[AISWorld] Journal of Information Privacy and Security (JIPS) | Call For Papers & Latest Issue Content - Vol. 10, Issues 2 & 3, 2014

[Arslan, Faruk]

A.      Call For Papers:

Journal of Information Privacy and Security (JIPS) http://jips.utep.edu

Mission
The mission of the Journal of Information Privacy and Security (JIPS) is to serve both academics and practitioners as a reliable source on issues of information privacy and security. The Journal is a high quality refereed journal that seeks support from academicians, industry experts and specific government agencies. The JIPS focuses on publishing articles that address the paradoxical nature of privacy versus security amidst current global conditions. It is increasingly important that various constituents of information begin to understand their role in finding solutions to achieve a delicate balance between security and privacy.

The JIPS will facilitate understanding of the information assurance technical framework as it pertains to government agencies, companies and individuals. The topics may include the information privacy and security issues pertaining to initiatives on counter-terrorism efforts around the world, the impact of U.S. federal regulation and compliance issues facing global corporations, the impact of privacy and security initiatives within small and medium enterprises (SMEs), and e-gambling.

Article submissions are encouraged from both academics and practitioners. Each issue will include high quality articles from academics and practitioners, case studies, book reviews, and industry interviews. The Journal addresses issues of privacy and security from a global perspective and will consider articles with a cross-functional focus. The Journal will include articles in the following areas:

- Information Assurance frameworks
- Network security and impact on corporate infrastructure
- Privacy laws and impact on information compliance issues
- The duality of privacy and security and impact on corporate operations
- Governmental regulations and changes on information security requirements
- Data transfer issues across nations, states, and corporations
- Privacy and security requirements in B2B and B2C information flows
- Cross-functional aspects of information assurance and requirements faced by various business functions within companies
- Web sites, portals and the issue of trust
- Information privacy and security as it relates to end-users
- Applications and case studies in privacy and security issues facing business organizations, government agencies and individuals
- Emerging topics such as biometrics, software utilities, and IT obligations and how they change the business environment

We also welcome suggestions on special issue covering a relevant topic.

Review Process
Each article will be blind-reviewed by three members of the editorial review board. Reviewer recommendation will be considered by the Editor-in-Chief or an Associate Editor. For a revision and rewrite, a revised paper will be sent to one of the Editors for final approval. The final decision will be made by the Editor-in-Chief.

Interested authors should consult the journal's manuscript submission guidelines  at http://jips.utep.edu

All inquiries and submissions should be sent to:
Editor-in-Chief: Dr. Kallol Bagchi, kbagchi at utep.edu<mailto:kbagchi at utep.edu>


B.      Content of Journal of Privacy and Security (JIPS), Vol. 10, Issue 2, 2014

Special Issue: Most Prevalent Information Security Topics: Insider Threat, Password Authentication Problems and Other Ethical Issues
Guest Editorial, By Humayun Zafar Ph.D., Kennesaw State University

Paper 1. The Enemy Within the Insider: Detecting the Insider Threat Through Addiction Theory
Michele Maasbe and  Nicole L. Beebe, The University of Texas at San Antonio, U.S.A.

Abstract. "Insiders" remain a significant threat to organizations-evidenced by recent cases involving Robert Hansen, Bradley Manning, and Edward Snowden-even in light of significant movement toward neutralizing the threat through detection and prevention.  Insiders pose detection challenges for security professionals, because they often have legitimate access and intimate organizational knowledge.  Nonetheless, past insider threat detection research has predominantly focused on signature-based detection of digital indicators of insider activity and behavioral profiling.  This article develops a novel relationship between addiction theory and the insider threat from an information systems perspective.  We introduce seven propositions concerning this relationship, addiction antecedents, and the factors moderating the relationship between addiction and the insider threat.   This model has significant implications for the insider threat detection challenge, as it provides new signals that may be useful for detection, supporting practitioners and future research.

Paper 2. Factors for measuring password-based authentication practices
Herbert J. Mattord, Coles College Of Business, Kennesaw State University, Kennesaw, GA, U.S.A.
Yair Levy, Graduate School Of Computer And Information Sciences, Nova Southeastern University, Ft. Lauderdale, FL,  U.S.A.
Steven Furnell, Centre For Security, Communications And Network Research, School Of Computing And Mathematics, Plymouth University, Plymouth, Devon, U.K.

Abstract. Organizations continue to rely on password-based authentication methods to control access to their Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in Web-based information systems (IS). This approach explored how authentication practices can be measured in three component areas: 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. This paper explores the criteria that are required to define these component areas. This research validated the criteria proposed for measurement the three component areas using a panel of experts drawn from industry and academia. Simultaneously, the same panel provided preferences for the relative weight of specific criteria within each component area. The panel of experts also assessed the relative weight of each component area within an overall index. Once the criteria were verified and the elicited weights were computed, an opportunity sample of Web-based ISs in the two groups were assessed to ascertain the values for the criteria that comprise the Authentication Method System Index (AMSI). After completion of pre-analysis data screening, the collected data were assessed using the results of the AMSI benchmarking tool. The results of the comparison within and between the two sample groups are presented. This research found that the index derived from these criteria can be used as a mechanism to measure three aspects of the authentication methods used by Web-based systems. However, IS designers, quality assurance teams, and information security practitioners charged with validating ISs methods may choose to use it to measure the effectiveness of such password-based authentication methods. This can enable continuous improvement of authentication methods employed in such Web-based systems.

Paper 3. Student Perceptions Of Computer Use Ethics: A Decade In Comparison
Michael E. Whitman and  Humayun Zafar, Kennesaw State University, Kennesaw GA.

Abstract. Researchers have a long history of investigating computer use ethics from a variety of perspectives since the dawn of the age of computing. Some of this research has focused on student attitudes toward software piracy and to what degree students considered copying of commercial software and downloading music to be acceptable actions. This study used an updated series of ethical scenarios from previous works. In addition to standard demographical questions the study included computer use scenarios describing a situation with ethical considerations, and questions which examined the role of the individuals in the scenarios. Responses to the scenarios used a standard five-point, Likert-type scale. Respondents were asked to indicate their academic level and major. Results from the current population of students were compared to the results from prior data collection. While the statistical results of the new study proved only somewhat different than the previous study over a decade ago, the true value of this research is in the provision of a set of scenarios and other perspectives that can be used in in-class discussions of ethics, policy and law.
In the book review section, Adolfo Coronado reviews the book "IT Auditing: Using Controls to Protect Information Assets" by Chris Davis, Mike Schiller, and Kevin Wheeler. Adolfo observes that the book "is a good resource and reference tool for individuals in the search to understand the different functions an IT auditor must perform. Overall, the authors put together a book that is easy to follow, understand, and comprehensive."


C.      Content of Journal of Privacy and Security (JIPS), Vol. 10, Issue 3, 2014.

Editorial Content. By the editor, JIPS

Paper 1. Social Network Privacy: Trusting Friends
Gerald V. Post, Professor of MIS at the Eberhardt School of Business, University of the Pacific, Stockton, CA, USA and
Suzanne B. Walchli, Associate Professor of Marketing, Eberhardt School of Business, University of the Pacific, Stockton, CA, USA

Abstract. Early social networks were generally open with minimal privacy controls. Some anecdotal evidence suggests that people might want more control over privacy on social networks. As an example of one response to this, Google+ was introduced as a major change by offering circles or groups to make it easier for users to share specific items with selected individuals. This research model uses a social network as a function of privacy concerns and trust in contacts, and tests the model using several groups of people, building on earlier research that focuses primarily on trust in the Web provider. The model examines a personal need or desire for privacy, trust in friends, attitudes towards social networks, and evaluates the impact of these variables on the usage of social networks. The results show that the demand for privacy and trust in friends do have direct impacts on the attitudes towards social networks. And this network attitude does in turn affect the rate of an individual's usage of the networks. The results are applicable to any organization that includes social interactions on its site.

Paper 2. Analysis and Estimation of Expected Cyber Attack Scenarios and Consequences
Roberto Mugavero,  University of Rome "Tor Vergata" Department of Electronic Engineering, Italy and Valentina Sabato, Observatory on Security and CBRNe Defense, Italy

Abstract. The cyberspace is becoming one of the main elements of vulnerability and it has led to a critical situation of country security, because our system is always more focused on information sharing and on quick communication all over the world. The cyberspace is, in fact, the "easier vector" of the information environment made of independent networks of different communication and telecommunication infrastructures through which it is possible to perform a wide range of cyber attacks causing possible huge negative effects on systems and assets; however, it does not cause human loss or physical damages to the society.
In order to protect ourselves from a danger, it is necessary to understand and analyze how many and which are the risks as well as the possible actions needed to minimize the consequences of a dangerous event.

In the Book Review section, Adolfo Coronado reviews a book titled "CCNP security IPS 642-627 official cert guide," by D. Burns, O. Adesina, & K. Barker.  Adolfo observes that the book is thorough enough for "individuals preparing for the CCNP security IPS 642-627 certification exam". It is now increasingly felt by many security teachers that for landing a good job in this area, students can increase their chances by qualifying themselves with this kind of certifications.

Faruk Arslan
Department of Accounting and Information Systems | College of Business | The University of Texas at El Paso
Mobile: 00 1 915 227 4889| http://business.utep.edu/faculty/profiles/arslan/ | www.linkedin.com/pub/faruk-arslan/6/1a1/913<http://www.linkedin.com/pub/faruk-arslan/6/1a1/913>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aisnet.org/pipermail/aisworld_lists.aisnet.org/attachments/20140903/fb12e3c0/attachment.html>