Security and Privacy of Information and IS

In today’s era of globally connected organizations, economies, and societies, the ubiquitous growth of the Internet and significant advances in communications, networking and data gathering and storage technologies have exacerbated the vulnerability of personal and organizational information systems. The extent, frequency, seriousness, and diversity of external attacks to computer systems are unprecedented. Meanwhile, internal attacks and abuse of propriety information assets account for at least half of the serious security and privacy incidents worldwide. Additionally, the personal data gathered and stored by companies is ever more frequently used for profiling and analysis, often without the knowledge or consent of the individuals or groups. Mobile computing with location-aware capabilities has further exacerbated these concerns. It is thus imperative to better understand the laws, policies, strategies, technologies, and actions by societies, organizations, groups, and individuals that address security and privacy issues. 

Accordingly, this track provides a forum for focused discussion and exchange on IS and information security and privacy research. We seek to address important questions arising from the latest developments of ICT, such as: How do online social networks or virtual worlds threaten the security and privacy of the individual participants? What are the underlying economics or societal implications of new security technologies? What are the social and ethical implications related to the uses of new security and privacy practices? How should governments get involved in the process of creating a more secure environment and in safeguarding information privacy? What are the benefits, costs, and implications of the latest security and privacy enhancing technologies? How should firms manage their businesses in view of possible security and privacy breaches? How should firms design and implement "best" security and privacy practices in their IT systems? 

The track welcomes design science, empirical, economic, managerial, behavioral, and theoretical submissions across a diverse range of topics—from technical aspects to broader social and managerial issues at the individual, organizational, or societal levels. We invite theoretical perspectives from behavioral, organizational, cognitive, cultural, socio-technical, or other lenses for analysis of these issues. 

Topics include, but are not limited to, the following aspects of IS security and privacy:

  • Adoption, use, and continuance of info security technologies and policies
  • Computer abuse and employee deviant behaviors
  • Corporate governance of security and privacy
  • Cross-cultural issues in IS security and privacy
  • Deception and deception intention in the context of online trust and security
  • Design and development of security and privacy protection systems
  • Deterrence of security policy violations
  • Digital forensics
  • Economics of information security and privacy
  • Electronic commerce security and privacy
  • Electronic voting
  • Employee accountability
  • Employee security policy compliance and noncompliance
  • Forensic analysis of security breaches and computer crimes
  • Hacking and cracking, white hat and black hat research issues
  • Investigations of computer crime and security violations
  • IT audit and controls
  • Identity theft and risk assessment
  • Individual motivators and inhibitors of employee computer crime
  • Insider threat behaviors and antecedents
  • Intrusion detection/prevention
  • Legal, societal, and ethical issues in information systems security
  • Reliability of cyber infrastructure
  • Risk analysis and management, risk and fraud assessment
  • Secure software development
  • Security and privacy concerning social media and social networking
  • Security and privacy metrics
  • Security and privacy of mobile devices
  • Security and privacy strategies
  • Security, Education, Training, and Awareness (SETA) programs and campaigns
  • Social and business security and privacy policies
  • Socio-technical mechanisms for countering cyber threats
  • Spyware / malware
  • Theoretical & empirical analyses of information security behaviors
  • Trust in security and privacy enhancing systems

Track Chairs

Merrill Warkentin (Mississippi State University)
Robert Willison (Newcastle University)
Paul Benjamin Lowry (City University of Hong Kong)

Associate Editors

  • Alessandro Acquisti, Carnegie Mellon University, USA
  • Manish Agrawal, University of South Florida, USA
  • Corey Angst, University of Notre Dame, USA
  • Jeff Babb, Texas A&M Western University, USA
  • Hasan Cavusoglu, University of British Columbia, Canada
  • Pei-yu Chen, Temple University, USA
  • Rob Crossler, Mississippi State University, USA
  • John D'Arcy, University of Delaware, USA
  • Neil Doherty, Loughborough University, UK
  • Sigi Goode, Australian National University, Australia
  • Teju Herath, Brock University, Canada
  • Tabitha James, Virginia Tech University, USA
  • Allen Johnston, University of Alabama at Birmingham, USA
  • Karthik Kannan, Purdue University, USA
  • Mark Keith, Brigham Young University, USA
  • Xin "Robert" Luo, University of New Mexico, USA
  • Clay Posey, University of Alabama, USA
  • Sam Ransbotham, Boston College, USA
  • Benjamin Shao, Arizona State University, USA
  • Jeanine Spears, DePaul University, USA
  • Paul Steinbart, Arizona State University, USA
  • Tony Vance, Brigham Young University, USA
  • Mark Weiser, Oklahoma State University, USA
  • Heng Xu, Penn State University, USA
  • Wei Thoo Yue, City University of Hong Kong, Hong Kong