The 1st ACM Workshop on
Information Security Governance
November 13, 2009
Hyatt Regency Chicago, Chicago, USA
Held in conjunction with the
16th ACM Conference on Computer and Communications Security (ACM CCS 2009)
Call for Papers
*
Important Dates
*
Accepted Papers (New)
*
Program
*
Submission
*
Committee
Paper submission due is extended!
CALL FOR PAPERS
Information Security Governance is to establish a framework to drive
implementation of effective information security strategies in organizations
involving risk management, reporting, and accountability. Recent changes in
business environment such as outsourcing, global supply chain, and cross
organizational collaborations is forcing users to access and retrieve
business data across organizational boundaries. This is making data
governance in enterprise intractable. In addition, since emerging IT
infrastructure such as cloud computing calls for storing enormous amount of
confidential and sensitive information, it is imperative that these data
must be appropriately handled according to the agreements. Those new
disruptive trends will greatly change the notions of the information
security governance calling for more fine-grained, data-centric, and
risk-adjusted governance models with the innovative implementation
technologies.
We seek to bring together researchers and practitioners who are working
on the problems and the technology of governance for security, risk
management, and the compliance verification. Topics include, but are
not limited to:
- Formal governance models
- Data governance, identity governance and IT governance
- Governance architecture and implementation
- Information provenance, accountability and transparency
- Continuous monitoring and auditing
- Formal audit models
- Maturity models for security governance
- Evidence-based reasoning for governance
- Security risk metrics, quantification and management
- Security incident exchange and evaluation
- Security event monitoring and correlation
- Policy-based compliance verification
- Governance standards
PDF version of CFP is here.
Important Dates
| Paper submissions due: |
July 3, 2009, midnight PDT (originally June 26) |
| Acceptance notifications: |
August 16, 2009 |
| Camera-ready papers due |
August 25, 2009 |
| Workshop on Information Security Governance: |
November 13, 2009 |
Accepted Papers
Full Papers
- Yurdaer Doganata and Francisco Curbera
"A method of calculating the cost of reducing the risk exposure of non-compliant process instances"
- Christophe Feltus, Michael Petit and Eric Dubois
"Strengthening Employee's Responsibility to Enhance Governance of IT -- COBIT RACI Chart Case Study"
- Rudolf Schreiner and Ulrich Lang
"Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes"
- Claudio Agostino Ardagna, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Eros Pedrini and Pierangela Samarati
"A XACML-based privacy-centered access control system"
- Yow Tzu Lim, Pauchen Cheng, Pankaj Rohatgi and John A. Clark
"Dynamic Security Policy Learning"
Short Papers
- Gabriela Gheorghe, Fabio Massacci, Stephan Neuhaus and Alexander Pretschner
"GoCoMM: A Governance and Compliance Maturity Model"
- Eijiroh Ohki, Yonosuke Harada, Shuji Kawaguchi, Tetsuo Shiozaki and Tetsuyuki Kagaya
"Information Security Governance Framework"
- Simon Foley
"Security Risk Management using Internal Controls"
Program
TBD.
Submission instructions
Paper submission site is here. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings.
Submissions should be at most 15 pages excluding the bibliography and well-marked appendices (using single-column, 11-point font, reasonable margins, and page numbers on each page). Committee members are not required to read the appendices; the paper should be intelligible without them. Submissions are not required to be anonymized.
Papers are to be submitted electronically via the online submission system. The document must be in Acrobat PDF format, and must be legible after printing on standard grayscale printers, both those that use A4 and those that use letter paper. Submissions not meeting these guidelines risk rejection without consideration of their merits.
The authors of accepted papers must guarantee that their paper will be presented at the workshop. Accepted papers will be published by the ACM in a conference proceedings.
Program Committee
Program Co-chairs
| Sushil Jajodia |
George Mason University, USA |
| Michiharu Kudo |
IBM Tokyo Research, Japan |
Program Committee
| Vijay Atluri |
Rutgers University, USA |
| Iliano Cervesato |
Carnegie Mellon University, Qatar, USA |
| Pau-Chen Cheng |
IBM Watson Research, USA |
| Ernesto Damiani |
Universita' degli Studi di Milano, Italy |
| Anupam Datta |
Carnegie Mellon University, USA |
| Kohkichi Futatsugi |
Japan Advanced Institute of Science and Technology, Japan |
| Tomasz Janowski |
United Nations University, Macau, China |
| Fabio Massacci |
University of Trento, Italy |
| Catherine Meadows |
Naval Research Laboratory, USA |
| Eijiroh Ohki |
Urbantech University, Japan |
| Eiji Okamoto |
University of Tsukuba, Japan |
| Pierangela Samarati |
Universita' degli Studi di Milano, Italy |
| Andreas Wespi |
IBM Zurich Research, Switzerland |
| Marianne Winslett |
University of Illinois at Urbana Champaign, USA |
Contact
