Riccardo Bonazzi

University of Lausanne, Faculty of Business and Economics - Department of Information Systems, Graduate Student

Followers

Following

Public Views

InterestsView All (13)

Uploads

Papers by Riccardo Bonazzi

Risk Management at 21st Century Customs Administrations – Global Study on Good Practices and Maturity Models

A dynamic privacy manager for compliance in pervasive computing

The man behind the curtain. Exploring the role of IS strategic consultant

From 'Security for Privacy' to 'Privacy for Security'

Analysis of serious games implementation for project management courses

Privacy-Friendly Business Models for Location-Based Mobile Services

Journal of theoretical and …, Jan 1, 2011

This paper presents a theoretical model to analyze the privacy issues involved in business models... more This paper presents a theoretical model to analyze the privacy issues involved in business models for location-based mobile services. We report the results of an exploratory field experiment in Switzerland that assessed the factors driving the net payoff to users of mobile businesses. We found that (1) the personal data disclosed by users has a negative effect on user payoff; (2) the amount of personalization available has a direct and positive effect, as well as a moderating effect, on user payoff; and (3) the amount of control over a user's personal data has a direct and positive effect, as well as a moderating effect, on user payoff. The results suggest that privacy protection could be the main value proposition in the B2C mobile market. From our theoretical model, we derive a set of guidelines to design a privacy-friendly business model pattern for thirdparty services. We discuss four examples to show how the mobile platform can play a key role in the implementation of these new business models. element of an ISDT is the representations of the entities of interest in the theory, that is, constructs. The principles of form and function define the structure, organization, and functioning of the design product or design method. The justificatory knowledge provides an explanation of why an artifact is constructed as it is and why it works.

Download

IT Governance, Risk & Compliance (GRC) Status Quo and Integration: An Explorative Industry Case Study

Services (SERVICES), 2011 …, Jan 1, 2011

The integration of governance, risk, and compliance (GRC) activities has gained importance over t... more The integration of governance, risk, and compliance (GRC) activities has gained importance over the last years. This paper presents an analysis of the GRC integration efforts in information technology departments of three large enterprises. Action design research is used to organize the research in order to assess IT GRC activities based on a model with five dimensions. By means of semi-structured interviews key findings concerning the status quo of the three IT GRC disciplines, their integration and their relation to GRC on the corporate level are identified and rated. Five key findings explain the main commonalities and differences observed.

Download

Compliance management in multi-actor contexts