The 1st ACM Workshop on
Information Security Governance


November 13, 2009
Hyatt Regency Chicago, Chicago, USA

Held in conjunction with the
16th ACM Conference on Computer and Communications Security (ACM CCS 2009)



Call for Papers * Important Dates * Accepted Papers * Program * Student Travel Grant * Submission * Committee



Program

Location
Room "Wrigley", Bronze Level of West Tower
9:00 - 9:05 Welcome and Opening Remarks
Michiharu Kudo (IBM Research Tokyo, Japan)

9:05 - 10:00 Session 1: Keynote Talk (Chair: Michiharu Kudo)

Information Security Governance Framework and Related Works in Japan
Eijiroh Ohki (Kogakuin University, Japan)

Information Secuirty Governance Framework (Short Paper)
Eijiroh Ohki (Kogakuin University, Japan), Yonosuke Harada (InfoCom Research, Inc., Japan), Shuji Kawaguchi (Mitsubishi Research Institute, Inc., Japan), Tetsuo Shiozaki (Fujitsu Limited, Japan) and Tetsuyuki Kagaya (Hitotsubashi University, Japan)

10:00 - 10:30 Break

10:30 - 12:15 Session 2: Compliance and Governance (Chair: Pau-chen Cheng)

A method of calculating the cost of reducing the risk exposure of non-compliant process instances
Yurdaer Doganata and Francisco Curbera (IBM TJ Watson Research Center, USA)

Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes
Rudolf Schreiner (ObjectSecurity Ltd., UK) and Ulrich Lang (ObjectSecurity, USA)

Strengthening Employee's Responsibility to Enhance Governance of IT - COBIT RACI Chart Case Study
Christophe Feltus (Public Research Centre Henri Tudor, Luxembourg), Michael Petit (FUNDP, University of Namur, Belgium) and Eric Dubois (CRP Henri Tudor, Luxembourg)

GoCoMM: A Governance and Compliance Maturity Model (Short Paper)
Gabriela Gheorghe (Universita degli Studi di Trento, Italy), Fabio Massacci (The University of Trento, Italy), Stephan Neuhaus (Universita degli Studi di Trento, Italy) and Alexander Pretschner (TU Kaiserslautern and Fraunhofer IESE, Germany)

12:15 - 13:45 Lunch

13:45 - 15:00 Session 3: Security Risk, Policy and Privacy (Chair: Eijiroh Ohki)

Dynamic Security Policy Learning
Yow Tzu Lim (University of York, UK), Pau-chen Cheng, Pankaj Rohatgi (IBM TJ Watson Research, USA) and John A. Clark (University of York, UK)

A XACML-based privacy-centered access control system
Claudio Agostino Ardagna (Universita' degli Studi di Milano, Italy), Sabrina De Capitani di Vimercati (DTI - Universita' degli Studi di Milano, Italy), Stefano Paraboschi (Universita di Bergamo, Italy), Eros Pedrini and Pierangela Samarati (Universita` degli Studi di Milano, Italy)

Security Risk Management using Internal Controls (Short Paper)
Simon Foley (University College Cork, Ireland)

15:00 - 15:30 Break

15:30 - 16:45 Session 4: Panel (Moderator: Fabio Massacci)

"How to Make Decisions for Security Governance?"

Panelist
Yurdaer Doganata (IBM TJ Watson Research Center, USA)
Eijiroh Ohki (Kogakuin University, Japan)
Ketil Stolen (SINTEF, University of Oslo, Norway)

CALL FOR PAPERS

Information Security Governance is to establish a framework to drive implementation of effective information security strategies in organizations involving risk management, reporting, and accountability. Recent changes in business environment such as outsourcing, global supply chain, and cross organizational collaborations is forcing users to access and retrieve business data across organizational boundaries. This is making data governance in enterprise intractable. In addition, since emerging IT infrastructure such as cloud computing calls for storing enormous amount of confidential and sensitive information, it is imperative that these data must be appropriately handled according to the agreements. Those new disruptive trends will greatly change the notions of the information security governance calling for more fine-grained, data-centric, and risk-adjusted governance models with the innovative implementation technologies.

We seek to bring together researchers and practitioners who are working on the problems and the technology of governance for security, risk management, and the compliance verification. Topics include, but are not limited to:

PDF version of CFP is here.

Important Dates

Paper submissions due: July 3, 2009, midnight PDT (originally June 26)
Acceptance notifications: August 16, 2009
Camera-ready papers due August 25, 2009
Workshop on Information Security Governance: November 13, 2009

Accepted Papers

Full Papers

Short Papers

Student Travel Grant

Please refer to the ACM CCS Conference Web site.

Submission instructions

Paper submission site is here. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Submissions should be at most 15 pages excluding the bibliography and well-marked appendices (using single-column, 11-point font, reasonable margins, and page numbers on each page). Committee members are not required to read the appendices; the paper should be intelligible without them. Submissions are not required to be anonymized. Papers are to be submitted electronically via the online submission system. The document must be in Acrobat PDF format, and must be legible after printing on standard grayscale printers, both those that use A4 and those that use letter paper. Submissions not meeting these guidelines risk rejection without consideration of their merits. The authors of accepted papers must guarantee that their paper will be presented at the workshop. Accepted papers will be published by the ACM in a conference proceedings.

Program Committee

Program Co-chairs

Sushil Jajodia George Mason University, USA
Michiharu Kudo IBM Research - Tokyo, Japan

Program Committee

Vijay Atluri Rutgers University, USA
Iliano Cervesato Carnegie Mellon University, Qatar, USA
Pau-Chen Cheng IBM Watson Research, USA
Ernesto Damiani Universita' degli Studi di Milano, Italy
Anupam Datta Carnegie Mellon University, USA
Kohkichi Futatsugi Japan Advanced Institute of Science and Technology, Japan
Tomasz Janowski United Nations University, Macau, China
Fabio Massacci University of Trento, Italy
Catherine Meadows Naval Research Laboratory, USA
Eijiroh Ohki Urbantech University, Japan
Eiji Okamoto University of Tsukuba, Japan
Pierangela Samarati Universita' degli Studi di Milano, Italy
Andreas Wespi IBM Zurich Research, Switzerland
Marianne Winslett University of Illinois at Urbana Champaign, USA

Contact

WISG Web-Site http://ait.gmu.edu/~csis/wisg2009/
WISG E-Mail
ACM CCS 2009 Web-Site http://www.sigsac.org/ccs/CCS2009/