Information Systems Security, Assurance, and Privacy (SIGSEC)


Track Chairs:

David Biros, Oklahoma State University,  This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Mark Weiser, Oklahoma State University,  This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Track Description:

Information Systems Security, Assurance, and Privacy issues have led to significant challenges for individuals, small and large firms, federal and state agencies and policy makers.  The growth of spurious activity on the Internet and toward related technologies is matched by a responsive growth in cyber security and digital forensic activities.

While there is an abundance of practices and techniques for employing cyber security and digital forensics, there are still many challenges, especially in the areas of underlying theory and rigorously tested methodologies.   Sponsored by SIGSEC , this track provides a forum for focused discussion and exchange on cyber security and privacy issues.  We seek to address important issues arising from emerging developments in information security, such as: the influence of risk and system security controls on decision making; how system defenders share information to mitigate vulnerabilities and exploits; the role of digital forensics in combating cyber security offenses; how online social networks threaten the security and privacy of participants; the underlying economics or cultural implications of new security technologies; effectiveness of government sponsored initiatives; and how regulations and policies influence employee security behaviors and organizational security postures.  The track welcomes both empirical and theoretical submissions.

Minitracks:

Emerging Issues in Information Security

Humayun Zafar, Kennesaw State University, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Herbert J Mattord, Kennesaw State University, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

The Internet was once considered separate from the world of reality where virtual was separate from physical and there was clear delineation between the activities in cyberspace and those that were carried out in the “real” world of brick and mortar enterprises. Now, organizations are leveraging the vast resources that are available though the Internet, the World Wide Web and other network enabled technologies to find and stay connected to customers.

Concurrent with the marriage between cyberspace and the brick and mortar world, telephony and information technologies are converging. The advent of smartphones means that a single device can make calls, send emails, browse the web, and review documents, and even pay the tab at a Starbucks. This has resulted in greater need for access to personal information databases, which has allowed data protection issues to take center stage. Holding personal information without adequate safeguards may lead to a disaster. Incidents have shown that organizations lose goodwill, to the point of bankruptcy, for having failed to address information systems security, assurance, and privacy issues.

This mini-track will address emerging issues and trends in information systems security, assurance, and privacy.

Information Privacy

Babita Gupta, California State University - Monterey Bay, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

Organizations are deploying a wide range of applications to gather ever more data about their customers from various digital channels. They use these data to enhance the online experience for consumers and maximize profitability. These business practices can also results in misuse of data and raise many information security and privacy issues. Proliferation of social networks along with ubiquitous wireless devices has made data sharing boundaries for the enterprise less defined and more porous creating vulnerabilities for the organization. These concerns are magnified as organizations rely on global networks to do business with companies in other countries, and there are no universal laws that adequately protect privacy.

This mini-track provides a forum for focused discussion on information security and privacy models based on sound theoretical framework that allow organizations to ensure that users are able to engage in secure data exchange using the various digital communication channels.

Information Security Management in a Hyperconnected World

Deniz Tuncalp, Istanbul Technical University, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Jae Choi, Pittsburg State University, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

Information Security Management (ISM) presents a challenging task for individuals, firms and organizations of any size. As hyperconnectivity phenomena grow, we are increasingly more reliant on distributed and online systems, where identifying, evaluating, controlling and managing risks imposed on information assets and respective security controls are becoming more and more problematic. Vulnerability of information assets, respective threat profiles and incident probabilities are now dynamically intertwined, making information security management an unprecedentedly complex practice.

While there is an abundance of practices and techniques for information security management, there are still many areas of improvement, especially in the underlying theory and rigorously tested methodologies. This minitrack provides a forum for scholars to discuss and reflect on areas of information security management.

Insider Threats: IT Abuse, Misuse and Crime

David Green, Governors State University, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

This minitrack encourages research that examines IT abuse, misuse, and criminal activity by insiders. Employees and other insiders may have intimate knowledge of an organization’s systems, networks, and data and have the potential to pose a significant threat through intentional or unintentional behavior. Research may focus on specific areas related to insider behavior/misbehavior, motivation, and controls as well as counterproductive or unethical use of information systems. Interdisciplinary research in areas such as industrial and organizational psychology, management, information systems, and information security is also encouraged.

Mobile Device Security

Mark A. Harris, University of South Carolina, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

Mobile devices, including smartphones and tablets, enable users to access corporate data from anywhere.  By 2013, 50% of the workforce in medium to large organizations will use smartphones and 25% will use tablets (Osterman Research, 2012).  However, security of these devices is a major concern to organizations.  The two leading operating systems, Google’s Android OS and Apple’s iOS, both have security concerns, as well as the application markets and the applications within (Statcounter, 2012; Greenburg, 2012; Barrera, 2011).  Bring your own device (BYOD), where employees supply their own equipment for work purposes, can be cost cutting for organizations, but failing to address security can significantly add to those costs (Osterman Research, 2012).  Finding the proper mix of security and personal freedom with such devices is something all organizations must face.

Security Issues in Health Information Technology

Constance C Mussa, City University of New York, Brooklin College, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Barbara Hewitt, Texas A & M University - San Antonio, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

Commensurate with the 2001 Report and Recommendations from the National Committee on Vital and Health Statistics (NCVHS) regarding the development of a national health information infrastructure, many health care organizations have begun to utilize information technology to alleviate the growing problem of information management. To this end, computerized information systems are being implemented in many health care organizations to capture, manipulate, present, and transform data into useful information. This trend has gained momentum following the goal set in 2004 by President George W. Bush to create an electronic health record for every American by the year 2014. The allocation of 2 billion dollars to the Office of the National Coordinator for Health Information Technology in Title XIII of the American Recovery and Reinvestment Act signed into law by President Obama on February 17, 2009 underscores the Federal Government’s sustained commitment to the, “development of a nationwide health information technology infrastructure that allows for the electronic use and exchange of information.”

While automated information management and processing enhances health care delivery by reducing medication errors through alerts and reminders, enabling faster access to medical records, and reducing duplication of tests, the security of electronic medical records (EMRs) remain questionable. To ensure the confidentiality, integrity, and availability of information and to ensure compliance with the privacy and security standards of the Health Insurance Portability and Accountability Act (HIPAA), health care organizations have implemented a number of security controls. Although the objectives of these controls are understood and acknowledged by users of EMR systems, the controls are sometimes circumvented or ignored. Ensuring the privacy and security of electronic health information is an important non-clinical objective that EMR systems must meet to achieve Stage 1 Meaningful Use as defined by the Centers for Medicare & Medicaid Services (CMS).

Socio-Technical Dimensions in IS Security

Raj Sharman, State University of New York at Buffalo, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Gupreet Dhillon, Virginia Commonwealth University, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

H. R. Rao, SUNY Buffalo, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

Over the past few years awareness of IS security problems has been at an all time high. There has been a nearly 28% growth, year on year, on IS security spending. At the same time on an average it is costing companies nearly $15 billion per year because of security breaches.Researchers have indicated that one of the reasons for our inability to contain IS security breaches is the skewed emphasis on technical controls. In the literature, calls have also been made to study the socio-organizational aspects of IS security.  It therefore seems prudent to focus attention on socio-technical aspects of IS security. Further, important security issues also include economic aspects that deal with loss of productivity relating to additional processes that now form part of the value chain. The ramifications of security implementations suggest that information systems should deal with broader issues that are socio-technical and economic as well.

Papers submitted to this track will address issues identified in previous research and set the stage of establishing an agenda for further research. The discussions afforded by this track will also be the basis for sustaining a comprehensive research stream in this area and usher new ways and dimensions to dealing with security.