WS 02: CIISR – Third International Workshop on Current Information Security and Compliance Issues in Information Systems Research
Workshop Beschreibung
In a connected world of people, data, and things, enterprises are caught between the need for rapid digital growth, regulatory compliance, and securing their information assets across all stakeholders [1]. Effective compliance and security governance as well as the appropriate implementation of corresponding measures are becoming a central factor for digital responsibility and sustainable security [2].
Nowadays, information security and compliance are approached from a variety of different perspectives in information systems research (ISR). As part of information security management, for instance, it is examined which operational measures may result in desired employee behavior [1, 3]. In the context of cloud computing, for instance, it is examined how compliance with service level agreements can be achieved in hybrid cloud architectures [4]. In the context of business process management, for instance, it is examined how information security and compliance measures in business processes can be ensured sustainably and economically in digitalized and electronic markets [5, 6].
These and many other current aspects of information security and compliance will be addressed at the third International Workshop on Current Information Security and Compliance Issues in Information Systems Research (CIISR 2023). The workshop will take place on September 18, 2023 in conjunction with the 18th International Conference on Wirtschaftsinformatik (WI2023). Based on the main theme of the conference–DIGITAL RESPONSIBILITY–we will discuss current issues regarding the responsible handling of information security and compliance, which are of great importance for ISR in an ever-increasing digitalization.
Workshop Themen
We cordially invite authors to submit and present their completed research papers, short papers, or extended abstracts relevant to the workshop topic. We welcome practical contributions, empirical studies, systematic literature analyses, as well as research papers following the design science research paradigm. The topics of interest include, but are not limited to:
- Information security policy compliance (ISPC)
- Effectiveness of information security management standards
- Impact of social learning on ISPC
- ISPC in cross-organizational contexts
- Security Education Training and Awareness (SETA)
- Handling of data breaches
- Information security and compliance issues in cloud environments
- Non-compliance with promised performance levels of cloud services
- Compliance with service level agreements and qualities of service
- Ensuring business process compliance/security
- Business process compliance/security in the context of outsourcing or in consideration of economic/social factors
- Information security and compliance issues related to process mining
- Current issues of IT compliance
- Impact of current IT-related legal regulations (e.g., the General Data Protection Regulation (GDPR), the second PaymentServices Directive (PSD2), and other) on the operations of companies and/or (governmental) institutions.
- Information security and compliance issues related to the COVID-19 pandemic
Contributions addressing other workshop-relevant topics are also welcome. For the latest information on the CIISR workshop, please visit the official workshop website:
Vorgesehene Zielgruppe: The target group of the CIISR workshop includes academics whose research focus is on current information security and compliance issues, practitioners working in the fields of information security and/or compliance, and all other interested parties. This workshop provides the opportunity for (senior) researchers and practitioners to present their latest research, but also serves as a forum for young scientists and doctoral students to present early or ongoing research results. Interested participants can also register for participation in the workshop without submitting a contribution.
Datum des Workshops
Montag 18.09.2023, von 13:00 bis 16:00 Uhr
Einreichung von Beiträgen
We welcome submissions to the CIISR workshop on the above-mentioned topics written in English. For this purpose, we offer three submission types:
- Completed research papers/completed practical reports: This submission type includes both advanced research with at least partial evaluation and comprehensive practical contributions.
- Short papers (research in progress papers/short practical reports): Short papers represent ongoing research or ongoing practical projects. In addition to presenting initial results, these papers should also contain an outlook on further research or on further project progress, including planned future work steps.
- Extended abstracts: Extended abstracts present and discuss high-quality results of already published contributions (or dissertations/postdoctoral theses) with relevance to the workshop topic.
Format
In terms of length requirements, we follow the official WI2023 guidelines for long (submission type 1) and short papers (submission types 2 and 3).
When formatting your submissions, please use the official WI2023 templates.
Except for extended abstracts, the submission of contributions must be made in anonymized form, i.e., all information that would allow the authors to be identified must be removed or blinded (e.g., author names, citations of preliminary works, project names). Each submission will be reviewed double-blind. The authors‘ information will be added after the acceptance notification. All accepted contributions will be published in a workshop volume and must be presented and discussed by at least one author during the CIISR workshop.
Fristen und Termine
Deadline for submissions (extended): | 15 July 2023 (midnight CET) |
Notification of (conditional) acceptance (extended): | 15 August 2023 |
Submission of final papers (extended): | 07 September 2023 (midnight CET) |
Workshop date: | 18 September 2023 |
Submissions should be made via the conference’s submission system ConfTool (https://www.conftool.com/wi23/). If you encounter any problems with the submission, please contact us immediately. If problems arise shortly before the deadline, you may also submit your paper(s) by email at stephan.kuehnel@wiwi.uni-halle.de (as a very last option).
Registration
Workshop registration is done as part of the conference registration via the ConfTool. The workshop fees are included in the conference fees. All accepted contributions must be presented and discussed by at least one author during the CIISR workshop.
Workshop Schedule
- Kick-off (13:00 – 13:05):
- Full Papers (13:05 – 15:15)
- Full Paper 1: Sellami, Mahdi; Bueno Momčilović, Tomas; Kuhn, Peter; Balta, Dian: Interaction Patterns for Regulatory Compliance in Federated Learning
- Full Paper 2: Hillmann, Felix; Klauenberg, Tim; Schroeder, Lennart; Diesterhöft, Till Ole: A User-centric View on Data Breach Response Expectations
- Full Paper 3: Nake, Leonard: Integrating IT Security Aspects into Business Process Models: A Taxonomy of BPMN Extensions
- Full Paper 4: Böhmer, Martin: From Pixels to Generalization: Ensuring Information Security and Model Performance with Design Principles for Synthetic Image Data in Deep Learning
- Short Papers and Extended Abstracts – Poster Session (15:15 – 15:55):
- Short Paper 1: Klymenko, Alexandra; Meisenbacher, Stephen; Messmer, Florian; Matthes, Florian: Privacy-Enhancing Technologies in the Process of Data Privacy Compliance: An Educational Perspective
- Short Paper 2: Pfaff, Theresa: Nudging Towards Compliance? Assessing the Impact of Nudging Strategies on Information Security Policy Adherence
- Short Paper 3: Hövel, Gilbert Georg; Matschak, Tizian: How to Foster Compliance in Non-Integrated IT-Landscapes? The Case of Manual Medical Data Transfers
- Extended Abstract 1: Klymenko, Alexandra; Meisenbacher, Stephen; Matthes, Florian: The Structure of Data Privacy Compliance
- Closing (15:55 – 16:00)
- Voluntary Networking (16:00 – 16:30)
Organisatoren
Stephan Kühnel
Martin-Luther-Universität Halle-Wittenberg, stephan.kuehnel@wiwi.uni-halle.de
Ilja Nastjuk
Georg-August-Universität Göttingen, ilja.nastjuk@wiwi.uni-goettingen.de
Stefan Sackmann
Martin-Luther-Universität Halle-Wittenberg
Simon Trang
Universität Paderborn, simon.trang@uni-paderborn.de
Program Committee
- Prof. Dr. Jörn Altmann
- Prof. Dr. Alfred Benedikt Brendel
- Prof. Dr. Nadine Guhr
- Ass. Prof. Dr. Simon Hacks
- Dr. Kristin Masuch
- Mohammed Mubarkoot, Ph.D.
- Prof. Dr. Jana Rhese
- Prof. Dr. Michael Schulz
- Michael Seifert, M.Sc. (Sr. Advisor)
- Dr. Tobias Seyffarth
- Prof. Dr. Nils Urbach
References
1. Trang, S., Brendel, B.: A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research. Information Systems Frontiers 21, 1265–1284 (2019)
2. Schatz, D., Bashroush, R.: Economic valuation for information security investment: a systematic literature review. Information Systems Frontiers 19, 1205–1228 (2017)
3. Hengstler, S., Kuehnel, S., Masuch, K., Nastjuk, I., Trang, S.: Should i really do that? Using quantile regression to examine the impact of sanctions on information security policy compliance behavior. Computers & Security 133, 103370, DOI: 10.1016/j.cose.2023.103370
4. Seifert, M., Kuehnel, S., Sackmann, S.: Hybrid Clouds Arising from Software as a Service Adoption: Challenges, Solutions, and Future Research Directions. ACM Computing Surveys, Volume 55, Issue 11, Article No.: 228, pp. 1-35, DOI: 10.1145/3570156 (2023)
5. Sackmann, S., Kühnel, S., Seyffarth, T.: Using Business Process Compliance Approaches for Compliance Management with regard to Digitization: Evidence from a Systematic Literature Review. 16th International Conference on Business Process Management (2018)
6. Seyffarth, T., Kuehnel, S.: Maintaining business process compliance despite changes: a decision support approach based on process adaptations. Journal of Decision Systems 31, 305–335 (2022)