Journal of Information Privacy and Security (JIPS) will be published henceforth by the Taylor and Francis group.  We are looking for experienced reviewers and Associate Editors for our journal.

 

A.      Call For Paper:

 

Journal of Information Privacy and Security (JIPS) http://jips.utep.edu

 

Mission

The mission of the Journal of Information Privacy and Security (JIPS) is to serve both academics and practitioners as a reliable source on issues of information privacy and security. The Journal is a high quality refereed journal that seeks support from academicians, industry experts and specific government agencies. The JIPS focuses on publishing articles that address the paradoxical nature of privacy versus security amidst current global conditions. It is increasingly important that various constituents of information begin to understand their role in finding solutions to achieve a delicate balance between security and privacy.

 

The JIPS will facilitate understanding of the information assurance technical framework as it pertains to government agencies, companies and individuals. The topics may include the information privacy and security issues pertaining to initiatives on counter-terrorism efforts around the world, the impact of U.S. federal regulation and compliance issues facing global corporations, the impact of privacy and security initiatives within small and medium enterprises (SMEs), and e-gambling.

 

Article submissions are encouraged from both academics and practitioners. Each issue will include high quality articles from academics and practitioners, case studies, book reviews, and industry interviews. The Journal addresses issues of privacy and security from a global perspective and will consider articles with a cross-functional focus. The Journal will include articles in the following areas:

 

- Information Assurance frameworks

- Network security and impact on corporate infrastructure

- Privacy laws and impact on information compliance issues

- The duality of privacy and security and impact on corporate operations

- Governmental regulations and changes on information security requirements

- Data transfer issues across nations, states, and corporations

- Privacy and security requirements in B2B and B2C information flows

- Cross-functional aspects of information assurance and requirements faced by various business functions within companies

- Web sites, portals and the issue of trust

- Information privacy and security as it relates to end-users

- Applications and case studies in privacy and security issues facing business organizations, government agencies and individuals

- Emerging topics such as biometrics, software utilities, and IT obligations and how they change the business environment

 

We also welcome suggestions on special issue covering a relevant topic.

 

Review Process

Each article will be blind-reviewed by three members of the editorial review board. Reviewer recommendation will be considered by the Editor-in-Chief or an Associate Editor. For a revision and rewrite, a revised paper will be sent to one of the Editors for final approval. The final decision will be made by the Editor-in-Chief.

               

Interested authors should consult the journal's manuscript submission guidelines  at http://jips.utep.edu

 

All inquiries and submissions should be sent to:

Editor-in-Chief: Dr. Kallol Bagchi, kbagchi@utep.edu

 

B.      Content of Journal of Privacy and Security (JIPS), Vol. 10, Issue 1, 2014.

 

Editorial. By the Editor-in-chief

 

Paper 1. A Brief Review of Software Security History with an Emphasis on Efforts Focused at Early Stages of the Software Lifecycle By Spyros T. Halkidis, Alexander Chatzigeorgiou and George Stephanides

Abstract. It was not until 2006 that it was discovered by Gary McGraw that “Design flaws account for 50 percent of security problems, and architectural risk analysis plays an essential role in any solid security program”.  In this article, we have qualitatively analyzed the security patterns presented until 2004 by the OpenGroup Security Forum, and quantitatively evaluated software systems based on their design, using fuzzy risk analysis, based on the security patterns they contain and the STRIDE model of attacks by Howard and LeBlanc proposed in 2001. Additionally, it has been noted by Hoglund and McGraw in 2004 that attacks to software start with the reverse engineering phase of the code, using a decompiler or a disassembler. A possible solution to this problem is code obfuscation whose use was proposed in the late 90’s, for example by Collberg et al. in 1997. However, it was not until 2010, when this technique started to gain attention because of the book by Collberg and Nagra. We conclude with this method, which we think is a starting point for future research. This paper tries to provide a brief review of Software Security history putting an emphasis on our efforts to embed security at early stages of the software lifecycle.

 

Paper 2. Information Security  In Higher Education:  A Neo-Institutional Perspective  By Hwee-Joo Kam and Pairin Katerattanakul

Abstract. External pressures could be a compelling force that drives higher education institutions to attain information security. Drawing on the Neo-Institutional Theory, this study examined how three external expectations: regulative, normative, and cognitive expectations drive the higher education of the United States to attain information security. The research findings suggest that, through regulatory and social normative pressure, cognitive expectation indirectly promotes information security in higher education. That is, cognitive expectation or stakeholder’s perception of higher education determines information security in higher education by harnessing the coercive force of regulatory pressure and leveraging the pressure of meeting social normative expectation.

 

Paper 3. Privacy Preserving Interest Group Formation in Online Social Networks (OSNs) using Fully Homomorphic Encryption By Mohammed Kaosar and Quazi Mamun

Abstract. In Online Social Networks (OSNs), interest groups are becoming increasingly popular due to the growth of social networking sites and these groups can serve various purposes and interests including political, professional and religious etc. aspects. These interest group formation procedures involve the disclosure of identities and interests of the users which can be considered as the violation of privacy.  So far no significant and effective research has been done to address this issue so that the OSN users could form groups securely. In this paper, we propose a cryptography based privacy preserving solution that will allow users form groups by disclosing neither their identities nor their interests. Even, users within the group will enjoy the privacy preserving communication if they want. We also have shown that, this fully homomorphic encryption based proposed solution is secure against some possible attacks.

 

Book Review. In the Book Review section, the book, “Information Technology Control and Audit”, Fourth Edition by Sandra Senft, Frederick Gallegos, and Aleksandra Davis (CRC Press, ISBN: 978-1-4398-9320-3) is reviewed by Adolfo S. Coronado, Indiana University – Purdue University Fort Wayne. Dr Coronado observes that this book provides a complete review of IT governance, controls, auditing applications, systems development, and operations. The book examines a comprehensive list of topics in IT security and auditing and could be a valuable resource for those preparing for the Certified Information Systems Auditor (CISA) and Certified in the Governance of Enterprise IT (CGEIT) certification exams.

 

 

Faruk Arslan

Department of Accounting and Information Systems | College of Business | The University of Texas at El Paso

Mobile: 00 1 915 227 4889| http://business.utep.edu/faculty/profiles/arslan/ | www.linkedin.com/pub/faruk-arslan/6/1a1/913