[AISWorld] CFP for HICSS minitrack on Behavioral Info Security Research

Merrill Warkentin m.warkentin at msstate.edu
Wed Feb 20 20:33:31 EST 2013 

All:

We invite you to submit your manuscripts to our new HICSS minitrack on
Behavioral Info Security Research.  

The 47th Annual Hawaii International Conference on Systems Sciences (HICSS)
will be held on the Big Island of Hawaii from January 6-9, 2014.

Our CFP is at http://www.hicss.hawaii.edu/hicss_47/track/in/IN-Security.pdf
  and complete information about HICSS47 is at http://www.hicss.hawaii.edu/
Submit blinded papers by June 14.

Merrill Warkentin, MSU
Allen C. Johnston, UAB
Anthony (Tony) Vance, BYU

Minitrack: Innovative Behavioral IS Security and Privacy Research

This minitrack provides a venue for innovative research that rigorously
addresses the risks to
information system security and privacy, with a specific focus on individual
behaviors within this
nomological net. Domains include work related to detecting, mitigating, and
preventing both
internal and external human threats to organizational security. Papers may
include theory
development, empirical studies (both quantitative and qualitative), case
studies, and other 
high quality research manuscripts.

Topics include, but are not limited to:

. Creative investigations of user security behavior, both positive and
negative
. Detecting and mitigating insider threats
. Security policy compliance research - motivations, antecedents, levers of
influence
. Analysis of known and unknown modes and vectors of internal and external
attack
. SETA (security education, training, and awareness) programs
. Modeling of security and privacy behavioral phenomena and relationships
. Merging methodological topics related to addressing research strategies in
IS security
. Translational science perspectives and strategies for IS security research
. Theory development, theory building, and theory testing in information
security

This mintrack will provide IS/IT researchers a collaborative forum to share
their research
approaches. We hope to attract the skills and insights of scholars from a
wide set of disciplines,
presenting a mix of theoretical and applied papers on threats and
mitigation. Areas of research
may include the following.

1. Research related to insider threats to information security and privacy
represent the first and
most important thread for the minitrack. Insider threats include activities
ranging from nonmalicious
and non-volitional behaviors (accidents and oversights) to volitional, but
not malicious,
actions to malicious actions such as theft, fraud, blackmail, and
embezzlement.

2. External vectors of attack by individuals and organizations outside the
security perimeter
represent the second thread for this minitrack. Specific topics of interest
include hacker
behaviors, cyber-warfare, identity theft (and electronic deception), and
cyber-espionage,
including most offensive and defensive methods of prevention, detection, and
remediation.
Other external parties are motivated to use IT to damage or steal trade
secrets, national security
information, sensitive account information, or other valuable assets.

3. A third thread revolves around security policy compliance, both at the
individual and
organizational level of analysis. Compliance is not merely a binary concept
- it is a continuum.
Individuals may minimally comply with formal security and privacy policies
and procedures, or
they may exhibit extra-role or stewardship behaviors that go above and
beyond official
compliance. Similarly, individuals may carelessly violate organizational
security policies and
procedures without malicious intent or they may attempt to cause maximum
damage or loss.

4. Modeling and theory building in the context of IS security and privacy
represents yet another
interesting area. Theoretical development in information systems security
and privacy research
is immature relative to other areas of study in the information systems
discipline. This subdiscipline
of information systems continues to suffer from a limited theoretical base,
restricting
our collective ability to properly interpret reality, to apply appropriate
methodological
approaches, and to substantiate conclusions. Adaptation of theories from
applied social
psychology and criminology are particularly fertile areas for expanding our
knowledge base in
this domain. Theories from the disciplines of management, education, and
others may also
inform our understanding of the phenomena of interest.

5. Finally, we have a particular interest in emerging, rigorous research
methods for investigating
these phenomena. Organizational-level research can be improved, but studies
conducted at the
individual level, in particular, can benefit from new experimental designs
and new data collection
methods. Examples include physiological methods such as EEG or fMRI, the
factorial survey
method, and simulations.

Selected outstanding manuscripts from this minitrack may be recommended to
the editors of the
European Journal of Information Systems to be fast-tracked for the review
process.

Minitrack Co-Chairs

Merrill Warkentin
     m.warkentin at msstate.edu
Allen C. Johnston
    ajohnston at uab.edu
Anthony Vance
     Anthony at Vance.name

More information about the AISWorld mailing list