-------- Original Message -------- Subject: [AISWorld] CFP: AMCIS 2011 Mini-Track on Design Considerations for IT Security and Privacy Management Date: Wed, 22 Dec 2010 18:12:03 -0500 From: John D'Arcy jdarcy1@nd.edu To: aisworld@lists.aisnet.org aisworld@lists.aisnet.org

Call for Papers 17th Americas Conference on Information Systems August 4-7, 2011, Detroit, MI, USA

Track: HUMAN COMPUTER INTERACTION Mini Track Title: DESIGN CONSIDERATIONS FOR IT SECURITY AND PRIVACY MANAGEMENT

DESCRIPTION: The importance of security and privacy management has increased as witnessed by the increasing number of security and privacy breach incidents that organizations have encountered within the last few years. For instance, the website privacyrights.org details nearly two thousand data breaches made public since 2005 that have compromised over a half million personal records. Security and privacy management is especially challenging in that users vary widely in level of motivation, knowledge, and perceptions of threat severity. The decentralized computing environment in which end users exercise some degree of autonomous control over IT resources further complicates security management efforts. To address these complex issues, we solicit research papers on the design and usability of tools and technologies employed for all types of IT security management tasks, including those utilized by both end users and IT administrators.

A fully functional IT environment requires a consolidated and convincing set of privacy and security safeguards in place at various levels: system, user, organizational, and sector. Therefore, design-based research efforts are expected to bring system requirement, user controllable privacy and security, organizational compliance, and legal requirements into better alignment. This minitrack provides a forum for focused discussion and exchange on design considerations for IT security and privacy management. We welcome research papers that explore interesting questions related to the design and usability aspects of IS security and privacy, such as:

·How should organizations design and implement tools and procedures that help IT professionals, business leaders, and policy makers bring system requirements, business strategies, and policies into better alignment?

·How should firms design and implement tools and practices for detection, reporting, investigation of, and recovery from security incidents?

·What is unique about privacy and security management and why should the AIS-SIGHCI community care?

We refer potential authors to papers in recent MIS Quarterly and European Journal of Information Systems special issues on information security (e.g., Abbasi et al. 2010; Zhang et al. 2009) and the IFIP Working Group 8.11/11.13 Dewald Roode Information Security Workshop proceedings for potential ideas. However, the range of acceptable topics and methodological approaches is by no means limited to these studies.

*POTENTIAL TOPICS: Example topics of interest include, but are not limited to, the following:*

**

·Design and usability evaluations of privacy and security enhancing features

·User mental models and behavioral dynamics

·Tools or applications that support security and privacy assurance

·Designs to improve IS security and IT policy compliance

·User interface design for security tools

·Deployment, integration, modification, and maintenance of organizational security solutions

·Design of organizational security controls and procedures

·Information visualization for security analysis

·Integration of security tools with organizational security policies and procedures

·Design of user security and privacy awareness and training modules

REFERENCES: Abbasi, A., Zhang, Z., Zimbra, D., and Chen, H. (2010). Detecting Fake Websites: The Contribution of Statistical Learning Theory. MIS Quarterly 34(3), pp. 435-461.

Zhang, J., Luo, X., Akkaladevi, S., and Ziegelmayer, J. (2009). Improving Multiple-Password Recall: An Empirical Study. European Journal of Information Systems 18(2), pp. 165-176.

SUBMISSION SITE: http://mc.manuscriptcentral.com/amcis2011

IMPORTANT DATES: Deadline for paper submissions: February 17, 2011 Notification of Acceptance: March 24, 2011 Final Copy Due: April 21, 2011

CHAIRS CONTACT INFORMATION: Heng Xu Assistant Professor College of Information Sciences and Technology The Pennsylvania State University Phone: (814) 867-0469 Email: hxu@ist.psu.edu

John D’Arcy Assistant Professor

Department of Management

Mendoza College of Business University of Notre Dame Phone: (574) 631-1735 Email: jdarcy1@nd.edu