<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:KaiTi;
panose-1:2 1 6 9 6 1 1 1 1 1;}
@font-face
{font-family:"\@KaiTi";
panose-1:2 1 6 9 6 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1041830559;
mso-list-type:hybrid;
mso-list-template-ids:1465938212 67698709 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.25in;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:1.25in;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:2.75in;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:4.25in;
text-indent:-9.0pt;}
@list l1
{mso-list-id:1317759779;
mso-list-type:hybrid;
mso-list-template-ids:100540264 1051650392 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-number-format:alpha-upper;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.25in;
text-indent:-.25in;
color:black;
mso-style-textfill-fill-color:black;
mso-style-textfill-fill-alpha:100.0%;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:1.25in;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:2.75in;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:4.25in;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoListParagraph" style="margin-left:.25in;text-indent:-.25in;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="mso-list:Ignore">A.<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Call For Paper<span style="color:#1F497D">s</span>:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Journal of Information Privacy and Security (JIPS) <a href="http://jips.utep.edu">
<span style="color:windowtext">http://jips.utep.edu</span></a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Mission<o:p></o:p></p>
<p class="MsoNormal">The mission of the Journal of Information Privacy and Security (JIPS) is to serve both academics and practitioners as a reliable source on issues of information privacy and security. The Journal is a high quality refereed journal that seeks
support from academicians, industry experts and specific government agencies. The JIPS focuses on publishing articles that address the paradoxical nature of privacy versus security amidst current global conditions. It is increasingly important that various
constituents of information begin to understand their role in finding solutions to achieve a delicate balance between security and privacy.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The JIPS will facilitate understanding of the information assurance technical framework as it pertains to government agencies, companies and individuals. The topics may include the information privacy and security issues pertaining to initiatives
on counter-terrorism efforts around the world, the impact of U.S. federal regulation and compliance issues facing global corporations, the impact of privacy and security initiatives within small and medium enterprises (SMEs), and e-gambling.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Article submissions are encouraged from both academics and practitioners. Each issue will include high quality articles from academics and practitioners, case studies, book reviews, and industry interviews. The Journal addresses issues
of privacy and security from a global perspective and will consider articles with a cross-functional focus. The Journal will include articles in the following areas:
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">- Information Assurance frameworks<o:p></o:p></p>
<p class="MsoNormal">- Network security and impact on corporate infrastructure<o:p></o:p></p>
<p class="MsoNormal">- Privacy laws and impact on information compliance issues<o:p></o:p></p>
<p class="MsoNormal">- The duality of privacy and security and impact on corporate operations<o:p></o:p></p>
<p class="MsoNormal">- Governmental regulations and changes on information security requirements<o:p></o:p></p>
<p class="MsoNormal">- Data transfer issues across nations, states, and corporations<o:p></o:p></p>
<p class="MsoNormal">- Privacy and security requirements in B2B and B2C information flows<o:p></o:p></p>
<p class="MsoNormal">- Cross-functional aspects of information assurance and requirements faced by various business functions within companies<o:p></o:p></p>
<p class="MsoNormal">- Web sites, portals and the issue of trust<o:p></o:p></p>
<p class="MsoNormal">- Information privacy and security as it relates to end-users<o:p></o:p></p>
<p class="MsoNormal">- Applications and case studies in privacy and security issues facing business organizations, government agencies and individuals<o:p></o:p></p>
<p class="MsoNormal">- Emerging topics such as biometrics, software utilities, and IT obligations and how they change the business environment
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We also welcome suggestions on special issue covering a relevant topic.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Review Process<o:p></o:p></p>
<p class="MsoNormal">Each article will be blind-reviewed by three members of the editorial review board. Reviewer recommendation will be considered by the Editor-in-Chief or an Associate Editor. For a revision and rewrite, a revised paper will be sent to one
of the Editors for final approval. The final decision will be made by the Editor-in-Chief.
<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Interested authors should consult the journal's manuscript submission guidelines at
<a href="http://jips.utep.edu"><span style="color:windowtext">http://jips.utep.edu</span></a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">All inquiries and submissions should be sent to:<o:p></o:p></p>
<p class="MsoNormal">Editor-in-Chief: Dr. Kallol Bagchi, <a href="mailto:kbagchi@utep.edu">
<span style="color:windowtext">kbagchi@utep.edu</span></a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="margin-left:.25in;text-indent:-.25in;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="mso-list:Ignore">B.<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Content of Journal of Privacy and Security (JIPS), Vol. 10, Issue 2, 2014<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Special Issue: Most Prevalent Information Security Topics: Insider Threat, Password Authentication Problems and Other Ethical Issues<o:p></o:p></p>
<p class="MsoNormal">Guest Editorial, By Humayun Zafar Ph.D., Kennesaw State University<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Paper 1. The Enemy Within the Insider: Detecting the Insider Threat Through Addiction Theory<o:p></o:p></p>
<p class="MsoNormal">Michele Maasbe and Nicole L. Beebe, The University of Texas at San Antonio, U.S.A.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Abstract. “Insiders” remain a significant threat to organizations–evidenced by recent cases involving Robert Hansen, Bradley Manning, and Edward Snowden—even in light of significant movement toward neutralizing the threat through detection
and prevention. Insiders pose detection challenges for security professionals, because they often have legitimate access and intimate organizational knowledge. Nonetheless, past insider threat detection research has predominantly focused on signature-based
detection of digital indicators of insider activity and behavioral profiling. This article develops a novel relationship between addiction theory and the insider threat from an information systems perspective. We introduce seven propositions concerning this
relationship, addiction antecedents, and the factors moderating the relationship between addiction and the insider threat. This model has significant implications for the insider threat detection challenge, as it provides new signals that may be useful for
detection, supporting practitioners and future research.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Paper 2. Factors for measuring password-based authentication practices<o:p></o:p></p>
<p class="MsoNormal">Herbert J. Mattord, Coles College Of Business, Kennesaw State University, Kennesaw, GA, U.S.A.<o:p></o:p></p>
<p class="MsoNormal">Yair Levy, Graduate School Of Computer And Information Sciences, Nova Southeastern University, Ft. Lauderdale, FL, U.S.A.<o:p></o:p></p>
<p class="MsoNormal">Steven Furnell, Centre For Security, Communications And Network Research, School Of Computing And Mathematics, Plymouth University, Plymouth, Devon, U.K.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Abstract. Organizations continue to rely on password-based authentication methods to control access to their Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in Web-based
information systems (IS). This approach explored how authentication practices can be measured in three component areas: 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. This paper explores the criteria that
are required to define these component areas. This research validated the criteria proposed for measurement the three component areas using a panel of experts drawn from industry and academia. Simultaneously, the same panel provided preferences for the relative
weight of specific criteria within each component area. The panel of experts also assessed the relative weight of each component area within an overall index. Once the criteria were verified and the elicited weights were computed, an opportunity sample of
Web-based ISs in the two groups were assessed to ascertain the values for the criteria that comprise the Authentication Method System Index (AMSI). After completion of pre-analysis data screening, the collected data were assessed using the results of the AMSI
benchmarking tool. The results of the comparison within and between the two sample groups are presented. This research found that the index derived from these criteria can be used as a mechanism to measure three aspects of the authentication methods used by
Web-based systems. However, IS designers, quality assurance teams, and information security practitioners charged with validating ISs methods may choose to use it to measure the effectiveness of such password-based authentication methods. This can enable continuous
improvement of authentication methods employed in such Web-based systems.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Paper 3. Student Perceptions Of Computer Use Ethics: A Decade In Comparison<o:p></o:p></p>
<p class="MsoNormal">Michael E. Whitman and Humayun Zafar, Kennesaw State University, Kennesaw GA.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Abstract. Researchers have a long history of investigating computer use ethics from a variety of perspectives since the dawn of the age of computing. Some of this research has focused on student attitudes toward software piracy and to what
degree students considered copying of commercial software and downloading music to be acceptable actions. This study used an updated series of ethical scenarios from previous works. In addition to standard demographical questions the study included computer
use scenarios describing a situation with ethical considerations, and questions which examined the role of the individuals in the scenarios. Responses to the scenarios used a standard five-point, Likert-type scale. Respondents were asked to indicate their
academic level and major. Results from the current population of students were compared to the results from prior data collection. While the statistical results of the new study proved only somewhat different than the previous study over a decade ago, the
true value of this research is in the provision of a set of scenarios and other perspectives that can be used in in-class discussions of ethics, policy and law.<o:p></o:p></p>
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">In the book review section, Adolfo Coronado reviews the book “IT Auditing: Using Controls to Protect Information Assets” by Chris Davis, Mike Schiller, and Kevin Wheeler. Adolfo observes that the book “is a good resource and reference tool
for individuals in the search to understand the different functions an IT auditor must perform. Overall, the authors put together a book that is easy to follow, understand, and comprehensive.”<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="margin-left:.25in;text-indent:-.25in;mso-list:l1 level1 lfo3">
<![if !supportLists]><span style="mso-list:Ignore">C.<span style="font:7.0pt "Times New Roman"">
</span></span><![endif]>Content of Journal of Privacy and Security (JIPS), Vol. 10, Issue 3, 2014.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Editorial Content. By the editor, JIPS<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Paper 1. Social Network Privacy: Trusting Friends<o:p></o:p></p>
<p class="MsoNormal">Gerald V. Post, Professor of MIS at the Eberhardt School of Business, University of the Pacific, Stockton, CA, USA and
<o:p></o:p></p>
<p class="MsoNormal">Suzanne B. Walchli, Associate Professor of Marketing, Eberhardt School of Business, University of the Pacific, Stockton, CA, USA<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Abstract. Early social networks were generally open with minimal privacy controls. Some anecdotal evidence suggests that people might want more control over privacy on social networks. As an example of one response to this, Google+ was
introduced as a major change by offering circles or groups to make it easier for users to share specific items with selected individuals. This research model uses a social network as a function of privacy concerns and trust in contacts, and tests the model
using several groups of people, building on earlier research that focuses primarily on trust in the Web provider. The model examines a personal need or desire for privacy, trust in friends, attitudes towards social networks, and evaluates the impact of these
variables on the usage of social networks. The results show that the demand for privacy and trust in friends do have direct impacts on the attitudes towards social networks. And this network attitude does in turn affect the rate of an individual’s usage of
the networks. The results are applicable to any organization that includes social interactions on its site.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Paper 2. Analysis and Estimation of Expected Cyber Attack Scenarios and Consequences<o:p></o:p></p>
<p class="MsoNormal">Roberto Mugavero, University of Rome “Tor Vergata” Department of Electronic Engineering, Italy and Valentina Sabato, Observatory on Security and CBRNe Defense, Italy<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Abstract. The cyberspace is becoming one of the main elements of vulnerability and it has led to a critical situation of country security, because our system is always more focused on information sharing and on quick communication all over
the world. The cyberspace is, in fact, the "easier vector" of the information environment made of independent networks of different communication and telecommunication infrastructures through which it is possible to perform a wide range of cyber attacks causing
possible huge negative effects on systems and assets; however, it does not cause human loss or physical damages to the society.<o:p></o:p></p>
<p class="MsoNormal">In order to protect ourselves from a danger, it is necessary to understand and analyze how many and which are the risks as well as the possible actions needed to minimize the consequences of a dangerous event.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In the Book Review section, Adolfo Coronado reviews a book titled “CCNP security IPS 642-627 official cert guide,” by D. Burns, O. Adesina, & K. Barker. Adolfo observes that the book is thorough enough for “individuals preparing for the
CCNP security IPS 642-627 certification exam”. It is now increasingly felt by many security teachers that for landing a good job in this area, students can increase their chances by qualifying themselves with this kind of certifications.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt;font-family:KaiTi;color:black">Faruk Arslan<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-family:KaiTi;color:black">Department of Accounting and Information Systems | College of Business | The University of Texas at El Paso<o:p></o:p></span></p>
<p class="MsoNormal"><i><span style="font-family:KaiTi;color:black">Mobile</span></i><b><span style="font-family:KaiTi;color:black">:</span></b><span style="font-family:KaiTi;color:black"> 00 1 915 227 4889|
</span><a href="http://business.utep.edu/faculty/profiles/arslan/"><span style="font-family:KaiTi">http://business.utep.edu/faculty/profiles/arslan/</span></a><span style="font-family:KaiTi;color:black"> |
</span><a href="http://www.linkedin.com/pub/faruk-arslan/6/1a1/913"><span style="font-family:KaiTi;background:white">www.linkedin.com/pub/faruk-arslan/6/1a1/913</span></a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
</div>
</body>
</html>