Our chair is proud to announce a series of five acceptances across one international journal and two conferences.
International Journal of Information Security (IJIS)
Context is Key for Cybersecurity: Leveraging External Knowledge for Process Model Explanation via LLMs | Linda Kölbel, Leo Poss, Stefan Schönig
This journal paper introduces a Security by Design framework. By using LLMs to bridge the gap between BPMN models and standards like ISO 27001 and IEC 62443, we enable automated, context-grounded compliance checks for the Industrial IoT.
RCIS 2026 — 20th Intl. Conference on Research Challenges in Information Science
We are presenting two papers under the theme "Bridging the Gap: Enhancing Understandability in Information Science":
- A Unified Security Requirements Catalog for the Industrial IoT | Linda Kölbel, Leo Poss, Stefan Schönig
A framework to harmonize disparate regulations (e.g., Cyber Resilience Act, BSI C5) into a single, actionable mapping for manufacturers. - The Ethical Risk Handover: Operationalizing Normative Intent in BPM via Large Language Models | Leo Poss, Christopher Julian Kern (FernUni Hagen), Julia Kroenung (FernUni Hagen), Stefan Schönig
A collaborative study using different reasoning strategies to detect and visualize latent ethical risks within business process models.
ENASE 2026 — 21st Intl. Conference on Evaluation of Novel Approaches to Software Engineering
- Market-Based Process Coordination: Trading Routing Efficiency for Schedule Stability in Volatile Field Operations | Leo Poss, Stefan Schönig
This paper introduces a Swap-Enabled Auction that treats process resilience as an economic parameter. The mechanism reduces schedule volatility by over 90%, providing a stable, decentralized alternative to traditional re-optimization. - Process-Oriented Security Compliance for Industrial IoT Systems: Formal Modeling and Integration | Linda Kölbel, Markus Hornsteiner, Stefan Schönig
This framework introduces a formal syntax for embedding security controls directly into BPMN models. By utilizing a specialized parsing architecture for automated error detection, the verified models are compiled into executable rule sets, transforming security from static documentation into machine-executable policy enforcement.