ACM SIGCHI General Interest Announcements (Mailing List)


Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
"ACM SIGCHI General Interest Announcements (Mailing List)" <[log in to unmask]>
Tue, 28 May 2013 15:54:19 -0400
Larry Koved <[log in to unmask]>
text/plain; charset="US-ASCII"
Larry Koved <[log in to unmask]>
text/plain (104 lines)
Brief position statements are due this Thursday, May 30, 2013.

Workshop on Risk Perception in IT Security and Privacy

A workshop of the Symposium On Usable Privacy and Security (SOUPS)

For full details, please see:

This workshop is an opportunity to bring together researchers and 
practitioners to share experiences, concerns and ideas about how to 
address the gap between user perception of IT risks and security / 
organizational requirements for security and privacy.

Important Dates:
Submission Deadline:
May 30, 2013, 5pm PDT
Notification Deadline:
June 10, 2013 5pm PDT
Papers are NOT to be anonymized
1-2 page position statements

Willingness to perform actions for security purposes is strongly 
determined by the costs and perceived benefit to the individual. When 
end-users' perceptions of risk are not aligned with organization or 
system, there is a mismatch in perceived benefit, leading to poor user 
acceptance of the technology.
For example, organizations face complex decisions when pushing valuable 
information across the network to mobile devices, web clients, automobiles 
and other embedded systems. This may impose burdensome security decisions 
on employees and clients due to the risks of devices being lost or stolen, 
shoulder surfing, eavesdropping, etc. Effective risk communication can 
provide a shared understanding of the need for, and benefits of secure 
approaches and practices.
While risk perception has been studied in non-IT contexts, how well people 
perceive and react to IT risk is less well understood. How systems measure 
IT risk, how it is best communicated to users, and how to best align these 
often misaligned perspectives is poorly understood. Risk taking decisions 
(policies) are increasingly being pushed out to users who are frequently 
ill prepared to make complex technical security decisions based on limited 
information about the consequences of their actions.
In other risk domains we know that non-experts think and respond to risk 
very differently than experts. Non-experts often rely on affect, and may 
be unduly influenced by the perceived degree of damage that will be 
caused. Experts, and risk evaluation systems, use statistical reasoning to 
assess risk.
The purpose of this workshop is to bring together researchers and 
practitioners to share experiences, concerns and ideas about how to 
address the gap between user perception of IT risks and security / 
organizational requirements for security and privacy. Topics of interest 
Human decision and different attack types: Malware, eavesdropping, 
inadvertent loss / disclosure of information, phishing, browser attacks, 
Research methods and metrics for assessing perception of risk
Assessing value of assets and resources at risk
Communicating and portrayal of risk - security indicators, status 
indicators, etc.
Organizational versus personal risk
The psychology of risk perception
Behavioral aspects of risk perception
Real versus perceived risk
Other topics related to measuring IT risk and/or user perception of IT 
The goal of this workshop is to explore these and related topics across 
the broad range of IT security contexts, including enterprise system, 
personal systems, and especially mobile and embedded systems. This 
workshop provides an informal and interdisciplinary setting that includes 
the intersection of security, psychological, and behavioral science. 
Everyone who attends the workshop participates. Panel discussions will be 
organized around topics of interest where the workshop participants will 
be given an opportunity to give brief presentations, which may include 
current or prior work in this area, as well as pose challenges in IT 
security and privacy risk perception.
We are soliciting 1-2 page position statements that express the nature of 
your interest in the workshop, the aspects of risk perception of interest 
to you including the topic(s) that you would like to discuss during the 
workshop, including the panel discussions. 
Email inquiries may be sent to to: [log in to unmask]
Paper submission deadline - May 30, 2013, 5pm PDT 
Notification of paper acceptance - June 10, 2013 5pm PDT
Larry Koved, IBM T. J. Watson Research Center 
L Jean Camp, Indiana University 

    For news of CHI books, courses & software, join CHI-RESOURCES
     mailto: [log in to unmask]

    To unsubscribe from CHI-ANNOUNCEMENTS send an email to
     mailto:[log in to unmask]

    For further details of CHI lists see