Track Chairs:

David Biros, Oklahoma State University,  This email address is being protected from spambots. You need JavaScript enabled to view it.
Mark Weiser, Oklahoma State University,  This email address is being protected from spambots. You need JavaScript enabled to view it.">This email address is being protected from spambots. You need JavaScript enabled to view it.

Track Description:

Information Systems Security, Assurance, and Privacy issues have led to significant challenges for individuals, small and large firms, federal and state agencies and policy makers.  The growth of spurious activity on the Internet and toward related technologies is matched by a responsive growth in cyber security and digital forensic activities.

While there is an abundance of practices and techniques for employing cyber security and digital forensics, there are still many challenges, especially in the areas of underlying theory and rigorously tested methodologies.   Sponsored by SIGSEC, this track provides a forum for focused discussion and exchange on cyber security and privacy issues.  We seek to address important issues arising from emerging developments in information security, such as: the influence of risk and system security controls on decision making; how system defenders share information to mitigate vulnerabilities and exploits; the role of digital forensics in combating cyber security offenses; how online social networks threaten the security and privacy of participants; the underlying economics or cultural implications of new security technologies; effectiveness of government sponsored initiatives; and how regulations and policies influence employee security behaviors and organizational security postures.  The track welcomes both empirical and theoretical submissions.


Mini-Tracks:


Insider Threats: IT Abuse, Misuse and Crime

David Green, Governors State University, This email address is being protected from spambots. You need JavaScript enabled to view it.

This minitrack encourages research that examines IT abuse, misuse, and criminal activity by insiders. Employees and other insiders may have intimate knowledge of an organization’s systems, networks, and data and have the potential to pose a significant threat through intentional or unintentional behavior. Research may focus on specific areas related to insider behavior/misbehavior, motivation, and controls as well as counterproductive or unethical use of information systems. Interdisciplinary research in areas such as industrial and organizational psychology, management, information systems, and information security is also encouraged.


Mobile Device Security

Mark Harris, University of South Carolina, This email address is being protected from spambots. You need JavaScript enabled to view it.

Mobile devices, including smartphones and tablets, enable users to access corporate data from anywhere. By 2013, 50% of the workforce in medium to large organizations will use smartphones and 25% will use tablets (Osterman Research, 2012). However, security of these devices is a major concern to organizations. The two leading operating systems, Google’s Android OS and Apple’s iOS, both have security concerns, as well as the application markets and the applications within (Statcounter, 2012; Greenburg, 2012; Barrera, 2011). Bring your own device (BYOD), where employees supply their own equipment for work purposes, can be cost cutting for organizations, but failing to address security can significantly add to those costs (Osterman Research, 2012). Finding the proper mix of security and personal freedom with such devices is something all organizations must face.


Emerging Issues in Information Security

Humayun Zafar, Kennesaw State University, This email address is being protected from spambots. You need JavaScript enabled to view it.

The Internet was once considered separate from the world of reality where virtual was separate from physical and there was clear delineation between the activities in cyberspace and those that were carried out in the “real” world of brick and mortar enterprises. Now, organizations are leveraging the vast resources that are available though the Internet, the World Wide Web and other network enabled technologies to find and stay connected to customers.

Concurrent with the marriage between cyberspace and the brick and mortar world, telephony and information technologies are converging. The advent of smartphones means that a single device can make calls, send emails, browse the web, and review documents, and even pay the tab at a Starbucks. This has resulted in greater need for access to personal information databases, which has allowed data protection issues to take center stage. Holding personal information without adequate safeguards may lead to a disaster. Incidents have shown that organizations lose goodwill, to the point of bankruptcy, for having failed to address information systems security, assurance, and privacy issues.


Information Security Management Systems

Fernando Parra, Fernando, University of Texas at El Paso, This email address is being protected from spambots. You need JavaScript enabled to view it.

Businesses all around the globe are increasingly concerned with the risks that exist today given the advent of new technologies that are dependent on an interconnected cyberspace. The possibility that events will interfere with the achievement of a firm’s objectives demands appropriate risk management, which encompasses the assessment of financial and operational exposure, data integrity and the development of containment strategies. Information Security Management Systems (ISMS) aim to provide an organization with a coherent set of policies, processes and systems to manage information asset risks, ensuring acceptable levels of information security risk. International standards have been established by both the security and the auditing community to provide guidance to organizations in establishing sound frameworks. Globalization, increased environmental risks and economic consequences merits further scholarly attention to phenomena surrounding Information Security Management Systems.

This mini-track will address current and emerging issues and trends in information systems security, assurance, and privacy.