Home page logo
/

securecoding logo Secure Coding mailing list archives

CFP: Workshop on Risk Perception in IT Security and Privacy at SOUPS
From: Larry Koved <koved () us ibm com>
Date: Mon, 20 May 2013 09:44:39 -0400

Short position statements due next Thursday, May 30


Workshop on Risk Perception in IT Security and Privacy

A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/

For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html

This workshop is an opportunity to bring together researchers and 
practitioners to share experiences, concerns and ideas about how to 
address the gap between user perception of IT risks and security / 
organizational requirements for security and privacy.

Important Dates:
Submission Deadline:
May 30, 2013, 5pm PDT
Notification Deadline:
June 10, 2013 5pm PDT
Anonymization:
Papers are NOT to be anonymized
Length:
1-2 page position statements



SCOPE AND FOCUS
Willingness to perform actions for security purposes is strongly 
determined by the costs and perceived benefit to the individual. When 
end-users' perceptions of risk are not aligned with organization or 
system, there is a mismatch in perceived benefit, leading to poor user 
acceptance of the technology.
For example, organizations face complex decisions when pushing valuable 
information across the network to mobile devices, web clients, automobiles 
and other embedded systems. This may impose burdensome security decisions 
on employees and clients due to the risks of devices being lost or stolen, 
shoulder surfing, eavesdropping, etc. Effective risk communication can 
provide a shared understanding of the need for, and benefits of secure 
approaches and practices.
While risk perception has been studied in non-IT contexts, how well people 
perceive and react to IT risk is less well understood. How systems measure 
IT risk, how it is best communicated to users, and how to best align these 
often misaligned perspectives is poorly understood. Risk taking decisions 
(policies) are increasingly being pushed out to users who are frequently 
ill prepared to make complex technical security decisions based on limited 
information about the consequences of their actions.
In other risk domains we know that non-experts think and respond to risk 
very differently than experts. Non-experts often rely on affect, and may 
be unduly influenced by the perceived degree of damage that will be 
caused. Experts, and risk evaluation systems, use statistical reasoning to 
assess risk.
The purpose of this workshop is to bring together researchers and 
practitioners to share experiences, concerns and ideas about how to 
address the gap between user perception of IT risks and security / 
organizational requirements for security and privacy. Topics of interest 
include:
Human decision and different attack types: Malware, eavesdropping, 
inadvertent loss / disclosure of information, phishing, browser attacks, 
etc.
Research methods and metrics for assessing perception of risk
Assessing value of assets and resources at risk
Communicating and portrayal of risk - security indicators, status 
indicators, etc.
Organizational versus personal risk
The psychology of risk perception
Behavioral aspects of risk perception
Real versus perceived risk
Other topics related to measuring IT risk and/or user perception of IT 
risk
The goal of this workshop is to explore these and related topics across 
the broad range of IT security contexts, including enterprise system, 
personal systems, and especially mobile and embedded systems. This 
workshop provides an informal and interdisciplinary setting that includes 
the intersection of security, psychological, and behavioral science. 
Everyone who attends the workshop participates. Panel discussions will be 
organized around topics of interest where the workshop participants will 
be given an opportunity to give brief presentations, which may include 
current or prior work in this area, as well as pose challenges in IT 
security and privacy risk perception.
SUBMISSIONS
We are soliciting 1-2 page position statements that express the nature of 
your interest in the workshop, the aspects of risk perception of interest 
to you including the topic(s) that you would like to discuss during the 
workshop, including the panel discussions. 
Email inquiries may be sent to to: RiskPerception2013 () gmail com 
IMPORTANT DATES
Paper submission deadline - May 30, 2013, 5pm PDT 
Notification of paper acceptance - June 10, 2013 5pm PDT
ORGANIZERS
Larry Koved, IBM T. J. Watson Research Center 
L Jean Camp, Indiana University 
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

  By Date           By Thread  

Current thread:
  • CFP: Workshop on Risk Perception in IT Security and Privacy at SOUPS Larry Koved (May 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]