WS 02: CIISR – Third International Workshop on Current Information Security and Compliance Issues in Information Systems Research

Workshop description

In a connected world of people, data, and things, enterprises are caught between the need for rapid digital growth, regulatory compliance, and securing their information assets across all stakeholders [1]. Effective compliance and security governance as well as the appropriate implementation of corresponding measures are becoming a central factor for digital responsibility and sustainable security [2].

Nowadays, information security and compliance are approached from a variety of different perspectives in information systems research (ISR). As part of information security management, for instance, it is examined which operational measures may result in desired employee behavior [1, 3]. In the context of cloud computing, for instance, it is examined how compliance with service level agreements can be achieved in hybrid cloud architectures [4]. In the context of business process management, for instance, it is examined how information security and compliance measures in business processes can be ensured sustainably and economically in digitalized and electronic markets [5, 6].

These and many other current aspects of information security and compliance will be addressed at the third International Workshop on Current Information Security and Compliance Issues in Information Systems Research (CIISR 2023). The workshop will take place on September 18, 2023 in conjunction with the 18th International Conference on Wirtschaftsinformatik (WI2023). Based on the main theme of the conference–DIGITAL RESPONSIBILITY–we will discuss current issues regarding the responsible handling of information security and compliance, which are of great importance for ISR in an ever-increasing digitalization.

Workshop topics

We cordially invite authors to submit and present their completed research papers, short papers, or extended abstracts relevant to the workshop topic. We welcome practical contributions, empirical studies, systematic literature analyses, as well as research papers following the design science research paradigm. The topics of interest include, but are not limited to:

  • Information security policy compliance (ISPC)
    • Effectiveness of information security management standards
    • Impact of social learning on ISPC
    • ISPC in cross-organizational contexts 
    • Security Education Training and Awareness (SETA)
    • Handling of data breaches
  • Information security and compliance issues in cloud environments
    • Non-compliance with promised performance levels of cloud services
    • Compliance with service level agreements and qualities of service
  • Ensuring business process compliance/security
    • Business process compliance/security in the context of outsourcing or in consideration of economic/social factors
    • Information security and compliance issues related to process mining
  • Current issues of IT compliance
    • Impact of current IT-related legal regulations (e.g., the General Data Protection Regulation (GDPR), the second PaymentServices Directive (PSD2), and other) on the operations of companies and/or (governmental) institutions.
  • Information security and compliance issues related to the COVID-19 pandemic

Contributions addressing other workshop-relevant topics are also welcome. For the latest information on the CIISR workshop, please visit the official workshop website:

https://ciisr.wiwi.uni-halle.de/

Intended target group: The target group of the CIISR workshop includes academics whose research focus is on current information security and compliance issues, practitioners working in the fields of information security and/or compliance, and all other interested parties. This workshop provides the opportunity for (senior) researchers and practitioners to present their latest research, but also serves as a forum for young scientists and doctoral students to present early or ongoing research results. Interested participants can also register for participation in the workshop without submitting a contribution.

Workshop date

Monday, September 18, 2023, 1:00 to 4:00 p.m.

Submission of Contributions

We welcome submissions to the CIISR workshop on the above-mentioned topics written in English. For this purpose, we offer three submission types:

  1. Completed research papers/completed practical reports: This submission type includes both advanced research with at least partial evaluation and comprehensive practical contributions.
  2. Short papers (research in progress papers/short practical reports): Short papers represent ongoing research or ongoing practical projects. In addition to presenting initial results, these papers should also contain an outlook on further research or on further project progress, including planned future work steps.
  3. Extended abstracts: Extended abstracts present and discuss high-quality results of already published contributions (or dissertations/postdoctoral theses) with relevance to the workshop topic.

Format

In terms of length requirements, we follow the official WI2023 guidelines for long (submission type 1) and short papers (submission types 2 and 3).

When formatting your submissions, please use the official WI2023 templates.

Except for extended abstracts, the submission of contributions must be made in anonymized form, i.e., all information that would allow the authors to be identified must be removed or blinded (e.g., author names, citations of preliminary works, project names). Each submission will be reviewed double-blind. The authors‘ information will be added after the acceptance notification. All accepted contributions will be published in a workshop volume and must be presented and discussed by at least one author during the CIISR workshop.

Deadlines and Dates

Deadline for submissions (extended):15 July 2023 (midnight CET)
Notification of (conditional) acceptance (extended):15 August 2023
Submission of final papers (extended):07 September 2023 (midnight CET)
Workshop date:18 September 2023

Submissions should be made via the conference’s submission system ConfTool (https://www.conftool.com/wi23/). If you encounter any problems with the submission, please contact us immediately. If problems arise shortly before the deadline, you may also submit your paper(s) by email at stephan.kuehnel@wiwi.uni-halle.de (as a very last option).

Registration

Workshop registration is done as part of the conference registration via the ConfTool. The workshop fees are included in the conference fees. All accepted contributions must be presented and discussed by at least one author during the CIISR workshop.

Workshop Schedule


Organizers

Stephan Kühnel

Martin-Luther-Universität Halle-Wittenberg, stephan.kuehnel@wiwi.uni-halle.de

Ilja Nastjuk

Georg-August-Universität Göttingen, ilja.nastjuk@wiwi.uni-goettingen.de

Stefan Sackmann

Martin-Luther-Universität Halle-Wittenberg

Simon Trang

Universität Paderborn, simon.trang@uni-paderborn.de


Program Committee

  • Prof. Dr. Jörn Altmann
  • Prof. Dr. Alfred Benedikt Brendel
  • Prof. Dr. Nadine Guhr
  • Ass. Prof. Dr. Simon Hacks
  • Dr. Kristin Masuch
  • Mohammed Mubarkoot, Ph.D.
  • Prof. Dr. Jana Rhese
  • Prof. Dr. Michael Schulz
  • Michael Seifert, M.Sc. (Sr. Advisor)
  • Dr. Tobias Seyffarth
  • Prof. Dr. Nils Urbach

References

1. Trang, S., Brendel, B.: A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research. Information Systems Frontiers 21, 1265–1284 (2019)

2. Schatz, D., Bashroush, R.: Economic valuation for information security investment: a systematic literature review. Information Systems Frontiers 19, 1205–1228 (2017)

3. Hengstler, S., Kuehnel, S., Masuch, K., Nastjuk, I., Trang, S.: Should i really do that? Using quantile regression to examine the impact of sanctions on information security policy compliance behavior. Computers & Security 133, 103370, DOI: 10.1016/j.cose.2023.103370

4. Seifert, M., Kuehnel, S., Sackmann, S.: Hybrid Clouds Arising from Software as a Service Adoption: Challenges, Solutions, and Future Research Directions. ACM Computing Surveys, Volume 55, Issue 11, Article No.: 228, pp. 1-35, DOI: 10.1145/3570156 (2023)

5. Sackmann, S., Kühnel, S., Seyffarth, T.: Using Business Process Compliance Approaches for Compliance Management with regard to Digitization: Evidence from a Systematic Literature Review. 16th International Conference on Business Process Management (2018)

6. Seyffarth, T., Kuehnel, S.: Maintaining business process compliance despite changes: a decision support approach based on process adaptations. Journal of Decision Systems 31, 305–335 (2022)