Information Systems Security and Privacy (SIGSEC)

Click here to return to the track list page.

Track Chairs

Jordan Shropshire, University of South Alabama,
Dave Biros, Oklahoma State University,
Sanjay Goel, University of Albany, SUNY,

Track Description

New paradigms in personal, social, and organizational computing defy old assumptions of information system security. High profile events such as defections, espionage, and massive data breaches have led the public to question their own expectations of privacy. Together, these issues present significant challenges for individuals, businesses, government agencies, and policy makers.

The purpose of this track is to provide a forum for theoretical developments, empirical research findings, case studies, methodologies, artifacts, and other high-quality manuscripts. Sponsored by SIGSec, we seek to address important questions arising from emerging developments in information security, such as: What is the influence of security education, training, and awareness (SETA) programs on policy compliance? How do system defenders share information to mitigate vulnerabilities and exploits? Does pervasive data collection deter privacy-conscious individuals? How do fear appeals influence decision making? Do regulations and policies influence employee security behaviors and organizational security postures?

Mini-Track 1: Cybercrime and Information Security Strategy

Gurvirender Tejay, St. Thomas University,

This mini-track aims to encourage research that provides insights into the issue of cybercrime. The diffusion of computer technologies worldwide has resulted in an unprecedented global expansion of computer-based criminal activity. Cyber criminals have begun deploying advanced techniques, which are increasingly effective and devastating. There appears to be a need for research into cybercrime activities, and their causes. We need a greater understanding of ways to de-incentivize the impetus that drives individuals and groups to commit cybercrimes. There is also a need for advanced forensic processes for uncovering and interpreting electronic data. The endeavor of this mini-track is to enhance our understanding of cybercrime, digital forensics, and security strategies.

Mini-Track 2: Information Security Governance, Compliance, and Risk Management

Herbert Mattford, Kennesaw State University,
David Sikolia, Illinois State University,
Michael E. Whitman, Kennesaw State University,

Information security control systems are most effective when framed within an organization that has structured governance and mature implementations to manage risk and assure compliance with internal and external mandates for security and privacy of information. Widely recognized as Governance, Risk Management and Compliance (or GRC), this area of study within the broader privacy and information security landscape seeks to address the increasing importance of activities associated with fulfilling directives for stakeholder alignment, interoperation of security governance with corporate governance, trends in governance approaches such as convergence of security functionality, issues in information security leadership, development in risk management models and practices, as well as issues of compliance to regulatory or ethical obligations.

Mini-Track 3: Behavioral Issues in Information Security

Christie Fuller, Louisiana Tech University,
Doug Twitchell, Illinois State University,
Kent Marett, Mississippi State University,

This minitrack provides an opportunity for researchers in the area of information system security and privacy to share their work and insights with others with similar interests. A particular focus will be placed on research investigating the security behaviors (and misbehaviors) demonstrated by individuals found in organizational settings. It is hoped that the minitrack will attract high-quality behavioral research utilizing a wide variety of theoretical foundations, study designs, and research disciplines.

Mini-Track 4: Emerging Issues in Information Security

Humayun Zafar, Kennesaw State University,

The Internet was once considered separate from the world of reality where virtual was separate from physical and there was clear delineation between the activities in cyberspace and those that were carried out in the “real” world of brick and mortar enterprises. Now, organizations are leveraging the vast resources that are available through the Internet, the World Wide Web and other network enabled technologies to find and stay connected to customers. Concurrent with the marriage between cyberspace and the brick and mortar world, telephony and information technologies are converging. The advent of smartphones means that a single device can make calls, send emails, browse the web, and review documents, and even pay the tab at a Starbucks. This has resulted in greater need for access to personal information databases, which has allowed data protection issues to take center stage. Holding personal information without adequate safeguards may lead to a disaster. This can potentially be compounded by the ever-expanding mobile eco-system. Incidents have shown that organizations lose goodwill, to the point of bankruptcy, for having failed to address information systems security, assurance, and privacy issues.

Mini-Track 5: Security and Privacy for the Internet of Things (IoT)

Miloslava Plachkinova, University of Tampa, FL,
Christopher Maurer, University of Tampa, FL,

Internet of Things (IoT) represents the connection of physical objects with electronics, software, sensors, and network connectivity, allowing these objects to collect and exchange data. Such “things” are becoming a global trend spanning into various fields and industries. This minitrack encourages research on today’s challenges and opportunities relating to the security and privacy for IoT. Further, it addresses new approaches and strategies to improve the capabilities of securing cyber-physical systems. Research may focus on risks and vulnerabilities of IoT, privacy concerns related to IoT, the intersection of big data and security of cyber-physical systems for different industries (smart grids, mobile health, smart cities, etc.), or technical and legal issues related to securing cyber-physical systems.

Click here to return to the track list page.