Program (2022)

Hosted by AIS SIGSEC and Bright Internet


WELCOME, SIGSEC President Obi Ogbanufe
8:50am—9:00am (Room B4 M5-6)

KEYNOTE ADDRESS Richard Baskerville, Regents’ Professor and Board of Advisors Professor in the Department of Computer Information Systems, J. Mack Robinson College of Business at Georgia State University
9:00am—9:50am (Room B4 M5-6)

9:50am—10:00am, Coffee Break

SESSION 1 Track A Organizational Issues in Cybersecurity | Chair: Matthew Jensen
10:00am—12:00am (Room B4 M5-6)

  • Cybersecurity Risk of Interfirm Cooperation: Alliance or Joint Venture? (complete) Huseyin Tanriverdi and Ghiyoung Im
  • Making Sense of Certification Internalization: A Process Model for Implementing Information Security and Data Protection Certifications (complete) Philipp Danylak, Sebastian Lins, Carol Hsu, and Ali Sunyaev
  • Factors Influencing the Organizational Decision to Outsource IT Security (complete) Antra Arshad, Atif Ahmad, and Sean B. Maynard
  • The Value Relevance of an Official Press Release of a Security Breach and Complementarities between the Content Elements of the Release (complete) Nirup Menon, Brian Ngac, and Fatou Diouf
  • A Role Theory Perspective: Will Shifting Left Become a Pain for Application Developers? (WIP) Hwee-Joo Kam and John D’Arcy

SESSION 1 Track B Cyber Threat Detection | Chair: Adeline Frenzel-Piasentin
10:00am—12:00am (Room B3 M7-8)

  • Will SOC Telemetry Data Improve Predictive Models of User Riskiness? A Work in Progress (WIP) Michael Curry, Byron Marshall, Forough Shadbad, and Sanghyun Hong
  • Too good for Malware: Investigating Effects of Entitlement on Cybersecurity Threat Assessment and Piracy Behavior (complete) Andy Bowman, Madhav Sharma, and David Biros
  • Blockchain Technologies and Forensic Challenges: Emergent Potential and Diverging Affordances (complete) Chadi Aoun
  • Progenitors and Antagonists of Shadow IT Use: Results of a computational-driven approach using Reddit data (complete) Animesh Kumar, Christoph Burtscher, and Andreas Eckhardt
  • Network Analysis of a Darknet Marketplace: Identifying Themes and Key Users of Illicit Networks (WIP) Obi Ogbanufe, Fallon Baucum, and Jasmine Benjamin


AWARD CEREMONY, Co-Chairs Shuyuan Mary Ho Metcalfe and Kane Smith
12:00pm—1:00pm (Room B4 M5-6)

SESSION 2 Track A Security Training and Compliance | Chair: Michael Curry
1:00pm—3:00pm (Room B4 M5-6)

  • Risk Compensation Behaviors on Cascaded Security Choices (WIP) Richard Henkenjohann and Manuel Trenz
  • Do Measures of Security Compliance Intent Equal Non-Compliance Scenario Agreement? (complete) Byron Marshall, Forough Shadbad, Michael Curry, and David Biros
  • Trading well-being for ISP compliance: An investigation of the positive and negative effects of SETA programs (WIP) Jalal Sarabadani, Robert E. Crossler, and John D’Arcy
  • Revisiting neutralization theory and its underlying assumptions to inspire future information security research (complete) Wael Soliman and Hojat Mohammadnazar
  • Choose Your Words Wisely! Understanding the Strategic Communication of Differential Privacy (complete) Aycan Aslan, Maike Greve, and Till Ole Diesterhöft

SESSION 2 Poster Slam Session | Chair: Andy Green
1:00pm—3:00pm (Room B3 M7-8)

  • Mapping Privacy Concern Research from 2011 to 2020: Co-word, Bibliographic coupling, and Co-citation analyses, Ruilin Zhu, Youyou Tao, and Ace Vo
  • Deception as Bias: Theory-based Data Pipeline Using Bayesian Networks, Ronit Purian-Lukatch and Natan Katz Katz
  • Fostering an Organizational Cybersecurity Culture: A Culture Identity Perspective, Kira Gedris, France Belanger, and Anthony Vance
  • Study of Privacy-Preserving Mechanisms in Contact Tracing Applications, Taimoor Ali Danish and Sergey Butakov
  • A Conceptual Model for the Development of an Information Security Culture of Policy Compliance to Improve Cyber-security Practices Within Small and Micro Enterprises (SMEs) in Developing Countries: Case: Jamaica, Nadine Barrett-Maitland and Kweku-Muata Osei-Bryson
  • Exploring the Dark Side of IT Security: Delphi Study on Business Processes’ Influencing Factors, Tizian Matschak, Ilja Nastjuk, Stephan Kühnel, and Simon Trang
  • The Role of Culture in Privacy Assurances for Mobile Cloud Computing Apps, Hamid Reza Nikkhah, Frederic Schlackl, and Rajiv Sabherwal
  • How is security training content provided? – A taxonomy-based approach to real-world SETA programs, Florian Rampold, Florian Schuetz, Julia Klein, and Kristin Masuch
  • Security of Internet of Things in Healthcare: A Systematic Literature Review, Arun Aryal and Crystal Wu
  • Vendor-Sided, Perceived Architectural and Outcome-Related Privacy Risks – Exploring Messaging Service Discontinuance, Verena Kessler Verzar, Adeline Frenzel-Piasentin, Jason B. Thatcher, and Daniel J. Veit
  • A Self-regulatory Framework of Security Fatigue: Antecedents and Implications on Security Behavior, Akanksha Malik, Sanjay Goel, and Shuchi Sinha
  • Harmonizing Espoused Privacy and Privacy Behavior: The Myth of the Privacy Paradox, Jingyi Huang, Sanjay Goel, Alan Dennis, and Kevin Williams
  • Value Based Objectives for Preventing Online Sex Trafficking, Smriti Srivastava and Gurpreet Dhillon

3:00pm—3:30pm, Coffee Break

PANEL DISCUSSION “Publishing Information Security and Privacy Research in Top Journals”
Panelists France Belanger (Virginia Tech), Alec Cram (University of Waterloo), Huigang Liang (University of Memphis), Mikko Siponen (University of Jyväskylä) | Moderator: Bryan Hammer
3:30pm—4:20pm (Room B4 M5-6)

4:20pm—4:30pm, Coffee Break

SESSION 3 Track A Policy and Regulatory Issues in Cybersecurity | Chair: Shuyuan Mary Ho Metcalfe
4:30pm—5:45pm (Room B4 M5-6)

  • Beyond Economic and Financial Analyses: A revelatory study of IT security investment decision-making process (complete) Rajiv Kohli, Suprateek Sarker, Mikko Siponen, Mari Karjalainen, and Xiuyan Shao
  • Introducing Conversational Explanations as a Novel Response Strategy to Data Breach Incidents in Digital Commerce (complete) Till Ole Diesterhöft, Dennis Benner, and Benjamin Brauer
  • Configuration and management of security procedures with dedicated ‘spa-lang’ domain language in security engineering (complete) Tomasz Krym, Aneta Poniszewska-Maranda, Łukasz Chomątek, and Jakub Chłapiński

SESSION 3 Track B Privacy and Information Disclosure | Chair: Christina Wagner
4:30pm—5:45pm (Room B3 M7-8)

  • Cookie Intermediaries: Does Competition Leads to More Privacy? Evidence from the Dark Web (complete) Arion Cheong, Tawei Wang, and Daniel Sokol
  • Exploring the Impact of Data Breaches and System Malfunctions on Users’ Safety and Privacy Perceptions in the Context of Autonomous Vehicles (WIP) Henrik Lechte and Jannes Heinrich Diedrich Menck
  • Perceived Privacy Violations through Information Sharing with External Parties – Diving into User Perceptions and Reactions (complete) Christina Wagner, Manuel Trenz, Chee-Wee Tan, and Daniel Veit

Shuyuan Mary Ho Metcalfe (CO-CHAIR), Florida State University
Kane Smith (CO-CHAIR), University of North Texas
Alvaro Arenas, IE University
Yves Barlette, Montpellier Business School
Rui Chen, Iowa State University
Wei-Lun Chang, National Taipei University of Technology
Michael Curry (SIGSEC Past President), Oregon State University
Gurpreet Dhillon, University of North Texas
Andreas Eckhardt, University of Innsbruck
Adeline Frenzel-Piasentin, University of Augsburg
Steven Furnell, University of Nottingham
Craig Horne, The University of Melbourne 
Matthew Jensen,  University of Oklahoma
Hwee-Joo Kam, University of Tampa
Dan J. Kim, University of North Texas
Herbert J. Mattord, Kennesaw State University
Obi Ogbanufe (SIGSEC President), University of North Texas
Daniel Pienta, Baylor University
Mia Plachkinova, Kennesaw State University
Paolo Spagnoletti, Libera Università Internazionale
Nishant Vishwamitra, University of Texas at San Antonio 
Christina Wagner, University of Augsburg
Tianjian Zhang, City University of Hong Kong

WISP will be held at the AC Hotel Bella Sky Copenhagen, Denmark, in conjunction with the International Conference on Information Systems (ICIS) 2022. Please register using the conference registration site (attendees may register for WISP alone).


Thanks to Oregon State University’s College of Business, Business Information Systems (BIS) Cybersecurity Management Program for its support of WISP.