The 1st ACM Workshop on
Information Security Governance
November 13, 2009
Hyatt Regency Chicago, Chicago, USA
Held in conjunction with the
16th ACM Conference on Computer and Communications Security (ACM CCS 2009)
Call for Papers
Accepted Papers (New)
Paper submission due is extended!
CALL FOR PAPERS
Information Security Governance is to establish a framework to drive
implementation of effective information security strategies in organizations
involving risk management, reporting, and accountability. Recent changes in
business environment such as outsourcing, global supply chain, and cross
organizational collaborations is forcing users to access and retrieve
business data across organizational boundaries. This is making data
governance in enterprise intractable. In addition, since emerging IT
infrastructure such as cloud computing calls for storing enormous amount of
confidential and sensitive information, it is imperative that these data
must be appropriately handled according to the agreements. Those new
disruptive trends will greatly change the notions of the information
security governance calling for more fine-grained, data-centric, and
risk-adjusted governance models with the innovative implementation
We seek to bring together researchers and practitioners who are working
on the problems and the technology of governance for security, risk
management, and the compliance verification. Topics include, but are
not limited to:
- Formal governance models
- Data governance, identity governance and IT governance
- Governance architecture and implementation
- Information provenance, accountability and transparency
- Continuous monitoring and auditing
- Formal audit models
- Maturity models for security governance
- Evidence-based reasoning for governance
- Security risk metrics, quantification and management
- Security incident exchange and evaluation
- Security event monitoring and correlation
- Policy-based compliance verification
- Governance standards
PDF version of CFP is here.
|Paper submissions due:
||July 3, 2009, midnight PDT (originally June 26)
||August 16, 2009
|Camera-ready papers due
||August 25, 2009
|Workshop on Information Security Governance:
||November 13, 2009
- Yurdaer Doganata and Francisco Curbera
"A method of calculating the cost of reducing the risk exposure of non-compliant process instances"
- Christophe Feltus, Michael Petit and Eric Dubois
"Strengthening Employee's Responsibility to Enhance Governance of IT -- COBIT RACI Chart Case Study"
- Rudolf Schreiner and Ulrich Lang
"Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes"
- Claudio Agostino Ardagna, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Eros Pedrini and Pierangela Samarati
"A XACML-based privacy-centered access control system"
- Yow Tzu Lim, Pauchen Cheng, Pankaj Rohatgi and John A. Clark
"Dynamic Security Policy Learning"
- Gabriela Gheorghe, Fabio Massacci, Stephan Neuhaus and Alexander Pretschner
"GoCoMM: A Governance and Compliance Maturity Model"
- Eijiroh Ohki, Yonosuke Harada, Shuji Kawaguchi, Tetsuo Shiozaki and Tetsuyuki Kagaya
"Information Security Governance Framework"
- Simon Foley
"Security Risk Management using Internal Controls"
Paper submission site is here. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings.
Submissions should be at most 15 pages excluding the bibliography and well-marked appendices (using single-column, 11-point font, reasonable margins, and page numbers on each page). Committee members are not required to read the appendices; the paper should be intelligible without them. Submissions are not required to be anonymized.
Papers are to be submitted electronically via the online submission system. The document must be in Acrobat PDF format, and must be legible after printing on standard grayscale printers, both those that use A4 and those that use letter paper. Submissions not meeting these guidelines risk rejection without consideration of their merits.
The authors of accepted papers must guarantee that their paper will be presented at the workshop. Accepted papers will be published by the ACM in a conference proceedings.
||George Mason University, USA
||IBM Tokyo Research, Japan
||Rutgers University, USA
||Carnegie Mellon University, Qatar, USA
||IBM Watson Research, USA
||Universita' degli Studi di Milano, Italy
||Carnegie Mellon University, USA
||Japan Advanced Institute of Science and Technology, Japan
||United Nations University, Macau, China
||University of Trento, Italy
||Naval Research Laboratory, USA
||Urbantech University, Japan
||University of Tsukuba, Japan
||Universita' degli Studi di Milano, Italy
||IBM Zurich Research, Switzerland
||University of Illinois at Urbana Champaign, USA