Cyber Security and Information Intelligence Minitrack

Theme: Strategies to meet the challenges of cyber security and information intelligence

SYNOPSIS: Organizations of all types (business, academia, government, etc.) are facing risks resulting from their ever-increasing reliance on the information infrastructure. Decision and policy makers managing these risks are challenged by a lack of information intelligence concerning the risks and consequences of cyber events (e.g., Sarbanes-Oxley Act, HIPAA, and Gramm-Leach-Bliley ACT). They need to understand the implications of cyber security risks and solutions related to their information infrastructure and business. Risk management investment decisions should involve: (i) a comprehensive approach to cyber security risk management, (ii) credible appropriate data needed to support intelligent decisions, and (iii) assessment of the impacts resulting from the various investment alternatives. Sound, rational IT/business decisions require a comprehensive understanding of the dynamics of information intelligence and the likely effects of cyber security investment choices.

As our dependence on the cyber infrastructure grows ever larger, more complex and more distributed, the systems that compose it become more prone to failures and/or exploitation. Intelligence is information valued for its currency and relevance rather than its detail or accuracy (wiki). Information explosion describes the pervasive abundance of (public/private) information and the effects of such. Gathering, analyzing, and making use of information constitutes a business- / sociopolitical- / military-intelligence gathering activity and ultimately poses significant advantages and liabilities to the survivability of "our" society. The combination of increased vulnerability, increased stakes and increased threats make cyber security and information intelligence (CSII) one of the most important emerging challenges in the evolution of modern cyberspace "mechanization."

IMPORTANT GOALS: The aim of this minitrack is to discuss (and publish) novel theoretical and empirical research focused on (the many) different aspects of software security/dependability, because as we know, the heart of the cyber infrastructure is software. The scope of the minitrack covers a wide range of methodologies, techniques, and tools (i.e., applications) to: 1) assure, measure, estimate and predict software security/dependability, and 2) analyze and evaluate the impact of such applications on software security/dependability.

We encourage researchers and practitioners from a wide swath of professional areas (not only the programmers, designers, testers, and methodologists but also the users and risk managers) to participate so that we can better understand the needs (requirements), stakes and the context of the ever evolving cyber world; where software forms the core and security/dependability are crucial properties that must be built-in or baked on and maintained. Secure systems must be dependable and dependable systems fail if they are not secure. We look to software engineering to help provide us the products and methods to accomplish these goals.

NON-EXCLUSIVE TOPICS: We aim to challenge, establish and debate a far-reaching agenda that broadly and comprehensively outlines a strategy for cyber security and information intelligence that is founded on sound principles and technologies, including and not limited to:

√ Better precision in understanding existing and emerging vulnerabilities and threats.

√ Advances in insider threat detection, deterrence, mitigation and elimination.

√ Game-changing ventures, innovations and conundrums (e.g., quantum computing, QKD, phishing, malware market, botnet/DOS)

√ Assuring security, survivability and dependability of our critical infrastructures.

√ Assuring the availability of time-critical scalably secure systems, information provenance and security with privacy.

√ Observable/ measurable/ certifiable security claims, rather than hypothesized causes.

√ Methods that enable us to specify security requirements, formulate security claims, and certify security properties.

√ Mission fulfillment, whether or not security violations have taken place (rather than chasing all violations indiscriminately).

We must shift our focus away from winning battles, towards a strategy for winning the war by elevating trust in the mission and it's underlying critical infrastructures.

June 15: Authors submit full papers by this date. All papers will be submitted in double column publication format and limited to 10 pages including diagrams and references. HICSS papers undergo a double-blind review (June15 - August15).

August 15: Acceptance notices are sent to Authors. At this time, at least one author of an accepted paper should begin visa, fiscal and travel arrangements to attend the conference to present the paper.

September 15: Authors submit final version of papers following submission instructions posted here at the HICSS web site. At least one author of each paper must register by this date with specific plans to attend the conference.

October 2: Papers without at least one registered author will be pulled from the publication process; authors will be notified.

An individual may be listed as author or as a co-author on a maximum of 6 submitted papers. Authors may not be added after submission unless approved by the appropriate Track Chair. HICSS papers must contain original material not previously published, nor currently submitted elsewhere. Do not submit the manuscript to more than one Minitrack Chair. If you are unsure of which Minitrack is appropriate, please submit an abstract to the Track Chair(s) for guidance.

HICSS will conduct double-blind reviews of each submitted paper. Therefore, author name(s) are not to be included on the manuscript during the June 15 submission process.