Workshop on Risk Perception in IT Security and Privacy
A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/
For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html
This workshop is an opportunity to bring together researchers and
practitioners to share experiences, concerns and ideas about how to
address the gap between user perception of IT risks and security /
organizational requirements for security and privacy.
Important Dates:
Submission Deadline:
May 30, 2013, 5pm PDT
Notification Deadline:
June 10, 2013 5pm PDT
Anonymization:
Papers are NOT to be anonymized
Length:
1-2 page position statements
SCOPE AND FOCUS
Willingness to perform actions for security purposes is strongly
determined by the costs and perceived benefit to the individual. When
end-users' perceptions of risk are not aligned with organization or
system, there is a mismatch in perceived benefit, leading to poor user
acceptance of the technology.
For example, organizations face complex decisions when pushing valuable
information across the network to mobile devices, web clients, automobiles
and other embedded systems. This may impose burdensome security decisions
on employees and clients due to the risks of devices being lost or stolen,
shoulder surfing, eavesdropping, etc. Effective risk communication can
provide a shared understanding of the need for, and benefits of secure
approaches and practices.
While risk perception has been studied in non-IT contexts, how well people
perceive and react to IT risk is less well understood. How systems measure
IT risk, how it is best communicated to users, and how to best align these
often misaligned perspectives is poorly understood. Risk taking decisions
(policies) are increasingly being pushed out to users who are frequently
ill prepared to make complex technical security decisions based on limited
information about the consequences of their actions.
In other risk domains we know that non-experts think and respond to risk
very differently than experts. Non-experts often rely on affect, and may
be unduly influenced by the perceived degree of damage that will be
caused. Experts, and risk evaluation systems, use statistical reasoning to
assess risk.
The purpose of this workshop is to bring together researchers and
practitioners to share experiences, concerns and ideas about how to
address the gap between user perception of IT risks and security /
organizational requirements for security and privacy. Topics of interest
include:
Human decision and different attack types: Malware, eavesdropping,
inadvertent loss / disclosure of information, phishing, browser attacks,
etc.
Research methods and metrics for assessing perception of risk
Assessing value of assets and resources at risk
Communicating and portrayal of risk - security indicators, status
indicators, etc.
Organizational versus personal risk
The psychology of risk perception
Behavioral aspects of risk perception
Real versus perceived risk
Other topics related to measuring IT risk and/or user perception of IT
risk
The goal of this workshop is to explore these and related topics across
the broad range of IT security contexts, including enterprise system,
personal systems, and especially mobile and embedded systems. This
workshop provides an informal and interdisciplinary setting that includes
the intersection of security, psychological, and behavioral science.
Everyone who attends the workshop participates. Panel discussions will be
organized around topics of interest where the workshop participants will
be given an opportunity to give brief presentations, which may include
current or prior work in this area, as well as pose challenges in IT
security and privacy risk perception.
SUBMISSIONS
We are soliciting 1-2 page position statements that express the nature of
your interest in the workshop, the aspects of risk perception of interest
to you including the topic(s) that you would like to discuss during the
workshop, including the panel discussions.
Email inquiries may be sent to to: [log in to unmask]
IMPORTANT DATES
Paper submission deadline - May 30, 2013, 5pm PDT
Notification of paper acceptance - June 10, 2013 5pm PDT
ORGANIZERS
Larry Koved, IBM T. J. Watson Research Center
L Jean Camp, Indiana University
---------------------------------------------------------------
For news of CHI books, courses & software, join CHI-RESOURCES
mailto: [log in to unmask]
To unsubscribe from CHI-ANNOUNCEMENTS send an email to
mailto:[log in to unmask]
For further details of CHI lists see http://listserv.acm.org
---------------------------------------------------------------
|