Error
  • The template for this display is not available. Please contact a Site administrator.

Information Systems Security, Assurance and Privacy (SIGSEC) Track

Merrill Warkentin, Mississippi State University This email address is being protected from spambots. You need JavaScript enabled to view it.

Dave Biros, Oklahoma State University This email address is being protected from spambots. You need JavaScript enabled to view it.

Jordan Shropshire, University of South Alabama This email address is being protected from spambots. You need JavaScript enabled to view it.

Track Description

New paradigms in personal, social, and organizational computing defy old assumptions of information system security. High profile events such as defections, espionage, and massive data breaches have led the public to question their own expectations of privacy. Together, these issues present significant challenges for individuals, businesses, government agencies, and policy makers.

The purpose of this track is to provide a forum for theoretical developments, empirical research findings, case studies, methodologies, artifacts, and other high-quality manuscripts.  Sponsored by SIGSec, we seek to address important questions arising from emerging developments in information security, such as: What is the influence of security education, training, and awareness (SETA) programs on policy compliance? How do system defenders share information to mitigate vulnerabilities and exploits? Does pervasive data collection deter privacy-conscious individuals? How do fear appeals influence decision making? What is the role of digital forensics in combating cyber security offenses? How do online social networks threaten the security and privacy of participants? What are the underlying economics or cultural implications of new security technologies? Do regulations and policies influence employee security behaviors and organizational security postures?

Mini-Tracks

New Approaches to Behavioral Information Security and Privacy Research

Clay Posey and A.J. Burns

Cybercrime and Information Security Strategy

Tejay Gurvindar

Behavioral Issues in Information Security

Kent Marett, Christie Fuller, and Doug Twitchell

Privacy Issues in Social Media

Tabitha James

Digital Forensics

Nicole Beebe and John Warren

Emerging Issues in Information Security

Humayun Zafar and Mark Harris

Note: Privacy papers focusing on Trust should be submitted to the “Understanding and Fostering Trust in Information Systems” Mini-Track in the Human Computer Interaction (SIGHCI) track.


New Approaches to Behavioral Information Security and Privacy Research

Clay Posey, The University of Alabama This email address is being protected from spambots. You need JavaScript enabled to view it.

A.J. Burns, Vanderbilt University This email address is being protected from spambots. You need JavaScript enabled to view it.

Mini-Track Description

Recent advancements in areas such as behavioral operations research, computational economics, and generative social science show much promise in the modeling of human behavior.  Meanwhile, ubiquitous computing and pervasive networks enable unprecedented research opportunities, including the types of online, digital experimentation that are changing the face of behavioral and social-science research.  Given the increased importance of information security, IS researchers can build on these recent developments to provide further insights into issues relating to information security and privacy, specifically in the area of behavioral information security.  This minitrack aims to showcase research that uses modern techniques such as agent-based models/simulations and online digital experimentation to expand the behavioral security and privacy knowledge base.  These approaches are meant to complement other on-going research efforts in the examination of human behavior and its influence on the security and privacy of information at the personal, organizational, and/or societal levels.

Call for Papers

In today’s hyper-connected organizational environments, the influence of individuals’ behavior on information security and privacy is increasingly difficult to conceptualize.  However, recent advances in related fields such as behavioral operations research, computational economics, and generative social science show much promise in enabling researchers to model human behavior and associated consequences of the modeled activity.  Additionally, ubiquitous computing and pervasive networks enable researchers to capture behavioral data in novel ways. Digital experimentation and the use of wearable devices and/or sensors are examples of new and exciting ways researchers can glean insights into individuals’ behavior.

This minitrack seeks completed papers and research-in-progress that utilize or exhibit novel approaches to behavioral information security and/or information privacy issues. These approaches are meant to complement other on-going research efforts in the examination of human behavior and its influence on the security and privacy of information at the personal, organizational, and/or societal levels.

Examples of research that fit this call include but are not limited to:

Approaches using agent-based modeling (ABM) and associated toolkits (e.g., MASON, NetLogo, Repast, Swarm) in the examination of information security and privacy issues

Approaches relying on Complex Adaptive Systems (CAS) theory, which argue and/or display how higher-order patterns emerge from individual-level characteristics and interactions

Simulation studies that attempt to find the optimum levels of organizational interventions in the protection of sensitive information and/or deterrence of negative insider behaviors

The utilization of novel techniques for online, digital data collections such as randomized, digital experimentation and ecological momentary assessments (EMA)

Approaches that harness data from wearable computing mechanisms and other ‘quantified self’ techniques to determine behavioral patterns, which promote protective behavior and/or deter detrimental behavior as they relate to information security and privacy


Cybercrime and Information Security Strategy

Tejay Gurvindar, Nova Southeastern University This email address is being protected from spambots. You need JavaScript enabled to view it.

Mini-Track Description

This minitrack aims to encourage research that provides insights into the issue of cybercrime. The diffusion of computer technologies worldwide has resulted in an unprecedented global expansion of computer-based criminal activity. Cyber criminals have begun deploying advanced techniques, which are increasingly effective and devastating. There appears to be a need for research into cybercrime activities, and their causes. We need a greater understanding of ways to de-incentivize the impetus that drives individuals and groups to commit cybercrimes. At the same time, it has become imperative to effectively protect information assets. The endeavor of this mini-track is to also enhance understanding about the issues associated with information security strategy.

Call for Papers

Cybercrime in the 21st century is rapidly evolving, with new techniques being developed and exploited by criminals worldwide.  This new type of crime is no longer the exclusive domain of the cyber security professional; now, every person who interacts with technology in some fashion needs to have an awareness of these dangerous new trends. Complicating matters significantly is the ever-expanding internationality of the cybercriminals themselves. Now, criminals in one country can easily conspire with criminals in another country to defraud a victim in a third country. This worldwide nature of cybercrime involves significant and unresolved issues related to the application of national laws to international crime.

This minitrack aims to encourage research that provides insights into the issue of cybercrime. The diffusion of computer technologies worldwide has resulted in an unprecedented global expansion of computer-based criminal activity. Cyber criminals have begun deploying advanced techniques, which are increasingly effective and devastating.

Possible Topics:

Cybercrime activities, and their motivations

Cyber security policy

Legal challenges to cybercrime

Cybercrime and societal implications

Information security strategy

Organizational cyber security countermeasures


Behavioral Issues in Information Security

Kent Marett, Mississippi State University This email address is being protected from spambots. You need JavaScript enabled to view it.
Christie Fuller, Louisiana Tech This email address is being protected from spambots. You need JavaScript enabled to view it.
Doug Twitchell, Illinois State University This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Mini-Track Description

This minitrack provides an opportunity for researchers in the area of information system security and privacy to share their work and insights with others with similar interests.  A particular focus will be placed on research investigating the security behaviors (and misbehaviors) demonstrated by individuals found in organizational settings.  It is hoped that the minitrack will attract high-quality behavioral research utilizing a wide variety of theoretical foundations, study designs, and research disciplines.

Call for Papers

Individuals who work within organizations have long been tasked with securing information that resides on or is transmitted using rapidly-changing technologies and platforms, with varying degrees of success.  Given that the human element is generally considered to be the weak point in any information security program, can innovative “blue ocean” research help aid our understanding how individuals can avoid becoming a security vulnerability to their organization?  We encourage researchers who are interested in individuals’ security behaviors within the changing IS landscape to submit their work to this minitrack.

Possible Topics:

The impacts of deception on individuals, teams and organizations

Trust and/or abuse of trust in teams and organizations

The impacts of social engineering on organizations

Trust and assurance in inter-organizational relationships

Insider threats

User compliance with organizational security policies and procedures

User involvement in development and implementation of security programs

Training, education and awareness to improve information assurance

The impact of organization culture on security and privacy

Implications of social media use toward information assurance

The integration of evolving technology, such as mobile devices and cloud-based services, and individual usage with organizational security programs


Privacy Issues in Social Media

Tabitha James, Virginia Tech This email address is being protected from spambots. You need JavaScript enabled to view it.

Mini-Track Description

Social media provides an online environment for people to find out about others, communicate or socialize with others, provide commentary or opinions, promote themselves, etc.  In essence, these technologies promote the idea of a virtual community.  However, in order for these environments to flourish, users must generate and release content.  Many of the characteristics and consequences of the release of user-generated content in online spaces are novel and challenging.  This minitrack encourages submission of work examining privacy issues in social media.  Example topics of interest may include: information disclosure on social media, social media privacy controls, novel approaches to privacy management on social media, privacy breaches on social media, cultural influences on privacy in social media, and corporate use of social media information.

Call for Papers

Social media provides an online environment for people to find out about others, communicate or socialize with others, provide commentary or opinions, promote themselves, etc.  In essence, these technologies promote the idea of a virtual community.  However, in order for these environments to flourish, users must generate and release content.  Many of the characteristics and consequences of the release of user-generated content in online spaces are novel and challenging.  This mini-track encourages submission of work examining privacy issues in social media.

Possible Topics:

Information disclosure practice on social media

Data accessibility on social media

Third party use of social media data

Social media and big data

Cultural influences on privacy in social media

Characteristics of social media users that influence information disclosure

Privacy management approaches on social media

Social media privacy breaches

Design and development of privacy protection mechanisms on social media

Privacy awareness or training strategies for social media

Security enhancing privacy practices in social media

Privacy issues for corporate social media use


Digital Forensics

Nicole Beebe, The University of Texas at San Antonio This email address is being protected from spambots. You need JavaScript enabled to view it.

John Warren, The University of Texas at San Antonio This email address is being protected from spambots. You need JavaScript enabled to view it.

Mini-Track Description

Digital forensic science is “the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.” Since it involves the recovery and analysis of system artifacts, it tends to be a highly technical field with contributions primarily from computer scientists. As is often the case with technical fields, however, there exist many important behavioral and organizational research questions that receive insufficient attention.

The purpose of this mini-track is to highlight and stimulate greater behavioral and organizational research in digital forensics.

Possible Topics:

Organizational commitment to digital forensic readiness

Proactive digital forensic readiness to enhance corporate governance and the privacy implications and considerations thereof

Procedural issues with cloud-based digital forensics

Decision support systems to improve digital forensic analysis scalability

Human computer interaction (HCI), task-technology-fit (TTF), and usability of digital forensic techniques and tools

Behavioral investigation of cyber criminals

Pedagogical models in digital forensic education

Traditionally technical digital forensics topics are also welcome, but the primary target is on behavioral and organizational research topics. Technical forensic topics include, but are not limited to: memory analysis, storage forensics, computational and big data forensics, incident response, live analysis, virtualized environment forensics, network forensics, malware analysis, event reconstruction and timeline analysis, mobile forensics, embedded device forensics, multimedia forensics, database forensics, social media forensics, cyber-physical system forensics, internet of things forensics, smart grid forensics, case studies, tool testing and error rates, cyber law, anti-forensics, etc.


Emerging Issues in Information Security

Humayun Zafar, Kennesaw State University This email address is being protected from spambots. You need JavaScript enabled to view it.

Mark Harris, University of South Carolina This email address is being protected from spambots. You need JavaScript enabled to view it.

Mini-Track Description

Concurrent with the marriage between cyberspace and the brick and mortar world, telephony and information technologies are converging. The advent of smartphones means that a single device can make calls, send emails, browse the web, and review documents, and even pay the tab at a Starbucks. This has resulted in greater need for access to personal information databases, which has allowed data protection issues to take center stage. Holding personal information without adequate safeguards may lead to a disaster. This mini-track will address current and emerging issues and trends in information systems security, assurance, and privacy.

Call for Papers

The Internet was once considered separate from the world of reality where virtual was separate from physical and there was clear delineation between the activities in cyberspace and those that were carried out in the “real” world of brick and mortar enterprises. Now, organizations are leveraging the vast resources that are available through the Internet, the World Wide Web and other network enabled technologies to find and stay connected to customers.

Concurrent with the marriage between cyberspace and the brick and mortar world, telephony and information technologies are converging. The advent of smartphones means that a single device can make calls, send emails, browse the web, and review documents, and even pay the tab at a Starbucks. This has resulted in greater need for access to personal information databases, which has allowed data protection issues to take center stage. Holding personal information without adequate safeguards may lead to a disaster. This can potentially be compounded by the ever-expanding mobile eco-system. Incidents have shown that organizations lose goodwill, to the point of bankruptcy, for having failed to address information systems security, assurance, and privacy issues. This mini-track will address current and emerging issues and trends in information systems security, assurance, and privacy.

Possible Topics:

Records retention and destruction issues

Security and privacy policies

Security control technologies for customer databases

Recent advances in core security control technologies such as authentication, authorization, auditability, including strong authentication practices and biometrics

Outsourcing and impact on security and privacy

Impact of customer tracking for customizing advertisements and its impact on information security and privacy

Information security and privacy concerns pertaining to use of GPS or location based services commonly found in smartphones

Security and privacy of mobile payments

Security and mobility

Emerging trends and practices in information security governance, risk management, and compliance

 


Back to Track Descriptions