Minitrack: Innovative Behavioral IS Security and Privacy Research. This minitrack provides a venue for innovative research that rigorously addresses the risks to information system security and privacy, with a specific focus on individual behaviors within this nomological net. Domains include work related to detecting, mitigating, and preventing both internal and external human threats to organizational security.
Call for Papers
- Call for Papers: Hawaii International Conference on System Sciences-52 (HICSS-52)
- Minitrack: Innovative Behavioral IS Security and Privacy Research
- January 8-11, 2019
- Grand Wailea, Maui
Papers may include theory development, empirical studies (both quantitative and qualitative), case studies, and other high-quality research manuscripts.
Topics include, but are not limited to:
- Creative investigations of actual user security behavior, both positive and negative
- Detecting and mitigating insider threats
- Security policy compliance research - motivations, antecedents, levers of influence
- Analysis of known and unknown modes and vectors of internal and external attack
- SETA (security education, training, and awareness) programs
- Modeling of security and privacy behavioral phenomena and relationships
- Merging methodological topics related to addressing research strategies in IS security
- Translational science perspectives and strategies for IS security research
- Theory development, theory building, and theory testing in information security
- Neurosecurity (NeuroIS) investigations of information security behavior
- Explorations of emerging issues related to the security of the "Internet of Things" (ioT)
This mintrack will provide IS/IT researchers a collaborative forum to share their research approaches. We hope to attract the skills and insights of scholars from a wide set of disciplines, presenting a mix of theoretical and applied papers on threats and mitigation. Areas of research may include the following:
- Research related to insider threats to information security and privacy represent the first and most important thread for the minitrack. Insider threats include activities ranging from non-malicious and non-volitional behaviors (accidents and oversights) to volitional, but not malicious, actions to malicious actions such as theft, fraud, blackmail, sabotage, and embezzlement.
- External vectors of attack by individuals and organizations outside the security perimeter represent the second thread for this minitrack. Specific topics of interest include hacker behaviors, cyber-warfare, identity theft (and electronic deception), and cyber-espionage, including most offensive and defensive methods of prevention, detection, and remediation. Other external parties are motivated to use IT to damage or steal trade secrets, national security information, sensitive account information, or other valuable assets.
- A third thread revolves around security policy compliance, both at the individual and organizational level of analysis. Compliance is not merely a binary concept - it is a continuum. Individuals may minimally comply with formal security and privacy policies and procedures, or they may exhibit extra-role or stewardship behaviors that go above and beyond official compliance. Similarly, individuals may carelessly violate organizational security policies and procedures without malicious intent or they may attempt to cause maximum damage or loss.
- Modeling and theory building in the context of IS security and privacy represents yet another interesting area. Theoretical development in information systems security and privacy research is immature relative to other areas of study in the information systems discipline. This sub-discipline of information systems continues to suffer from a limited theoretical base, restricting our collective ability to properly interpret reality, to apply appropriate methodological approaches, and to substantiate conclusions. Adaptation of theories from applied social psychology and criminology are particularly fertile areas for expanding our knowledge base in this domain. Theories from the disciplines of management, education, and others may also inform our understanding of the phenomena of interest.
- Finally, we have a particular interest in emerging, rigorous research methods for investigating these phenomena. Organizational-level research can be improved, but studies conducted at the individual level, in particular, can benefit from new experimental designs and new data collection methods. Examples include neurophysiological (NeuroIS) methods such as EEG or fMRI, the factorial survey method, and simulations.
- April 15: Paper submission begins.
- June 15 | 11:59 pm HST : Paper submission deadline
- August 17 | 11:59 pm HST : Notification of Acceptance/Rejection
- September 22: Deadline for authors to submit final manuscript for publication
- October 1: Deadline for at least one author of each paper to register for the conference
Authors are invited to submit papers electronically in PDF format. Author Guidelines: http://hicss.hawaii.edu/tracks-and-minitracks/authors/
Proceedings will be published through the HICSS-52 conference proceedings. Selected outstanding manuscripts from this minitrack may be recommended to the editors of the European Journal of Information Systems or to Decision Sciences to be fast-tracked for the review process. The Editors of each journal have approved of this process.
Merrill Warkentin (MSStateU), Allen Johnston (UAlabama), and Tony Vance (TempleU)