[IRIS] CfP ECIS 2024 SIGSEC Workshop: Reconsidering assumptions about the human role in cybersecurity and privacy research

Marko Ilmari Niemimaa marko.niemimaa at uia.no
Fri Apr 19 04:07:15 EDT 2024 

A kind reminder of the workshop (deadline for submissions April 30).

Professor Mikko Siponen (University of Alabama) has agreed to give a keynote at the event! Professor Siponen is one of the leading scholars in the human aspects of cybersecurity. See https://scholar.google.fi/citations?user=lG0VhooAAAAJ&hl=fi&oi=ao
________________________________
Lähettäjä: Marko Ilmari Niemimaa
Lähetetty: perjantai 8. maaliskuuta 2024 9.21
Vastaanottaja: IRIS at lists.aisnet.org <iris at lists.aisnet.org>
Aihe: CfP ECIS 2024 SIGSEC Workshop: Reconsidering assumptions about the human role in cybersecurity and privacy research

Dear colleagues,

please, consider submitting.


---

CFP: ECIS 2024 SIGSEC Workshop: Reconsidering assumptions about the human role in cybersecurity and privacy research

June 16, 2024, Paphos, Cyprus

Submissions: ecis2024-sigsec at jyu.fi<mailto:ecis2024-sigsec at jyu.fi>

In cyber security research, the role of “human” is often discussed with a negative undertone, framing employees as ‘insider threats’, ‘computer abusers’, or ‘cyber deviants’ when they do not comply with the prescribed security rules. Whether the negative perspective is a paradigm (Morgan, 1980) can be discussed, but there are certain prevalent metaphors such as the human being “the weakest link” in the information security chain. Using criminological theories, such as deterrence and neutralization theory, persuades us to accept the assumption that a non-compliant employee is performing a “white collar crime” (Straub, 1989, p.154). Further, to Morgan’s (1980) classification, suggesting intimidating employees into compliance with punishment and fear appeals has become a de facto puzzle-solving (i.e. specific solutions to specific problems) practice.

What if, when discussing puzzle-solving solutions, we would discuss incentives instead of sanctions? On the metaphor level, what if we researchers challenged the negative assumptions behind deterrence, neutralization, and protection motivation theories and replaced them with self-determination theory or socio-technical approaches? Self-determination theory by Deci and Ryan (1980) argues that people have an intrinsic need for autonomy, competence, and relatedness. This triad could translate to inspiring aspects such as empowering with knowledge, the joy of gamifying, and a sense of community.

Or if we use some other metaphors such as Johnston et al. (2019) “It takes a village” or the idea of security as a team sport (Yoo et al., 2020) or ‘human-as-solution’(Zimmermann & Renaud, 2019)? We would view humans as valuable actors, and first responders to security threats. This kind of imagery is needed for the empowerment of humans as an integral part of an information security management system.

We invite papers problematizing the negative assumptions and solutions, or even the way of seeing the reality in cyber security as well as privacy research, whether they employ qualitative, quantitative, conceptual, or other research approaches

Interesting topics include (but are not limited to):

  *   Problematizing current imagery of the human role in security and privacy
  *   Intrinsic and extrinsic motivation to improve security and privacy behavior
  *   Community and team approach to improve security and privacy behavior
  *   Gamification in security and privacy
  *   Empowering humans in security and privacy
  *   AI in cybersecurity and privacy

Format: We invite short abstracts (max 500 words) and extended abstracts (max 5000 words) to this paper development workshop. We welcome both papers in the early phase from authors who wish to expose their ideas for discussion and more well-developed manuscripts from authors who wish to present and discuss their arguments before submission to a journal.

All accepted submissions will be shortly presented to the audience (“pitch talks”) and then discussed in roundtable sessions so that more discussion time is allocated to extended abstracts.

Important dates:

Submission deadline: April 30, 2024
Peer feedback deadline: May 21, 2024


On behalf of the workshop organizing committee

Jonna Järveläinen, Associate Professor, University of Jyväskylä and Turku, Finland, jonna.k.jarvelainen at jyu.fi<mailto:jonna.k.jarvelainen at jyu.fi> (primary contact person)

Wael Soliman, Associate Professor, University of Agder, Norway, wael.soliman at uia.no<mailto:wael.soliman at uia.no>

Paolo Spagnoletti, Associate Professor, LUISS, Italy and University of Agder, Norway, pspagnoletti at luiss.it<mailto:pspagnoletti at luiss.it>

Marko Niemimaa, Associate Professor, University of Agder, Norway, marko.niemimaa at uia.no<mailto:marko.niemimaa at uia.no>

João Baptista, Professor, University of Lancaster, UK, j.baptista at lancaster.as.uk<mailto:j.baptista at lancaster.as.uk>

Shuyuan Metcalfe, Associate Professor, Florida State University, USA, smho at fsu.edu<mailto:smho at fsu.edu>



---


---

Dr. Marko Niemimaa

Associate Professor
Information Systems
University of Agder
Tlf: +47 38 14 18 42
email: marko.niemimaa at uia.no
www.uia.no/en<http://www.uia.no/en>
https://www.uia.no/en/kk/profile/markoin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aisnet.org/pipermail/iris_lists.aisnet.org/attachments/20240419/2c453966/attachment-0001.html>

More information about the IRIS mailing list