HAISA 2012 - Sixth International Symposium on Human Aspects of Information Security & Assurance

It is commonly acknowledged that security requirements cannot be addressed by technical means alone, and that a significant aspect of protection comes down to the attitudes, awareness, behaviour and capabilities of the people involved. Indeed, people can potentially represent a key asset in achieving security, but at present, factors such as lack of awareness and understanding, combined with unreasonable demands from security technologies, can dramatically impede their ability to do so. Ensuring appropriate attention and support for the needs of users should therefore be seen as a vital element of a successful security strategy.

People at all levels (i.e. from organisations to domestic environments; from system administrators to end-users) need to understand security concepts, how the issues may apply to them, and how to use the available technology to protect their systems. In addition, the technology itself can make a contribution by reducing the demands upon users, simplifying protection measures, and automating a variety of safeguards.

With the above in mind, this symposium specifically addresses information security issues that relate to people. It concerns the methods that inform and guide users' understanding of security, and the technologies that can benefit and support them in achieving protection.

Themes

The symposium welcomes papers addressing research and case studies in relation to any aspect of information security that pertains to the attitudes, perceptions and behaviour of people, and how human characteristics or technologies may be positively modified to improve the level of protection. Indicative themes include:

Information security culture
Awareness and education methods
Enhancing risk perception
Public understanding of security
Usable security
Psychological models of security software usage
User acceptance of security policies and technologies
User-friendly authentication methods
Biometric technologies and impacts
Automating security functionality
Non-intrusive security
Assisting security administration
Impacts of standards, policies, compliance requirements
Organizational governance for information assurance
Simplifying risk and threat assessment
Understanding motivations for misuse
Social engineering and other human-related risks
Privacy attitudes and practices
Computer ethics and security

Paper Submission, review and publication

Authors are invited to submit full papers, not exceeding ten pages (including all figures, tables and references) by 13 February 2012. A comprehensive set of instructions for preparing camera ready papers can be found here, an example paper (annotated with style names) is available here and the Word format template is also available. Please refer to this before submission. Authors are strongly encouraged to use the Word template for ease of paper formatting.

Papers can be submitted to the conference paper management system here.All papers will be double-blind reviewed by at least three members of the Programme Committee. All accepted papers will be published in the Proceedings. Selected papers will be considered for publication in the main sponsoring journal, Information Management & Computer Security, and a Best Paper Award will be awarded by Emerald.

Important Dates

13 February 2012 Deadline for submission of papers

9 April 2012 Notification of paper acceptance

30 April 2012 Deadline for camera-ready paper submission

30 April 2012 Deadline for author registration