ICT – Information Risk & Resource Management


This research domain deals with all risks related topics within the area of Information and communication technology. This includes inter alia

  • Governance, Risk & Compliance (GRC)
  • Identity Management (IM)
  • Access Control (AC)
  • Identity and Access Intelligence (IAI)
  • Asset Management (AM)
  • License Management (LM) 

Current Projects

The following projects are currently being conducted in this domain:

Name: Lines of defense and the need of integrated & intelligent analytics

Start: 2016 (ongoing)

Researcher: Marlon Füller

Management Summary:

Mounting GRC demands are pushing business to implement frameworks in this area. One of the favorite best practice concepts is the Three Lines of Defence approach. Based on the de facto standard of IT/ERP II as central information systems for processes and functions within companies, the question arises, how this concept can be supported with integrated and intelligent analytics in order to minimizes risks but as well as to enable opportunities and business chances.


Name: Data-driven role design

Start: 2015 (ongoing)

Researcher: Marlon Füller

Management Summary:

Today’s corporations focus less on implementation of IT systems and more on their continuous optimization. One major imperative has been – and still is – to design authorizations that support a company’s business processes and reflect them accurately without forgetting risk, license and compliance demands. Regardless of the underlying architecture, the role concept controls which employees are granted access to specific system functions. Mainly modelled in role-based access control (RBAC) and partially in attribute-based access control (ABAC) question appear how existing data can be used to streamline the design and alignment process. 


Name: Reality based Identity Management

Start: 2015 (ongoing)

Researcher: Marlon Füller

Management Summary:

As an interface between the company’s organizational structure and an ERP (Enterprise Resource Planning) system, identity management is subjected to change on both sides. Keeping real-life requirements in line with configured authorizations means responding to these changes. But in reality, very few companies bother to make thorough, real-time adjustments to their systems after implementation – with far-reaching consequences: their concepts become incompatible with their requirements. These kinds of discrepancies reduce the quality of business processes, compromise security, enhance risks and drive up costs – making reality-based identity management imperative. Up-to-date ERP systems based on in-memory-databases are gifted with integrated analytic capabilities. These capabilities properly used are the key instrument to align identity management to company needs, providing a transparent, lasting security concept and reduce costs through accurate license management. In close cooperation with a formerly aligned authorization concept, the use case even goes beyond: a reality based identity management will be enabled which can be realized as leading control system – with in-time indicators for business and/or compliance issues – to ensure accurate business activities. 



Professor Dr.
Marlon Füller View Profile

Head of the degree programme Industrial Engineering
Head of the Institute for Risk and Resource Management
Head of the Institute of Agile Product and System Development

Send E-Mail to Professor Dr. Marlon Füller
Main Building A,ZWEI, 20 BÜRO

Accreditations and Certificates