Track 11: Security and Regulation: Cybersecurity, Privacy, and Trust- Protecting information and ensuring responsible technology use

Katina Michael, Arizona State University (ASU), USA

Glenn Withers, Australian National University (ANU), Australia

Greg Austin, Social Cyber Institute (SCI), Australia

Track Call

Cybersecurity, privacy and trust are the three fundamental pillars of the digital economy (Gritzalis et al., 2019). An organization wishing to do business online today must ensure that their products and processes are designed in a manner which embed these pillars as values and functional requirements from the outset, and not merely as added siloed bolt-ons. Cybersecurity, privacy and trust are not “nice-to-haves” in product and process design, they are essential elements that are related to the long-term ethics, responsibility and sustainability (ERS) of any organization (Laasch et al., 2023). As customers provide data through day-to-day transactions, and businesses rely on that data to make decisions, the expectation is that personal customer data and organizational business data remain secure (Michael et al., 2019). Cybersecurity is increasingly becoming a complex endeavor when we consider meshed chains in open socio-technical systems that are subject to vulnerabilities up and down-stream (Young, 2022; Austin and Withers, 2020; Paja et al., 2013). Regulations and the law also mandate that there must be a reason for customer data to be collected and used that has a direct relevance to business operations, and can only be done so with the consent of the individual. Retrospective use of that data, or data gathered without the consent of the individual is protected through laws. We are calling for papers that take a variety of approaches and methodologies at addressing the global cybersecurity and regulation challenge.

Track Areas

We thus invite the following topics for submissions in this track:

• The development of theoretical frameworks, and the conceptualisation of cybersecurity, privacy, trust and regulation within a risk context;
• Evolving models of cybersecurity to respond to increasingly complex threats posed by emerging technologies and the malicious use of computer technology for unauthorised access;
• New ways to qualify or quantify harms to citizens, costs to organizations, and the impact to national security as a result of cybersecurity breaches;
• Analysing emerging instruments in law and regulation for responsible technology impact assessment and utilisation, as regards human rights, child rights, social impact, risk, privacy and more, for their consistency and stakeholder responsiveness;
• Methods for addressing issues of cybercrime prevention, remediation and recovery, through monetary measurement of impact, including for privacy data breaches in large organisations and other impacts;
• Training of stakeholders and officials in ethical dimensions of cybersecurity policy including privacy and trust, to help guide their organisational change and policy development;
• Better understanding the threat that weak cybersecurity practices may pose in the metaverse for differing user types, from the erosion of privacy and respective intrusions to one’s trust in transacting in the virtual realm;
• Organizational responses to cybersecurity, privacy, trust, and regulation within a digital business context to reconceptualize cybersecurity awareness toward business transformation;
• Understanding responsibility for significant data breaches beyond regulatory compliance and penalties and toward a multi-stakeholder accountability solution;
• The ability to better assess emerging technologies such as artificial intelligence, machine learning and quantum computing and the role they will play to combat cybersecurity threats at the micro, meso, macro layers, as well as for new offensive attack vectors;

References

Austin, G. and Withers G., 2020, “Creating social cyber value as the broader goal”, in Austin, G. (ed), Cyber security education: principles and policies, Routledge, pp. 99-118.

Gritzalis, S., Weippl, E.R., Katsikas, S.K., Anderst-Kotsis, G., Tjoa, A. Min & Khalil, I. (eds) 2019, Trust, Privacy and Security in Digital Business 16th International Conference, TrustBus 2019, Linz, Austria, August 26–29, 2019, Proceedings 1st ed. 2019., Springer International Publishing, Cham.

Laasch, O., Moosmayer, D.C. and Antonacopoulou, E.P., 2023, “The interdisciplinary responsible management competence framework: an integrative review of ethics, responsibility, and sustainability competences”, Journal of Business Ethics, 187(4), pp. 733-757, https://doi.org/10.1007/s10551-022-05261-4.

Michael, K., Kobran, S., Abbas, R. and Hamdoun, S., 2019, “Privacy, Data Rights and Cybersecurity: Technology for Good in the Achievement of Sustainable Development Goals”, 2019 IEEE International Symposium on Technology and Society (ISTAS), Medford, MA, USA, 2019, pp. 1-13, https://doi.org/10.1109/ISTAS48451.2019.8937956.

Paja, E., Dalpiaz, F. and Giorgini, P., 2013. November, “Managing security requirements conflicts in socio-technical systems”, In: Ng, W., Storey, V.C. and Trujillo, J.C. (eds) Conceptual Modeling. ER 2013. Lecture Notes in Computer Science, 8217. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41924-9_23

Young, C.S., 2022, Cybercomplexity: a macroscopic view of cybersecurity risk, Springer, Cham, Switzerland.