die raschen Fortschritte in der Künstlichen Intelligenz (KI) eröffnen neue Horizonte und verändern die Landschaft der Technologie und des Arbeitsmarktes in einer neuen Art und Weise. Diese Entwicklungen haben bereits heute Auswirkungen auf bestehende Aufgaben und Verantwortlichkeiten in verschiedenen Bereichen. Mögliche Forschungsfragen für eine Abschlussarbeit wären:

• Welche konkreten Auswirkungen haben die neuesten Fortschritte in der KI auf bestehende Aufgaben in verschiedenen Branchen?

• Wie verändern sich die Verantwortlichkeiten von Fachleuten und Mitarbeitern aufgrund der Implementierung von fortschrittlicher KI-Technologie?

• Welche neuen Qualifikationen und Fähigkeiten sind erforderlich, um den Anforderungen im Zeitalter der fortschrittlichen KI gerecht zu werden?

• Welche Herausforderungen ergeben sich für Unternehmen und Organisationen im Umgang mit den sich verändernden Aufgaben und Verantwortlichkeiten aufgrund der neuen KI-Technologien?

Ansprechpartner: Nikola Finze

As organizations increasingly recognize the strategic importance of data, the role of Chief Data Officer (CDO) has gained prominence. However, the responsibilities and success criteria associated with this role can vary widely across industries and organizations. This master's thesis aims to investigate the nature of the Chief Data Officer role and develop a framework for defining success metrics that can effectively measure the impact of CDOs in different organizational contexts.

Possible Research Objectives:

1. To comprehensively analyze the responsibilities and functions of Chief Data Officers across a diverse range of industries and organizations.
2. To identify key performance indicators (KPIs) and success metrics that are relevant and effective in assessing the impact and contributions of CDOs.
3. To explore case studies of organizations with successful CDO implementations, examining the strategies, challenges, and outcomes associated with their data leadership.
4. To develop a flexible framework for assessing the success of Chief Data Officers that can be tailored to the unique needs and goals of different organizations.

Methodology:

1. Literature Review: Conduct an extensive review of the literature on emerging Top Management Team (TMT) roles, on the role of Chief Data Officers, their responsibilities, and existing success metrics.
2. Expert Interviews: Conduct expert interviews with CDOs and senior executives in various industries to gather insights into their roles, responsibilities, and the metrics they use to measure success.
3. Case Studies: Select and analyze case studies of organizations that have successfully implemented the CDO role, examining their strategies, challenges, and the impact on data-driven decision-making and business outcomes.
4. Framework Development: Based on research findings, develop a flexible framework for defining success metrics for Chief Data Officers that considers the unique characteristics of different organizations.

Expected Contributions:

1. Role Clarity: This research will provide clarity on the evolving role of Chief Data Officers, shedding light on their responsibilities and functions in diverse organizational contexts.
2. Success Metrics: Findings will offer insights into effective success metrics and KPIs that can be used to evaluate the impact and contributions of CDOs.
3. Practical Guidance: The thesis will provide practical guidance for organizations seeking to establish or enhance the CDO role within their structures, including recommendations for measuring the success of CDOs in a way that aligns with their specific goals.

Contact: Prof. Dr. Arne Buchwald

The proliferation of no-code and low-code platforms has empowered non-technical employees to develop applications and automate processes without formal IT involvement. Simultaneously, the phenomenon of "Shadow IT," where employees use unauthorized software and applications, poses challenges to IT governance and security. This master's thesis aims to investigate the intricate relationship and dynamics between the adoption of no-code/low-code platforms and the prevalence of Shadow IT within organizations, exploring the potential synergies and conflicts that arise.

Possible Research Objectives:

1. To examine the adoption patterns of no-code/low-code platforms within organizations, including the motivations and challenges associated with their implementation.
2. To analyze the extent and nature of Shadow IT practices, identifying the reasons why employees resort to unauthorized software and applications.
3. To investigate the influence of no-code/low-code platforms on the emergence and evolution of Shadow IT within organizations.
4. To explore strategies and best practices for organizations to harness the potential benefits of no-code/low-code platforms while managing the associated risks of Shadow IT.

Methodology:

1. Literature Review: Conduct a comprehensive review of the literature on no-code/low-code platforms, Shadow IT, and their implications for organizational IT governance.
2. Expert Interviews: Conduct expert interviews with IT professionals, business users, and organizational leaders to gather data on the adoption of no-code/low-code platforms, Shadow IT practices, and the perceived impact on organizational dynamics.
3. Case Studies: Select and analyze case studies of organizations that have experienced the adoption of no-code/low-code platforms and assess how this adoption has influenced Shadow IT dynamics.

Expected Contributions:

1. Insights into Adoption Patterns: This research will provide insights into the motivations and challenges associated with the adoption of no-code/low-code platforms within organizations.
2. Understanding of Shadow IT: Findings will enhance our understanding of Shadow IT practices, shedding light on the reasons why employees resort to unauthorized software.
3. Relationship Dynamics: The thesis will elucidate the complex relationship and dynamics between no-code/low-code adoption and the emergence of Shadow IT.
4. Practical Guidance: The research will offer practical guidance for organizations on how to harness the benefits of no-code/low-code platforms while effectively managing Shadow IT risks.

Contact: Prof. Dr. Arne Buchwald

In Zusammenarbeit mit Elried Markeingssysteme GmbH bietet das CROSS diverse Möglichkeiten zur Gestaltung einer Abschlussarbeit. Die konkrete Forschungsfrage wird individuell mit den Betreuern festgelegt. Folgende Themen sind aktuell von Interesse:

Bachelorarbeiten:

• Modernisierung und Systematisierung des Error Handlings der edding Compact Printer
• Konzeptionierung eines datenträgerbasierten Austausches von Druckdaten mit edding Compact Printern
• Einsatz von edding Compact Printern in der serialisierten Kennzeichnung vom Pharmaverpackungen
• Entwicklung einer automatisierten Prüfroutine für die Fertigung von edding Compact Printern

Arbeiten für Werksstudenten / Praxissemester:

• Entwicklungsbegleitung einer neuen Produktvariante der Serie der edding Compact Printer (verschiedene Startpunkte möglich, da pro Jahr 1-2 neue Varianten)
• Entwicklung eines (teil-) automatisierten Testverfahrens für die Softwareentwicklung von edding Compact Printern
• Entwicklung eines automatisierten Prüfsystems für edding Tinten durch eine Kombination aus Motorik, Printlogik und Bilderkennung

Ansprechpartner:  Prof Dr. Heiko Gewald (öffnet neues Fenster)

Digitale Gesundheitstechnologien (Websites, Plattformen, Soziale Netzwerke, Apps, Wearables, etc.) haben zum Ziel die Gesundheit und das Wohlbefinden von Konsumenten positiv zu beeinflussen.

In der Forschung ist jedoch wenig darüber bekannt, welche Faktoren die potentiellen eHealth-NutzerInnen in Ihrer Adoption und Nutzung solcher Technologien beeinflussen und welchen Einfluss eine tatsächliche eHealth-Nutzung auf Gesundheit und Wohlbefinden der NutzerInnen hat.

Entsprechend sollen auf Basis theoretischer Modelle und empirischer Studien neue Erkenntnisse zur Adoption, Nutzung und bestenfalls auch zu Auswirkungen von eHealth gewonnen werden.

Eine empirische Studie kann sowohl qualitativ (Interviews mit Konsumenten) und/oder quantitativ (Fragebogen) durchgeführt werden, wobei eine quantitative Studie bevorzugt wird. Als Probanden können sowohl die "allgemeine" Bevölkerung, aber auch spezielle Gruppen, wie SeniorInnen oder PatientInnen, dienen.

Die Auswahl der theoretischen Grundlagen/Modelle, Forschungsmethode, Zielgruppe und Art der eHealth-Technologie werden Rücksprachen mit dem Betreuer der Abschlussarbeit festgelegt.

Ansprechpartner: Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Die Online Bewertung von ÄrztInnen (z.B. bei Google oder jameda) bleibt ein spannendes Thema. In Deutschland führt diese Form der Arztbewertung noch ein Schattendasein, gewinnt aber immer stärker an Bedeutung.

Interessante Fragestellungen sind beispielsweise:
•    wie funktioniert die kognitive Bewertung des Arztes beim Patienten/Patientin?
•    Warum schreiben manche PatientInnen eine Bewertung und andere nicht?
•    Kann durch kreative Maßnahmen der ÄrztInnen die Anzahl der Bewertungen gesteigert werden?

Die Festlegung des konkreten Themas erfolgt in Rücksprache.

Ansprechpartner: Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Large enterprises are increasingly adopting cloud computing services and Software as a Service (SaaS) applications to enhance agility, scalability, and cost-effectiveness. However, the proliferation of SaaS subscriptions can lead to complex cost management challenges. This master's thesis aims to investigate the adoption of cloud computing in large firms, focusing on the challenges and strategies related to cost management amid the growing number of SaaS subscriptions.

Possible Research Objectives:

1. To identify the challenges and complexities associated with managing the costs of a vast number of SaaS subscriptions in large firms.
2. To investigate the strategies and best practices employed by large enterprises to effectively manage and optimize SaaS-related costs while maximizing value.

Methodology:

1. Literature Review: Conduct an extensive review of the literature on cloud computing adoption, SaaS subscriptions, and clou computing cost management.
2. Expert Interviews: Conduct expert interviews with IT professionals, finance executives, and decision-makers in large enterprises to gather data on cloud adoption, SaaS subscriptions, and cost management practices.
3. Case Studies: Select and analyze case studies of large enterprises that have successfully managed and optimized SaaS-related costs, examining their strategies, tools, and outcomes.

Expected Contributions:

1. Adoption Patterns: This research will provide insights into the patterns and drivers of cloud computing adoption, with a particular emphasis on the proliferation of SaaS subscriptions in large firms.
2. Cost Management Challenges: Findings will elucidate the challenges and complexities associated with managing a vast number of SaaS subscriptions and their associated costs.
3. Best Practices: The thesis will offer valuable best practices and strategies for large enterprises to effectively manage and optimize SaaS-related costs while maximizing value.

Contact: Prof. Dr. Arne Buchwald

Large organizations, such as Lufthansa Airlines, rely on the expertise and support of external providers to fulfill their duties. In order to steer the activities of the providers, a management system has to be established. Over the past decades, the structure of such systems has evolved with Service Level Agreements (SLAs) becoming an integral part of it. These SLAs are oftentimes customized to specific scenarios and lack standardization, hence, leading to increased administrative overhead.

This master thesis, in collaboration with Lufthansa Airlines, will address the following issues:

1. What is the status quo in SLA-driven provider management? (Methodology: Literature Analysis according to Webster & Watson (2002))
2. What are expectations on sound SLAs in airline provider management? How are SLAs currently utilized at Lufthansa Airlines to steer providers? (Methodology: Semi-structured expert interviews)
3. Development of a blueprint for the ground operations department by combining the learnings from (1) and (2) (Methodology TBD)

Ansprechpartner: Prof. Dr. Arne Buchwald

In the evolving landscape of IT outsourcing, organizations often consider transitioning from one IT outsourcing vendor to another, seeking to improve service quality, cost efficiency, and alignment with evolving business needs. At the same time, organizations often experience a decrease in the capabilities of their internal IT team to effectively steer the IT outsourcing vendor. This master's thesis aims to investigate the complex challenges associated with multi-transitions in IT outsourcing, where the internal retained IT organization's ability to manage and govern the vendor diminishes with each switch. It explores the economic, organizational, and technical implications of such transitions and seeks to identify strategies for navigating these challenges successfully.

Possible Research Objectives:

1. To analyze the economic factors driving organizations to transition from one IT outsourcing vendor to another and assess the cumulative cost implications of multiple transitions.
2. To investigate the organizational challenges arising from diminishing in-house IT steering capabilities, including the impact on governance, stakeholder alignment, and IT outsourcing vendor management.
3. To examine the technical complexities and risks involved in successive transitions and assess the impact on IT systems, data, and processes.
4. To identify best practices and strategies for organizations facing multi-transitions in IT outsourcing, focusing on mitigating challenges and optimizing vendor relationships in this evolving landscape.

Methodology:

1. Literature Review: Conduct an extensive review of the literature on IT outsourcing transitions, multi-transitions, and technical complexities.
2. Expert Interviews: Conduct expert interviews with IT professionals, decision-makers, and IT outsourcing vendor representatives from organizations that have undergone multiple IT outsourcing transitions.
3. Data Analysis: Analyze interview findings to identify common economic, organizational, and technical challenges faced during multi-transitions in IT outsourcing.
4. Case Studies: Select and analyze case studies of organizations that have successfully managed multi-transitions in IT outsourcing, examining their strategies, best practices, and lessons learned.
5. Framework Development: Develop a practical framework for organizations to assess and plan for multi-transitions in IT outsourcing, including strategies for addressing the identified challenges.

Expected Contributions:

1. Economic Insights: This research will provide insights into the economic drivers and cumulative cost implications of transitioning between IT outsourcing vendors while experiencing diminishing internal steering capabilities.
2. Organizational Challenges: Findings will shed light on the organizational challenges, including governance and stakeholder alignment, associated with successive transitions.
3. Technical Complexities: The thesis will explore the technical complexities and risks involved in multi-transitions and their impact on IT systems, data, and processes.
4. Mitigation Strategies: The research will offer practical strategies and best practices for organizations to navigate multi-transitions in IT outsourcing, optimize vendor relationships, and mitigate associated challenges.

Contact: Prof. Dr. Arne Buchwald

The landscape of cloud computing has evolved significantly in recent years, with many companies initially migrating as much of their IT operations as possible to hyperscale cloud providers. However, a growing trend is emerging, wherein organizations are considering and experimenting with bringing some of their IT functions back in-house while still relying on hyperscalers. This master's thesis aims to investigate the future of hybrid cloud computing, focusing on the shift towards companies complementing hyperscale cloud vendors with in-house IT, and the strategic implications of this shift.

Possible Research Objectives:

1. To analyze the historical context and motivations that led companies to migrate IT to hyperscale cloud providers.
2. To examine the drivers behind the recent trend of bringing some IT functions back in-house and the strategic considerations that influence this decision.
3. To assess the technical challenges and benefits associated with managing a hybrid IT environment that combines hyperscalers and in-house IT infrastructure.
4. To identify the key success factors and best practices for effectively implementing and managing a hybrid cloud strategy in the evolving landscape.

Methodology:

1. Literature Review: Conduct a comprehensive review of the literature on cloud computing.
2. Expert Interviews: Conduct expert interviews with IT professionals and decision-makers in organizations that have adopted or are considering a hybrid cloud approach. Gather insights into their motivations, challenges, and strategies.
3. Technical Analysis: Assess the technical aspects of managing a hybrid cloud environment, including compatibility, security, and performance considerations.
4. Case Studies: Analyze case studies of organizations that have successfully implemented a hybrid cloud strategy, examining their experiences, lessons learned, and outcomes.
5. Framework Development: Develop a framework of strategies and recommendations for organizations looking to navigate the transition from a hyperscale-dominated environment to a hybrid cloud model effectively.

Expected Contributions:

1. Trend Understanding: This research will provide a comprehensive understanding of the evolving trend towards hybrid cloud computing and the motivations behind it.
2. Strategic Insights: Findings will offer insights into the strategic considerations that influence organizations in bringing some IT functions back in-house while complementing hyperscale providers.
3. Technical Assessment: The thesis will assess the technical challenges and benefits of managing a hybrid IT environment, offering insights into best practices for technical implementation.
4. Practical Guidance: The research will provide practical guidance for organizations aiming to adopt and manage a hybrid cloud strategy in an evolving cloud computing landscape.

Contact: Prof. Dr. Arne Buchwald

In recent years, the world of technology has witnessed a significant transformation as Information Technology (IT) and Operational Technology (OT) have started to converge. This convergence marks a fundamental shift in how organizations manage and utilize their technological infrastructure. To put it simply, IT encompasses the technologies and systems used for data processing, networking, and general computing tasks, while OT includes the specialized technologies that control and monitor physical processes, such as machinery, sensors, and industrial equipment. The convergence of IT and OT refers to the merging of these traditionally distinct domains, creating a unified ecosystem where IT systems and applications interconnect with OT technologies. IT and OT convergence holds promise for various industries, such as manufacturing, energy, healthcare, and transportation, as it allows for more seamless data sharing, increased automation, and better control over complex operational processes. However, this transformative trend also brings challenges and implications for IT management, as it blurs the boundaries between traditional IT responsibilities and those associated with OT systems. This master's thesis aims to investigate the consequences of the IT and OT convergence for IT management, focusing on the changes in roles, responsibilities, and strategies required to effectively navigate this evolving landscape.

Possible Research Objectives:

1. To investigate the specific consequences of IT and OT convergence on IT management practices, including changes in roles, responsibilities, and skillsets.
2. To assess the impact of IT and OT convergence on IT governance, cybersecurity, and risk management strategies.
3. To identify best practices and strategies for organizations to adapt their IT management frameworks to the demands of a converged IT and OT environment.

Methodology:

1. Literature Review: Conduct a comprehensive review of the literature on IT and OT convergence, the drivers behind the trend, and the implications for IT management.
2. Expert Interviews: Conduct expert interviews with IT professionals, decision-makers, and experts in organizations that have attempted to integrate their IT and OT.
3. Data Analysis: Analyze interview data to identify common consequences and challenges in IT management practices.
4. Framework Development: Develop a practical framework of strategies and recommendations for organizations to adapt their IT management to the demands of a converged environment.

Expected Contributions:

1. Convergence Understanding: This research will provide a comprehensive understanding of the motivations and drivers behind IT and OT convergence and its implications for organizations.
2. IT Management Consequences: Findings will offer insights into the specific consequences of IT and OT convergence on IT management practices, including changes in roles, responsibilities, and skillsets.
3. Governance and Security Impact: The thesis will assess the impact of IT and OT convergence on IT governance, cybersecurity, and risk management, highlighting strategies to mitigate risks.
4. Practical Guidance: The research will provide practical recommendations and best practices for organizations to adapt their IT management frameworks to effectively manage the demands of a converged IT and OT environment.

Contact: Prof. Dr. Arne Buchwald

Durch den demografischen Wandel rücken verstärkt alternde Menschen in den Fokus von Gesellschaft und Wirtschaft: Steigende Gesundheitsrisiken, zunehmende gesellschaftliche Isolation, sinkende Selbstbestimmung.

Die zunehmende Digitalisierung schafft – beispielsweise durch soziale Plattformen, IT-Wearables und mobile Applikationen – völlig neue Möglichkeiten das allgemeine Wohlbefinden, soziale Inklusion, aktive Gesundheitsvorsorge und somit ein längeres, selbstbestimmtes Leben der alternden Bevölkerung zu erreichen.

Voraussetzung zur Entfaltung dieser Potenziale ist allerdings, dass Menschen bzw. SeniorInnen von diesen Technologien Gebrauch machen – und die tatsächliche Nutzung dieser Technologien durch SeniorInnen findet oft nur in geringem Maße statt. Menschen in höherem Alter tendieren oft zur Aussage "Ich bin zu alt für Computer" – sie stellen ihre Alter in Zusammenhang mit Technologie-Nutzung. Es zeigt sich jedoch auch, dass Menschen sich oft nicht "so alt fühlen" wie sie eigentlich sind: Subjektives Alter und chronologisches Alter stehen nicht immer im Einklang.

In der Forschung ist wenig darüber bekannt, welchen Einfluss diese subjektive Einschätzung des eigenen Alters auf die IT-Akzeptanz und -Nutzung hat. Entsprechend sollen in dieser Abschlussarbeit konzeptionelle und theoretische Grundlagen aus der "Altersforschung" aus der Literatur abgeleitet werden und anhand einer empirischen Studie im Kontext von IT-Akzeptanz erprobt werden.Die konkrete Ausgestaltung des Themas erfolgt in Rücksprache.

Ansprechpartner: Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Durch den demografischen Wandel rücken verstärkt alternde Menschen in den Fokus von Gesellschaft und Wirtschaft: Steigende Gesundheitsrisiken, zunehmende gesellschaftliche Isolation, sinkende Selbstbestimmung.

Die zunehmende Digitalisierung schafft einen bislang wenig betrachteten Problemkreis. Für praktisch jede Software, Hardware, Apps etc. müssen sich die NutzerInnen authentifizieren, üblicherweise durch die Eingabe eine PIN bzw. eines Passwortes.

Die alternde Gesellschaft hat jedoch mit zwei Problemen zu kämpfen: Abnehmende Gedächtnisleistung und sinkende motorische Fähigkeiten. Passworte werden leicht vergessen, biometrische Erkennung und die Eingabe von Passworten werden bspw. durch zitternde Finger erschwert.

Wenn immer mehr Tätigkeiten digitalisiert werden, bei gleichzeitig immer älter werdender Gesellschaft, stehen wir hier vor einem Dilemma. Gesucht werden kreative Mechanismen, wie sich NutzerInnen sicher und zweifelsfrei authentifizieren können, unter Berücksichtigung der oben skizzierten Probleme.

Forschungsmethodisch steht ein breites Spektrum von Interviews und Befragungen über kontrollierte Experimente und die Nutzung des Usability Labs an der HNU zur Verfügung.

Dieses Thema kann daher auch von mehreren Studierenden unabhängig voneinander bearbeitet werden.

Die konkrete Ausgestaltung des Themas und des empirischen Vorgehens wird in enger Abstimmung mit dem Betreuer festgelegt.

Ansprechpartner: Prof. Dr. Heiko Gewald (öffnet neues Fenster)

Die SWARCO TRAFFIC SYSTEMS GmbH ist das größte Unternehmen der SWARCO Gruppe. Die Firma agiert in Deutschland als Systemintegrator für Lichtsignalanlagen und Kreuzungssteuerungen, Verkehrsmanagement, Autobahn- und Tunnelleitsysteme, Verkehrsdetektion, Parkleitsysteme sowie Ladeinfrastruktur für Elektrofahrzeuge, inklusive zugehöriger Software-Entwicklung. Wir gestalten die Mobilität der Zukunft durch Lösungen für kooperatives vernetztes Fahren, ganzheitliches Parkraum- und Verkehrsmanagement, Elektromobilität und Smart Mobility. Dabei verändern wir die Art und Weise, wie Menschen reisen: sicher, bequem, nachhaltig und effizient.

Mehr als 650 Mitarbeiter sind täglich mit der Projektplanung, Konzeption, Realisierung, Verwaltung und Wartung unserer intelligenten Lösungen beschäftigt. Proaktiv, innovativ und weltoffen sorgt jeder Mitarbeiter persönlich dafür, dass unsere Kunden Lösungen nach individuellen Wünschen, in höchster Qualität und unter dem Einsatz modernster Technologie erhalten. Ein deutschlandweites Netz an Servicetechnikern stellt sicher, dass die verkehrstechnischen Anlagen rund um die Uhr einsatzbereit und instandgehalten sind.

Als Teil der österreichischen SWARCO Gruppe bietet die SWARCO TRAFFIC SYSTEMS GmbH eine breite Palette an intelligenten Produkten und Komplettlösungen für den städtischen und außerstädtischen Raum an. Mit einer abwicklungsstarken Organisation und der Kraft eines in über 80 Ländern tätigen Konzerns sorgen wir dafür, dass Straßenkapazitäten optimal genutzt werden, Ressourcen nachhaltig eingesetzt werden und Menschen effizienter, sicherer und bequemer am Verkehr teilnehmen.

Die SWARCO TRAFFIC SYSTEMS GmbH hat ihren Sitz in Unterensingen bei Stuttgart und verfügt in Gaggenau bei Karlsruhe über eine weitere Produktionsstätte sowie über zahlreiche Stützpunkte deutschlandweit.

Im Bereich der Elektromobilität sind studentische Arbeiten (Studienarbeiten, Bachelorarbeiten und Masterarbeiten) zu den folgenden Themen zu vergeben:

• Benchmarkanalyse von am Markt vorhandenen Elektromobilitäts-Apps
• Untersuchung des Nutzungsverhaltens bei Elektromobilitäts-Apps
• Untersuchung der Auswahlentscheidung des Nutzers bei der Wahl einer Ladestation (Digital Nudging, Gamification, dynamische Preise, etc.)
• Identifikation und Beschreibung von unterschiedlichen Nutzergruppen (Merkmale, Präferenzen, Größe, etc.)
• Untersuchung von Apps aus den Bereichen „Smart Home“ (z.B. Einsatz von regenerativen Energien) und „Smart Mobility“ mit Elementen von Elektromobilitäts-Apps
• Zukunftsstudie: Elektromobilitäts-Apps im Zeitalter des autonomen Fahrens
• …

In Abhängigkeit des jeweiligen Themas erfolgt die Wahl der Forschungsmethode (qualitativ, quantitativ und Mixed Method) sowie die Auswahl des Forschungsdesigns (z.B. Experiment, Umfrage). Die studentischen Arbeiten können in deutscher und englischer Sprache verfasst werden. Die Festlegung des konkreten Themas erfolgt in Rücksprache.

Ansprechpartner an der HNU ist Professor Dr. Andy Weeger (Andy.Weeger[at]hnu[dot]de). Eine Betreuung durch die SWARCO TRAFFIC SYSTEMS GmbH ist sichergestellt.

Die permanente Herausforderung des Marketings besteht darin, die Bedürfnisse und Wünsche der KundInnen schnell, individuell und präzise zu erkennen und dahingehend zu befriedigen.
Allerdings sehen hier gut die Hälfte aller KundInnen weiteren Handlungsbedarf seitens der Unternehmen.
Neue Möglichkeiten, KundInnen optimal zu segmentieren und somit Bedürfnisse bestmöglich zu bedienen, bietet die Analyse der emotionalen Befindlichkeit.
Mögliche Anwendungsfälle belaufen sich beispielsweise auf ein Zielgerichtetes Marketing, auf Emotionen reagierende Chatbots oder eine Dynamisierung der Warteschleife. Auf dem Weg zu einer präzisen Emotionsextraktion es jedoch einige Hindernisse aus dem Weg zu räumen. Die größte Hürde stellt, vor allem im deutschsprachigen Raum die schlechte, bzw. fehlende Datengrundlage dar.
Zum einen, handelt es sich um ein relativ neues Forschungsfeld. Zum anderen variieren die Intonation von Emotionen über Kulturen und Sprachen, wodurch eine Analyse auf Grundlage eines nicht deutschen Datensatzes zu keinen befriedigenden Ergebnissen führt. Bevor nun wahllos Daten erhoben werden, ergeben sich viele interessante Fragestellungen:
Wie stehen (potenzielle) Kunden der Extraktion ihrer Emotionen durch KI für Marketingzwecke überhaupt gegenüber?
In welchem Umfeld (B2C/B2B) sind junge Erwachsene (KundInnen) besonders bereit, ihre Emotionen analysieren zu lassen?
Welche Kanäle (Stimme, Mimik, Text) eignen sich am besten für die Emotionsextraktion?
Wie kann eine solche Analyse datenschutzkonform durchgeführt werden?
Diese und viele weitere Themen können im Zuge einer Abschlussarbeit adressiert werden. Die genaue Ausgestaltung des Themas und des Vorgehens wird in enger Abstimmung mit dem Betreuer festgelegt.

Ansprechpartner:  Prof. Dr. Heiko Gewald

Die Alzheimer-Krankheit (AD) ist die häufigste Form der Demenz. Aufgrund der steigenden durchschnittlichen Lebenserwartung, insbesondere in den entwickelten Gesellschaften, nimmt die Zahl der Betroffenen stetig zu.

Da AD durch ein allmähliches Verschwinden des Gedächtnisses und anderer kognitiver Funktionen, insbesondere auch der Sprache, bereits in frühen Stadien definiert ist, liegt es auf der Hand, dass gerade letztere untersucht werden sollten.
Vor allem Methoden des maschinellen Lernens haben sich als sehr ermutigend erwiesen. Es fehlt jedoch an Forschung zu mobilen Anwendungen in Bezug auf das Diagnoseverfahren.

Diese Abschlussarbeit hat das Ziel einen konzeptionellen Rahmen zu entwickeln, der für den Einsatz in einer mobilen Anwendung geeignet ist, die mit Hilfe von maschinellen Lernverfahren den Diagnoseprozess durch die Erkennung pathologischer Sprachmuster unterstützt.

Die genaue Ausgestaltung des Themas und des Vorgehens wird in enger Abstimmung mit dem Betreuer festgelegt.

Ansprechpartner:  Prof. Dr. Heiko Gewald

The Fediverse is a decentralized network of interconnected social media platforms that allow users to share content and interact across different services without relying on a single company or central authority. Unlike traditional platforms like Twitter or Facebook, the Fediverse is made up of independent servers (called instances) that operate together using open protocols, such as ActivityPub. Users can join an instance that aligns with their interests or values but still communicate with people on other instances seamlessly, much like emailing someone on a different provider. This structure promotes user control, data privacy, and a more diverse online community. A student could summarise the current state of research and explore the unique opportunities or challenges for content moderation.

Sample reference: https://asml.cyber.harvard.edu/fediverseobservatory/ (öffnet neues Fenster)

Contact:   Prof. Dr. Marten Risius

Safety by Design is an approach to developing products, services, and technologies that prioritizes user safety, privacy, and well-being from the very beginning of the design process. Instead of treating safety as an afterthought or addressing problems reactively, this principle embeds safeguards and risk mitigation into the core of how a system operates. It involves anticipating potential harms, such as misuse or exploitation, and creating mechanisms to prevent them while fostering positive user experiences. Commonly applied in areas like technology and engineering, Safety by Design aims to create systems that are not only effective but also responsible and secure for users. A student could summarise the current state of research, compare and contrast it to related concepts (e.g., lawful by design, privacy by design), and identify it’s current application (and application limits) in industry.

Sample reference: https://www.esafety.gov.au/industry/safety-by-design (öffnet neues Fenster)

Contact:   Prof. Dr. Marten Risius

A holistic perspective of content moderation considers the entire ecosystem of how online platforms govern user-generated content by examining moderation mechanisms across three interconnected levels: strategic, tactical, and operational. At the strategic level, platforms define overarching policies, values, and goals that shape how content is managed. The tactical level focuses on the design and implementation of moderation systems, such as algorithms, community guidelines, or escalation pathways. Lastly, the operational level involves the day-to-day execution of moderation, including the work of human moderators and automated tools in reviewing and enforcing rules. By integrating these levels, platforms can create more comprehensive, consistent, and adaptable approaches to managing online content. A student could introduce content moderation as a form of platform governance, describe the different content moderation mechanisms and decisions at the strategic, tactical, and operational level.

Sample reference: https://scholarship.law.cornell.edu/facpub/1486/ (öffnet neues Fenster)

Contact:   Prof. Dr. Marten Risius

Red-teaming in Trust and Safety involves assembling a group of specialists to challenge the security, integrity, and effectiveness of an organization's trust and safety systems. These teams simulate adversarial behavior, such as exploiting vulnerabilities in content moderation, platform policies, or technical safeguards, to uncover weaknesses before malicious actors can exploit them. By thinking like attackers and identifying gaps in defenses, red teams help platforms proactively address issues related to misinformation, harassment, fraud, or abuse. This process fosters more robust trust and safety measures, ensuring platforms can better protect users and uphold their integrity in a constantly evolving threat landscape. A student could summarise the current state of research, compare and contrast it to red-teaming in other contexts (e.g., cybersecurity), identify use-cases alongside potential opportunities and drawbacks.

Sample reference: https://www.technologyreview.com/2024/11/21/1107158/how-openai-stress-tests-its-large-language-models/?ref=everythinginmoderation.co (öffnet neues Fenster)

Contact:   Prof. Dr. Marten Risius

Prevention against cyberattacks is crucial, as successful breaches can lead to severe financial and reputational losses (Nikkhah and Grover 2022). Companies not only implement proactive security measures to defend against cyberattacks but also stress-test their systems by conducting rigorous penetration testing and red teaming exercises.

The rise of deepfake AI fundamentally alters the work of red teams by expanding the threat landscape and necessitating more advanced defensive strategies against AI-driven deception (Mustak et al. 2023). Red teams, traditionally tasked with simulating cyberattacks, security breaches, and social engineering tactics to test an organization’s defenses, now face the challenge of countering highly realistic AI-generated content used for disinformation, fraud, and manipulation. Deepfakes introduce sophisticated attack vectors, such as impersonation of executives for business email compromise (BEC) scams, synthetic identity fraud, and AI-powered phishing campaigns that are more convincing than ever (Agrawal et al. 2024). Red teams must now incorporate GenAI and specifically deepfake detection techniques into their methodologies to stress-test systems and organizations. They also play a crucial role in training employees and executives to recognize deepfakes and respond to AI-driven social engineering attempts (Schmitt and Flechais 2024). 

Possible research questions can include, but are not limited to: 

• (RQ1) How does the rise of GenAI change the work (to awarness, cognitive load, agility, volume of attacks, …) of red teams? / How does the rise of deepfake AI change the work (to awarness, cognitive load, agility, volume of attacks, …) of red teams?

• (RQ2) How can red teams adapt their methodologies to account for AI-generated deepfake threats in social engineering and phishing attacks?

• (RQ3)  How does the recognition of deepfake awarness training differ across countries/regions red team initiatives?

Literature

Agrawal, G., Kaur, A., and Myneni, S. 2024. "A Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity," Electronics (13:2), p. 322.

Nikkhah, Hamid Reza and Grover, Varun. 2022. "An Empirical Investigation of Company Response to Data Breaches," MIS Quarterly, (46: 4) pp.2163-2196.

Mustak, M., Salminen, J., Mäntymäki, M., Rahman, A., and Dwivedi, Y. K. 2023. "Deepfakes: Deceptions, Mitigations, and Opportunities," Journal of Business Research (154), p. 113368.

Schmitt, M., and Flechais, I. 2024. "Digital Deception: Generative Artificial Intelligence in Social Engineering and Phishing," Artificial Intelligence Review (57:12), p. 324.

Contact:  Prof. Dr. Marten Risius (öffnet neues Fenster), Deinera Jechle (öffnet neues Fenster)

AI red teaming is a structured process used to identify vulnerabilities, risks, and flaws in AI systems. It involves a dedicated team (the “Red Team”) that adopts adversarial testing methods to simulate attacks and stress-test the AI model (such as contracting external experts, focus group discussions, games, CTF competitions, bounties, or grassroots jailbreaking). The specific focus of AI red teaming lies on finding harmful or biased outputs, identifying system weaknesses that could be exploited, and testing potential unintended consequences of AI deployment (e.g., for malicious purposes) (Bullwinkel et al. 2025; Feffer et al. 2024; Namiot and Zubareva 2023). Thus, AI red teaming provides transparency into AI system limitations, adding to the ongoing discussion on policy and regulatory frameworks in AI (Friedler et al. 2023).

Unlike traditional cybersecurity red teaming, which focuses on testing IT infrastructures against human-driven cyberattacks, AI red teaming requires specialized techniques to evaluate AI models for robustness, bias, and susceptibility to adversarial manipulation (Feffer et al. 2024; Longpre et al. 2024). Thus, the thesis should explore how red teams test such AI systems.

Possible research questions can include but are not limited to: 

• (RQ1) How do red teams test (different) AI systems for security?

• (RQ2) What are the limitations of current AI red teaming techniques? 

• (RQ3) What are the ethical considerations in AI red teaming?

Methodological approach can be case studies of real-world AI red teaming exercises (e.g. OpenAI, Microsoft, Defcon GRT for LLMSec, …), Interviews with cybersecurity experts and red teamers, surveys, etc.

Literature

Bullwinkel, B., Minnich, A., Chawla, S., Lopez, G., Pouliot, M., Maxwell, W., de Gruyter, J., Pratt, K., Qi, S., and Chikanov, N. 2025. "Lessons from Red Teaming 100 Generative Ai Products," arXiv preprint arXiv:2501.07238).

Feffer, M., Sinha, A., Deng, W. H., Lipton, Z. C., and Heidari, H. 2024. "Red-Teaming for Generative Ai: Silver Bullet or Security Theater?," Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society, pp. 421-437.

Friedler, S., Singh, R., Blili-Hamelin, B., Metcalf, J., and Chen, B. J. 2023. "Ai Red-Teaming Is Not a One-Stop Solution to Ai Harms."

Longpre, S., Kapoor, S., Klyman, K., Ramaswami, A., Bommasani, R., Blili-Hamelin, B., Huang, Y., Skowron, A., Yong, Z.-X., and Kotha, S. 2024. "A Safe Harbor for Ai Evaluation and Red Teaming," arXiv preprint arXiv:2403.04893).

Namiot, D., and Zubareva, E. 2023. "About Ai Red Team," International Journal of Open Information Technologies (11:10), pp. 130-139.

Contact:  Prof. Dr. Marten Risius (öffnet neues Fenster), Deinera Jechle (öffnet neues Fenster)

Sextortion refers to a form of sexual exploitation where perpetrators coerce victims into providing explicit images, videos, or favors, often by threatening to expose private or compromising information. This crime has surged in prevalence due to the increased use of digital platforms, which facilitate both the acquisition of sensitive material and the anonymity of offenders. Victims, who span diverse age groups and demographics, face severe psychological, financial, and social consequences. The multifaceted nature of sextortion requires understanding its legal, technical, and social dimensions, as well as the role of technology in both enabling and combating it. A student could summarize the current state of research, analyze the mechanisms through which sextortion operates, explore the legal frameworks addressing it, and identify emerging strategies, including technological interventions, for prevention and mitigation.

Sample Reference: https://journals.sagepub.com/doi/pdf/10.1177/0886260520909186?src=getftr

Contact:   Prof. Dr. Marten Risius