Cybersecurity remains a key challenge for organizations despite massive investments over the last two decades. While technological advancements have been made to improve cybersecurity, human vulnerabilities have become the weakest link in security. High profile events such as defections, espionage, and massive data breaches have led the public to question their own expectations of privacy. While there is an abundance of practices and techniques for employing cybersecurity, many hard problems remain unanswered. The purpose of this track is to provide a forum for theoretical developments, empirical research findings, case studies, methodologies, artifacts, and other high-quality manuscripts. Sponsored by SIGSEC, we seek to address important questions arising from emerging developments in information security, such as: security analytics, financial crimes, security analytics, and digital forensics? How do system defenders share information to mitigate vulnerabilities and exploits? Does pervasive data collection deter privacy-conscious individuals? Do regulations and policies influence employee security behaviors and organizational security postures?
Schedule

A Culture of Cybersecurity at Banca Popolare di Sondrio

Angelica Marotta, Massachusetts Institute of Technology
Keri Pearlson, Massachusetts Institute of Technology

A Dynamic Cyber-Based View of the Firm

Tamara Schwartz, York College of Pennsylvania
David Schuff, Temple University
Matt Wray, Temple University

“Appropriate Technical and Organizational Measures”: Identifying Privacy Engineering Approaches to Meet GDPR Requirements

Dominik Huth, Technical University of Munich
Florian Matthes, Technical University of Munich

Compliance with Information Security Policies: A Meta-Analysis of the role of the definition of the term “Security Policies”

David Sikolia, Mississippi State University

Cyber-physical Systems and Industrial IoT Cybersecurity: Issues and Solutions

J.P. Shim, Georgia State University

Cybersecurity: Current State of Governance Literature

Aurelia Mandani, University of Colorado Denver
Ronald Ramirez, University of Colorado Denver

Data Breach Risks and Resolutions: A Literature Synthesis

Freeha S. Khan, Georgia State University
Jung Hwan Kim, Queens University of Charlotte
Robin L. Moore, Georgia State University
Lars Mathiassen, Georgia State University

Defining cloud identity security and privacy issues: A Delphi method

Brian Cusack, AUT University
Eghbal Ghazizadeh, AUT

Do legal systems affect the organizational consequences of IT innovation?

Katia Guerra, University of North Texas
Chang Koh, University of North Texas

Eating the Forbidden Fruit: Human Curiosity Entices Data Breaches

Dustin Ormond, Creighton University
Hwee-Joo Kam, University of Tampa
Philip Menard, University of South Alabama

Effect of Dynamic Text on Habituation to Polymorphic Warnings

Pranith Abbaraju, Texas Tech University
Kevin Harmon, Texas Tech University
Jaeki Song, Texas Tech University

Effects of Evidence-Based Malware Cybersecurity Training on Employees

Wu He, Old Dominion University
Mohd Anwar, North Carolina A&T State University
Ivan Ash, Old Dominion University
Ling Li, Old Dominion University
Xiaohong Yuan, North Carolina A&T State University
Li Xu, Old Dominion University
Xin Tian, Kennesaw State University

Employee Acceptance of Employer Control Over Personal Devices

Kevin R. Callies, Dakota State University
Cherie Bakker Noteboom, Dakota State University
Daniel Talley, Dakota State University
Yong Wang, Dakota State University

Examining the influence of Government Cybersecurity Efforts on E-Services Use

Victoria Kisekka, University at Albany
Mohamed Abdelhamid, California State University Long Beach

Fostering Information Security Compliance: Comparing the Predictive Power of Social Learning Theory and Deterrence Theory

Tim-Benjamin Lembcke, Chair of Information Management
Kristin Masuch, University of Goettingen
Simon Trang, University of Göttingen
Sebastian Hengstler, Chair of Information Security and Compliance
Patience Plics, Chair of Information Security and Compliance
Mustafa Pamuk, Chair of Information Management

How much is your private information? Does Privacy Calculus Matter?

Bao Duong, Louisiana Tech University
Sung Simon Jin, Metropolitan State University
Jaeung Lee, Louisiana Tech University

How to Understand the Role of Trusted Third Party in the Process of Establishing Trust for E-Commerce?

Cong Cao, University of Wollongong
Jun Yan, University of Wollongong
Meng Xiang Li, Hong Kong Baptist University

Impact of Framing and Base Size of Computer Security Risk Information

Xinhui Zhan, Missouri University of Science and Technology, Rolla MO, USA
Fiona Nah, Missouri U of Science and Technology
Keng Siau, Missouri University of Science and Technology
Richard Hall, Missouri University of Science and Technology
Maggie Cheng, Illinois Institute of Technology

Important Issues for Preventing Cyberstalking in India

Kane J. Smith, University of North Carolina at Greensboro
Gurpreet Dhillon, IS and Supply Chain Management
Ella Kolkowska, Informatics

Information Security in Non-Corporate Cloud Services: The Challenge of Engaging Consumers in Security Behavior Change

Patricia Akello, University of Texas at San Antonio
Oluwafemi Akanfe, University of Texas

“Information Security Is Not Really My Job”: Increasing Information Security Role Identity Salience in End-users

Obi Ogbanufe, Oklahoma State University

Investigating Employee Engagement in Nonmalicious, End-user Computing and Information Security Deviant Behavior

Princely Ifinedo, Brock University

Location Based Services and the Health Belief Model Based Investigation of Student Intentions and Behaviors

Gregory Schymik, Grand Valley State University
Jie Du, Grand Valley State University
Andrew Kalafut, Grand Valley State University

Privacy Control Patterns for Compliant Application of GDPR

Daniel Rösch, Hochschule Pforzheim
Thomas Schuster, Hochschule Pforzheim
Lukas Waidelich, Hochschule Pforzheim
Sascha Alpers, Forschungszentrum Informatik

Privacy Everywhere: a mechanism for decision making and privacy assurance in IoT environments

Leandro Prado de Andrade, Federal University of São Carlos
Sergio Donizetti Zorzo, Federal University of São Carlos

Progressing from the SOC to the EOC

Nathan Pike, Cal Poly Pomona
Ronald Pike, Cal Poly Pomona

Reporting Information Security Policy Violations – An Exploratory Study

Tianjie Deng, University of Denver
Hyung Koo Lee, HEC Montreal
Sumantra Sarkar, SUNY - BInghamton

The Internet of Things: The Effects of Security Attitudes and Knowledge on Security Practices

Zach Singer, Texas Christian University
Beata M. Jones, Texas Christian University

Think and Act Positively: A Motivational Organizational Citizenship Behavior Approach Towards Information Security Policy Compliance

Joseph Manga, University of Texas Rio Grande Valley
Nan Xiao, University of Texas Rio Grande Valley
Emmanuel W. Ayaburi, University of Texas, Rio Grande Valley

Understanding HIPAA Compliance Practice in Healthcare Organizations in a Cultural Context

OSBORNE OBENG, Nova Southeastern University
Souren Paul, Nova Southeastern University

Unlocking the Mixed Results of the Effect of Self-Efficacy in Information Security on Compliance.

Dinesh Reddy, Texas A&M University
Glenn Dietrich, The University of Texas at San Antonio

Users’ Preferences Concerning Privacy Properties of Assistant Systems on the Internet of Things

Jan Zibuschka, Robert Bosch GmbH
Michael Nofer, HIVE Financials
Christian Zimmermann, Robert Bosch GmbH
Oliver Hinz, Goethe University Frankfurt

When Do Users Begin to Worry About Privacy?

Kevin Kim, University of North Texas
Sarbottam Bhagat, University of North Texas
Katia Guerra, University of North Texas

Why do I get phished? The role of persuasion, design authenticity and contextualization

Baidyanath Biswas, International Management Institute
Arunabha Mukhopadhyay, Indian Institute of Management Lucknow