The 1st ACM Workshop on
Information Security Governance
November 13, 2009
Hyatt Regency Chicago, Chicago, USA
Held in conjunction with the
16th ACM Conference on Computer and Communications Security (ACM CCS 2009)
Call for Papers
*
Important Dates
*
Accepted Papers
*
Program
*
Student Travel Grant
*
Submission
*
Committee
Program
Location
Room "Wrigley", Bronze Level of West Tower
- 9:00 - 9:05 Welcome and Opening Remarks
- Michiharu Kudo (IBM Research Tokyo, Japan)
- 9:05 - 10:00 Session 1: Keynote Talk (Chair: Michiharu Kudo)
Information Security Governance Framework and Related Works in Japan
Eijiroh Ohki (Kogakuin University, Japan)
Information Secuirty Governance Framework (Short Paper)
Eijiroh Ohki (Kogakuin University, Japan), Yonosuke Harada (InfoCom Research, Inc., Japan), Shuji Kawaguchi (Mitsubishi Research Institute, Inc., Japan), Tetsuo Shiozaki (Fujitsu Limited, Japan) and Tetsuyuki Kagaya (Hitotsubashi University, Japan)
- 10:00 - 10:30 Break
- 10:30 - 12:15 Session 2: Compliance and Governance (Chair: Pau-chen Cheng)
A method of calculating the cost of reducing the risk exposure of non-compliant process instances
Yurdaer Doganata and Francisco Curbera (IBM TJ Watson Research Center, USA)
Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes
Rudolf Schreiner (ObjectSecurity Ltd., UK) and Ulrich Lang (ObjectSecurity, USA)
Strengthening Employee's Responsibility to Enhance Governance of IT - COBIT RACI Chart Case Study
Christophe Feltus (Public Research Centre Henri Tudor, Luxembourg), Michael Petit (FUNDP, University of Namur, Belgium) and Eric Dubois (CRP Henri Tudor, Luxembourg)
GoCoMM: A Governance and Compliance Maturity Model (Short Paper)
Gabriela Gheorghe (Universita degli Studi di Trento, Italy), Fabio Massacci (The University of Trento, Italy), Stephan Neuhaus (Universita degli Studi di Trento, Italy) and Alexander Pretschner (TU Kaiserslautern and Fraunhofer IESE, Germany)
- 12:15 - 13:45 Lunch
- 13:45 - 15:00 Session 3: Security Risk, Policy and Privacy (Chair: Eijiroh Ohki)
Dynamic Security Policy Learning
Yow Tzu Lim (University of York, UK), Pau-chen Cheng, Pankaj Rohatgi (IBM TJ Watson Research, USA) and John A. Clark (University of York, UK)
A XACML-based privacy-centered access control system
Claudio Agostino Ardagna (Universita' degli Studi di Milano, Italy), Sabrina De Capitani di Vimercati (DTI - Universita' degli Studi di Milano, Italy), Stefano Paraboschi (Universita di Bergamo, Italy), Eros Pedrini and Pierangela Samarati (Universita` degli Studi di Milano, Italy)
Security Risk Management using Internal Controls (Short Paper)
Simon Foley (University College Cork, Ireland)
- 15:00 - 15:30 Break
- 15:30 - 16:45 Session 4: Panel (Moderator: Fabio Massacci)
"How to Make Decisions for Security Governance?"
Panelist
Yurdaer Doganata (IBM TJ Watson Research Center, USA)
Eijiroh Ohki (Kogakuin University, Japan)
Ketil Stolen (SINTEF, University of Oslo, Norway)
CALL FOR PAPERS
Information Security Governance is to establish a framework to drive
implementation of effective information security strategies in organizations
involving risk management, reporting, and accountability. Recent changes in
business environment such as outsourcing, global supply chain, and cross
organizational collaborations is forcing users to access and retrieve
business data across organizational boundaries. This is making data
governance in enterprise intractable. In addition, since emerging IT
infrastructure such as cloud computing calls for storing enormous amount of
confidential and sensitive information, it is imperative that these data
must be appropriately handled according to the agreements. Those new
disruptive trends will greatly change the notions of the information
security governance calling for more fine-grained, data-centric, and
risk-adjusted governance models with the innovative implementation
technologies.
We seek to bring together researchers and practitioners who are working
on the problems and the technology of governance for security, risk
management, and the compliance verification. Topics include, but are
not limited to:
- Formal governance models
- Data governance, identity governance and IT governance
- Governance architecture and implementation
- Information provenance, accountability and transparency
- Continuous monitoring and auditing
- Formal audit models
- Maturity models for security governance
- Evidence-based reasoning for governance
- Security risk metrics, quantification and management
- Security incident exchange and evaluation
- Security event monitoring and correlation
- Policy-based compliance verification
- Governance standards
PDF version of CFP is here.
Important Dates
| Paper submissions due: |
July 3, 2009, midnight PDT (originally June 26) |
| Acceptance notifications: |
August 16, 2009 |
| Camera-ready papers due |
August 25, 2009 |
| Workshop on Information Security Governance: |
November 13, 2009 |
Accepted Papers
Full Papers
- Yurdaer Doganata and Francisco Curbera
"A method of calculating the cost of reducing the risk exposure of non-compliant process instances"
- Christophe Feltus, Michael Petit and Eric Dubois
"Strengthening Employee's Responsibility to Enhance Governance of IT -- COBIT RACI Chart Case Study"
- Rudolf Schreiner and Ulrich Lang
"Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes"
- Claudio Agostino Ardagna, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Eros Pedrini and Pierangela Samarati
"A XACML-based privacy-centered access control system"
- Yow Tzu Lim, Pauchen Cheng, Pankaj Rohatgi and John A. Clark
"Dynamic Security Policy Learning"
Short Papers
- Gabriela Gheorghe, Fabio Massacci, Stephan Neuhaus and Alexander Pretschner
"GoCoMM: A Governance and Compliance Maturity Model"
- Eijiroh Ohki, Yonosuke Harada, Shuji Kawaguchi, Tetsuo Shiozaki and Tetsuyuki Kagaya
"Information Security Governance Framework"
- Simon Foley
"Security Risk Management using Internal Controls"
Student Travel Grant
Please refer to the ACM CCS Conference Web site.
Submission instructions
Paper submission site is here. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings.
Submissions should be at most 15 pages excluding the bibliography and well-marked appendices (using single-column, 11-point font, reasonable margins, and page numbers on each page). Committee members are not required to read the appendices; the paper should be intelligible without them. Submissions are not required to be anonymized.
Papers are to be submitted electronically via the online submission system. The document must be in Acrobat PDF format, and must be legible after printing on standard grayscale printers, both those that use A4 and those that use letter paper. Submissions not meeting these guidelines risk rejection without consideration of their merits.
The authors of accepted papers must guarantee that their paper will be presented at the workshop. Accepted papers will be published by the ACM in a conference proceedings.
Program Committee
Program Co-chairs
| Sushil Jajodia |
George Mason University, USA |
| Michiharu Kudo |
IBM Research - Tokyo, Japan |
Program Committee
| Vijay Atluri |
Rutgers University, USA |
| Iliano Cervesato |
Carnegie Mellon University, Qatar, USA |
| Pau-Chen Cheng |
IBM Watson Research, USA |
| Ernesto Damiani |
Universita' degli Studi di Milano, Italy |
| Anupam Datta |
Carnegie Mellon University, USA |
| Kohkichi Futatsugi |
Japan Advanced Institute of Science and Technology, Japan |
| Tomasz Janowski |
United Nations University, Macau, China |
| Fabio Massacci |
University of Trento, Italy |
| Catherine Meadows |
Naval Research Laboratory, USA |
| Eijiroh Ohki |
Urbantech University, Japan |
| Eiji Okamoto |
University of Tsukuba, Japan |
| Pierangela Samarati |
Universita' degli Studi di Milano, Italy |
| Andreas Wespi |
IBM Zurich Research, Switzerland |
| Marianne Winslett |
University of Illinois at Urbana Champaign, USA |
Contact
